Announcement

Announcement Module
Collapse
No announcement yet.

Misleading.WindowsDefence GDIPFONTCACHEV1.DAT false positive? [SOLVED by db 1927]

Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Misleading.WindowsDefence GDIPFONTCACHEV1.DAT false positive? [SOLVED by db 1927]

    My IObit Security 360 found this during a full scan.

    Threats Found:1

    |Name|Type|Description|ID|
    Misleading.WindowsDefence, File, C:\Documents and Settings\Christina\Local Settings\Application Data\GDIPFONTCACHEV1.DAT, 4-31243


    I read that it's a possible fp that could be linked with an hp printer, but I don't use an hp printer. Should I remove this?

    Any help would be greatly appreciated.

    TY
    Last edited by Flutterby; Nov. 5th, 2010, 14:16.

  • #2
    Hi Flutterby :smile:

    That file has been present in Windows for years. It's a font cache .dat file.

    Most likely a false positive.

    A moderator will probably move this topic over to the False Positive section.

    ===
    Is it winter yet ?

    Comment


    • #3
      snap

      This file also came up on my quick scan today, running full scan now.

      same on full scan, i dont have any printers on my setup either.
      |Name|Type|Description|ID|
      Misleading.WindowsDefence, File, C:\Users\scrd100\Local Settings\Application Data\GDIPFONTCACHEV1.DAT, 4-31243
      Last edited by scrd01; Nov. 6th, 2010, 18:28. Reason: full scan detail
      if in doubt use a hammer

      Comment


      • #4
        Most probably false positive, but please follow the procedure in Guidelines and Requirements for Reporting a False Positive. thread.

        Upload the file to www.VirusTotal.com to give the report link here, and upload the file to www.wikisend.com to give the download link here for IObit to further investigate.

        Cheers.
        enoskype

        - Beauty lies in the eye of the beholder and belongs to the man who can appreciate it. -

        Comment


        • #5
          virus scan report

          Hi Enoskype,
          Virus scan came back clean,
          MD5 : c1259a609995dc3678b41a047a9aa85a
          SHA1 : 57b7a370c33dd32b73406def8934e6bee5121ee2
          SHA256: 94fa8964abc708e1f7d07d3b77a86ef34849e7b7927f91b1deb28fcc4b557975


          Roy
          if in doubt use a hammer

          Comment


          • #6
            False Positive on file GDIPFONTCACHEV1.DAT

            On November 5th, I updated the definition file and ran fulls scans on all of my PC's. These include WindowsXP-SP3, Windows Vista-SP2 both x32 and x64 and Winows 7 x64. All reported:

            Misleading.WindowsDefence on file GDIPFONTCACGEV1.DAT file.

            Here is the scan history report from one of the PC's

            IObit Security 360

            OS:Windows Vista
            Version:1.5.0.13
            Define Version:1924
            Time Elapsed:00:01:10
            Objects Scanned:49906
            Threats Found:1

            |Name|Type|Description|ID|
            Misleading.WindowsDefence - Quarantined, File, C:\Users\LeslieDBater_Admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT, 4-31243

            This file has been in Windows for years and has never been a problem.

            I also uploaded the file to VirusTotal and it ran against 42 different scan software and none of them found anything wrong.

            I hope that this gets corrected as soon as possible.

            Les Bater

            Comment


            • #7
              Originally posted by scrd01 View Post
              Hi Enoskype,
              Virus scan came back clean,
              MD5 : c1259a609995dc3678b41a047a9aa85a
              SHA1 : 57b7a370c33dd32b73406def8934e6bee5121ee2
              SHA256: 94fa8964abc708e1f7d07d3b77a86ef34849e7b7927f91b1deb28fcc4b557975


              Roy
              Hi scrd01

              Tanks for your feeback.
              You can send the file (GDIPFONTCACHEV1.DAT) to www.wikisend.com and give us the link.
              IObit Support Team

              Comment


              • #8
                I also received the same when I did a full scan just started a few days ago and was fine before that.What is the next step to removing this link.Thanks in advance for your help.

