Announcement

Collapse
No announcement yet.

How to report False Positive to us?

Collapse
This topic is closed.
X
This is a sticky topic.
X
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • SmitfraudFix

    SmitfraudFix (I think they are false positives)



    IObit Security 360

    OS:Windows 7
    Version:1.1.0.30
    Define Version:1264
    Time Elapsed:00:36:21
    Objects Scanned:74810
    Threats Found:4

    |Name|Type|Description|ID|
    Tracking Cookies, Cookies, http://alert.services.conduit.com/Al...tFeedId=774738, 7-1744
    Tracking Cookies, Cookies, Cookie:stanley@atdmt.com/, 7-1543
    Keylogger.Ezurl, File, C:\Users\Stanley\Documents\Downloads\SmitfraudFix\Agent.OMZ.Fix.exe, 9-79861
    Spyware.Suspicious.Zlob, File, C:\Users\Stanley\Documents\Downloads\SmitfraudFix\o4Patch.exe, 9-87375



    Cheers.
    Usage of IObit Products
    Clean Install for IObit Softwares

    Comment


    • the new fraps version FP

      I think is a FP

      IObit Security 360

      OS:Windows Vista
      Versione:1.2.0.10
      Versione database:1276
      Tempo trascorso:00:00:00
      Oggetti analizzati:1
      Minacce rilevate:1

      | Nome | Tipo |Descrizione|ID|
      Agent.PWT, File, C:\Fraps\fraps.exe, 11-6247

      Comment


      • C:\install.exe is this false??

        IObit Security 360

        OS:Windows XP
        Version:1.2.0.10
        Define Version:1278
        Time Elapsed:00:05:03
        Objects Scanned:59144
        Threats Found:1

        |Name|Type|Description|ID|
        Trojan.Win32/Agent, File, C:\install.exe, 4-5587

        Comment


        • I have replied you HERE TopCat for the same issue.

          Cheers.
          enoskype

          - Beauty lies in the eye of the beholder and belongs to the man who can appreciate it. -

          Comment


          • my false is:

            datascrubber.exe is rootkit. ITS NOT ROOTKIT{SMARTPC SOLUTIONS} :lol:

            Comment


            • IObit Security 360

              OS:Windows Vista
              Version:1.3.0.10
              Define Version:1280
              Time Elapsed:00:10:55
              Objects Scanned:67939
              Threats Found:5

              |Name|Type|Description|ID|
              Trojan.DNSHijacker, Folder, C:\Program Files\BESTplayer, 3-2369
              Trojan.DNSHijacker, File, C:\Program Files\BESTplayer\BESTplayer.exe, 3-2369Tracking Cookies, Cookies, Cookie:system@m.webtrends.com/, 7-2222
              Tracking Cookies, Cookies, Cookie:wojtus@feedads0.googleadservices.com/~a/4_69kq3tyGUXtAIuyiZpVK9yzu0, 7-1856
              Tracking Cookies, Cookies, Cookie:wojtus@home.sopserv.com/, 7-2184


              BESTplayer is not a trojan, it is very good player from Poland :)
              bestplayer.com.pl/
              Last edited by solbjerg; Nov. 15th, 2009, 21:32. Reason: delinking

              Comment


              • Showing up again C:\install.exe

                IObit Security 360

                OS:Windows XP
                Version:1.3.0.10
                Define Version:1280
                Time Elapsed:00:05:17
                Objects Scanned:47630
                Threats Found:1

                |Name|Type|Description|ID|
                Trojan.Win32/Agent, File, C:\install.exe, 4-3221


                https://www.virustotal.com/analisis/...da2-1258266088

                File install.exe received on 2009.11.15 06:21:28 (UTC)
                Current status: finished

                Result: 0/40 (0.00%)
                Compact Print results
                Antivirus Version Last Update Result
                a-squared 4.5.0.41 2009.11.15 -
                AhnLab-V3 5.0.0.2 2009.11.13 -
                AntiVir 7.9.1.65 2009.11.13 -
                Antiy-AVL 2.0.3.7 2009.11.13 -
                Authentium 5.2.0.5 2009.11.14 -
                Avast 4.8.1351.0 2009.11.14 -
                AVG 8.5.0.425 2009.11.14 -
                BitDefender 7.2 2009.11.15 -
                CAT-QuickHeal 10.00 2009.11.13 -
                ClamAV 0.94.1 2009.11.15 -
                Comodo 2957 2009.11.15 -
                DrWeb 5.0.0.12182 2009.11.15 -
                eSafe 7.0.17.0 2009.11.12 -
                eTrust-Vet 35.1.7121 2009.11.14 -
                F-Prot 4.5.1.85 2009.11.14 -
                Fortinet 3.120.0.0 2009.11.15 -
                GData 19 2009.11.15 -
                Ikarus T3.1.1.74.0 2009.11.15 -
                Jiangmin 11.0.800 2009.11.12 -
                K7AntiVirus 7.10.896 2009.11.13 -
                Kaspersky 7.0.0.125 2009.11.15 -
                McAfee 5802 2009.11.14 -
                McAfee+Artemis 5802 2009.11.14 -
                McAfee-GW-Edition 6.8.5 2009.11.14 -
                Microsoft 1.5202 2009.11.14 -
                NOD32 4608 2009.11.14 -
                Norman 6.03.02 2009.11.14 -
                nProtect 2009.1.8.0 2009.11.15 -
                Panda 10.0.2.2 2009.11.14 -
                PCTools 7.0.3.5 2009.11.13 -
                Prevx 3.0 2009.11.15 -
                Rising 22.21.06.01 2009.11.15 -
                Sophos 4.47.0 2009.11.15 -
                Sunbelt 3.2.1858.2 2009.11.12 -
                Symantec 1.4.4.12 2009.11.15 -
                TheHacker 6.5.0.2.070 2009.11.14 -
                TrendMicro 9.0.0.1003 2009.11.15 -
                VBA32 3.12.10.11 2009.11.15 -
                ViRobot 2009.11.14.2037 2009.11.14 -
                VirusBuster 4.6.5.0 2009.11.14 -
                Additional information
                File size: 562688 bytes
                MD5 : 520a6d1cbcc9cf642c625fe814c93c58
                SHA1 : fb517abb38e9ccc67de411d4f18a9446c11c0923
                SHA256: 08966ce743aa1cbed0874933e104ef7b913188ecd8f0c679f7d8378516c51da2
                PEInfo: PE Structure information

                ( base data )
                entrypointaddress.: 0x3DFD8
                timedatestamp.....: 0x47316CA3 (Wed Nov 7 08:43:31 2007)
                machinetype.......: 0x14C (Intel I386)

                ( 4 sections )
                name viradd virsiz rawdsiz ntrpy md5
                .text 0x1000 0x7A61E 0x7A800 6.32 88fac12502838d99cc519cb108c0e318
                .data 0x7C000 0x798C 0x2200 3.40 f78c45748e6b7bcb33c43e9ea8ba0435
                .rsrc 0x84000 0xBD8 0xC00 4.62 3564f93ee7baa50d785f29ecb0888286
                .reloc 0x85000 0x97BC 0x9800 4.82 37ad37f70fa943e07c8139dc901c5c25

                ( 0 imports )


                ( 0 exports )

                TrID : File type identification
                InstallShield setup (46.1%)
                Win32 Executable MS Visual C++ (generic) (40.4%)
                Win32 Executable Generic (9.1%)
                Generic Win/DOS Executable (2.1%)
                DOS Executable Generic (2.1%)
                ThreatExpert: http://www.threatexpert.com/report.a...625fe814c93c58
                ssdeep: 12288:bpNWz8beHITmTmbA4yrRGsR5A5lcwFhpto/cT9aRzS:bpC/mbANrr5MiwFhDoET9t
                PEiD : -
                RDS : NSRL Reference Data Set

                Comment


                • Registries are not FP~~

                  IObit Security 360

                  OS:Windows 7
                  Version:1.3.0.10
                  Define Version:1280
                  Time Elapsed:00:43:04
                  Objects Scanned:79633
                  Threats Found:11