                Comment


                • #9
                  False Positive-same one everyday

                  IObit Security 360

                  OS:Windows 7
                  Version:1.5.0.10
                  Define Version:1926
                  Time Elapsed:00:02:30
                  Objects Scanned:50932
                  Threats Found:1

                  |Name|Type|Description|ID|
                  Misleading.WindowsDefence- Quarantined, File, C:\Users\Amber\Local Settings\Application Data\GDIPFONTCACHEV1.DAT, 4-31243

                  :?
                  _________________________________________________

                  I get this same false positive everyday. IObit Security 360 removes it, and Windows puts it back.
                  Please fix this. It is messing up my computer everyday when I start it.

                  Otherwise, I LOVE your products. :-D
                  SavedByGrace -Ephesians 2:8-9

                  Comment


                  • #10
                    Hi hxin,

                    I checked on my own machine and the file is there. I opened it and it is all fonts descriptions inside. As the file name suggests, it is a font cache file. Totally harmless.

                    Because it is a cache file, I'm thinking that size (and therefore checksum) will vary from region to region, from OS to OS, so if IS360 is targetting the file by name only, you can safely remove the detection.

                    ===
                    Is it winter yet ?

                    Comment


                    • #11
                      Hi all

                      This is a FP.We have sovled this issue in our definition version 1927.
                      PLS update.

                      cheers :lol:
                      IObit Support Team

                      Comment


                      • #12
                        False Positive

                        Originally posted by hxin View Post
                        This is a FP.We have sovled this issue in our definition version 1927.
                        PLS update.

                        cheers :lol:
                        Fixed.
                        Ran a scan and it came up clean.
                        Thank you for quick response!
                        8-):grin:
                        SavedByGrace -Ephesians 2:8-9

                        Comment


                        • #13
                          Question about false positive checking

                          Originally posted by enoskype View Post
                          Most probably false positive, but please follow the procedure in Guidelines and Requirements for Reporting a False Positive. thread.

                          Upload the file to www.VirusTotal.com to give the report link here, and upload the file to www.wikisend.com to give the download link here for IObit to further investigate.

                          Cheers.
                          I couldn't even open the file. I didn't remove it, but my computer said it didn't exist. I typed in the file name and it came up empty.
                          How can I upload the file to virustotal.com and wikisend.com when that happens? :???:
                          Last edited by wagygirl; Nov. 9th, 2010, 04:35. Reason: used the wrong wording
                          SavedByGrace -Ephesians 2:8-9

                          Comment


                          • #14
                            Hi wagygirl
                            Try writing this in run control.exe folders
                            control.exe folders Opens Folder Options (notice space between "exe folders")
                            In that window choose the tab Display - and under Advanced setting of Files and folders choose to have them shown - they are by default chosen to be hidden (they recommend it in ordinary circumstances) but then you can't see them and this is necessary in this situaton.
                            also choose to have hidden files and folders shown.
                            Try that and see if you can now find the file - by the way - as far as I remember I think there is a search option too that will find them - under advanced setting in Search you can ask it to search in hidden files and folders too.
                            Cheers
                            solbjerg

                            Originally posted by wagygirl View Post
                            I couldn't even open the file. I didn't remove it, but my computer said it didn't exist. I typed in the file name and it came up empty.
                            How can I upload the file to virustotal.com and wikisend.com when that happens? :???:
                            太阳山 (solbjerg)
                            Ceterum censeo Usage of IObit Products esse legendum
                            (Furthermore I think that Usage of IObit Products must be read)
                            Itemized subjects Table of content
                            In relation to defragmentation Think about defragmentation
                            Clean Install concept Clean Install
                            Introduction to the Forum Forum Guidelines

                            Comment


                            • #15
                              False Positive - how to check.

                              Originally posted by solbjerg View Post
                              Hi wagygirl
                              Try writing this in run control.exe folders
                              control.exe folders Opens Folder Options (notice space between "exe folders")
                              In that window choose the tab Display - and under Advanced setting of Files and folders choose to have them shown - they are by default chosen to be hidden (they recommend it in ordinary circumstances) but then you can't see them and this is necessary in this situaton.
                              also choose to have hidden files and folders shown.
                              Try that and see if you can now find the file - by the way - as far as I remember I think there is a search option too that will find them - under advanced setting in Search you can ask it to search in hidden files and folders too.
                              Cheers
                              solbjerg
                              Thank you so much. Now I will be prepared to help out, not just complain next time it happens :grin:
                              SavedByGrace -Ephesians 2:8-9

                              Comment

                              Working...
                              X