                  |Name|Type|Description|ID|
                  Tracking Cookies, Cookies, Cookie:stanley@atdmt.com/, 7-1543
                  Adware.MWS, Registry Key, HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d}, 5-77
                  Adware.MWS, Registry Key, HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca}, 5-398
                  Adware.MWS, Registry Key, HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca}, 5-399
                  Adware.MWS, Registry Key, HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca}, 5-401
                  Trojan.Win32/Vundo, Registry Key, HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0}, 5-3872
                  Keylogger.Ezurl, File, C:\Users\Stanley\Documents\Downloads\SmitfraudFix\Agent.OMZ.Fix.exe, 9-58252
                  Spyware.Suspicious.Zlob, File, C:\Users\Stanley\Documents\Downloads\SmitfraudFix\o4Patch.exe, 9-64107
                  Qhost.NOL, File, D:\Windows\SetSpkDefault.exe, 11-3173
                  Qhost.NOL, File, D:\Users\Stanley\Desktop\Windows 7 BackUp\Documents\Downloads\Drivers\Audio_Realtek_6.0.1.5470_Vistax86\Audio_Realtek_6.0.1.5470_Vistax86\SetSpkDefault\x86\SetSpkDefault.exe, 11-3173
                  This is a FP
                  VirusTotal


                  Edit: I decided to combine those 2 reports.

                  Cheers.
                  Last edited by Magic[Hunter]; Nov. 16th, 2009, 01:10. Reason: Registries are not FP~~
                  Usage of IObit Products
                  Clean Install for IObit Softwares

                  Comment


                  • Hi magic,

                    Just an example for you:

                    Registry.MyWebSearch Toolbar==>{56256a51-b582-467e-b8d4-7786eda79ae0}

                    Please check them in the web.

                    Cheers.
                    enoskype

                    - Beauty lies in the eye of the beholder and belongs to the man who can appreciate it. -

                    Comment


                    • Hey enoskype,


                      Thank you for the example!
                      Got to start learning got to look at registries :smile:

                      and this FP still exist:
                      Keylogger.Ezurl, File, C:\Users\Stanley\Documents\Downloads\SmitfraudFix\ Agent.OMZ.Fix.exe, 9-58252
                      Spyware.Suspicious.Zlob, File, C:\Users\Stanley\Documents\Downloads\SmitfraudFix\ o4Patch.exe, 9-64107

                      Cheers.
                      Usage of IObit Products
                      Clean Install for IObit Softwares

                      Comment


                      • Hi TopCat,

                        Did you check the signature of the install.exe from properties? Do you know to whom it belongs?

                        I had the same file, but it was the clutter left by Raxo after uninstall of PerfectDisk, so I deleted it.

                        Cheers.
                        enoskype

                        - Beauty lies in the eye of the beholder and belongs to the man who can appreciate it. -

                        Comment


                        • It bleongs to Microsoft Corporation
                          9.0.21022.8 built by: RTM
                          Install.exe
                          Microsoft® Visual Studio® 2008


                          I scanned it with AVG / Avira/ SAS/ MSE / all say its clean.
                          If I put it into a folder and scan with iobit 360 it
                          comes out clean.

                          Just did another scan after updating and nothing showed up
                          so I guess its been fixed??

                          Comment


                          • I think so, but what is install.exe doing in the Root folder, since the program is installed, and if not needed for uninstall?

                            Cheers.
                            enoskype

                            - Beauty lies in the eye of the beholder and belongs to the man who can appreciate it. -

                            Comment


                            • I googled it something to do with .net 2 why its there

                              The following command C:\install.exe performs a silent install of the Dotnetfx.exe redistributable Package Technical Reference Download locations for NET Framework 2.0 Final

                              dotnetfx.exe is a process belonging to Microsoft Windows which updates the .NET technology interface. This is a operating system core component update.

                              Comment


                              • PAF5\pstart.exe not a Matles.A dangerous program

                                Originally posted by Tim Xue View Post
                                Before reporting a false positive, please save a scan report first and post it here. This will help us know the detailed information about the scan result.
                                Here is my "false positive" I'm not sure how to make an "official report" if that is possible.
                                Matles.A C:\Program Files\FamilySearch\Paf5\pstart.exe

                                First of all, I have used the program "Personal Ancestral File" ver.5 for several years. It is NOT a virus/trojan/dangerous program. It is a free program placed by the Church of Jesus Christ of Latter Day Saints for genealogists of all faiths/demoninations...... I have not had any problems to date with this program and it does what it purports to do. Please remove this program from the warning list for Matles.A It is incorrect.

                                Short of a change in your programming to allow the PAF program, I will have to either find a work around for the program to continue working - or to remove your program from my computer as well as the many computers upon which I have installed your Security 360 program.

                                Thanks
                                Will Stamps
                                Stamps Technology Services
                                801-589-0435
                                willstamps@aim.com



                                Matles.A C:\Program Files\FamilySearch\Paf5\pstart.exe

                                Comment

                                Working...
                                X