Announcement

Collapse
No announcement yet.

How to report False Positive to us?

Collapse
This topic is closed.
X
This is a sticky topic.
X
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • #16
    False Positives

    IObit Security 360

    OS:Windows XP
    Version:0.1.1.8
    Time:7/4/2009 12:47:02 AM

    |Name|Type|Description|
    Hijack.StartMenu, Registry Data, HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced Value=Start_ShowMyDocs
    Disabled.SecurityCenter, Registry Data, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center Value=AntiVirusDisableNotify
    Disabled.SecurityCenter, Registry Data, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center Value=FirewallDisableNotify
    Disabled.SecurityCenter, Registry Data, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center Value=UpdatesDisableNotify
    Trojan.Agent, File, C:\setup.exe
    Trojan.Agent, Registry Value, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings Value=bf
    Trojan.Agent, Registry Value, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings Value=bk
    Trojan.Agent, Registry Value, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings Value=iu
    Trojan.Agent, Registry Value, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings Value=mu
    Trojan.Agent, File, C:\install.exe

    Comment


    • #17
      Hi troimer
      Did you submit the report to VirusTotal?
      What was the result there?
      Cheers
      solbjerg


      Originally posted by troimer View Post
      IObit Security 360

      OS:Windows XP
      Version:0.1.1.8
      Time:7/4/2009 12:47:02 AM

      |Name|Type|Description|
      Hijack.StartMenu, Registry Data, HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced Value=Start_ShowMyDocs
      Disabled.SecurityCenter, Registry Data, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center Value=AntiVirusDisableNotify
      Disabled.SecurityCenter, Registry Data, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center Value=FirewallDisableNotify
      Disabled.SecurityCenter, Registry Data, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center Value=UpdatesDisableNotify
      Trojan.Agent, File, C:\setup.exe
      Trojan.Agent, Registry Value, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings Value=bf
      Trojan.Agent, Registry Value, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings Value=bk
      Trojan.Agent, Registry Value, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings Value=iu
      Trojan.Agent, Registry Value, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings Value=mu
      Trojan.Agent, File, C:\install.exe
      太阳山 (solbjerg)
      Ceterum censeo Usage of IObit Products esse legendum
      (Furthermore I think that Usage of IObit Products must be read)
      Itemized subjects Table of content
      In relation to defragmentation Think about defragmentation
      Clean Install concept Clean Install
      Introduction to the Forum Forum Guidelines

      Comment


      • #18
        I have found a false positive!

        That's the report:
        IObit Security 360

        OS:Windows XP
        Version:0.2.0.67
        Define Version:1068
        Time:17.07.2009 20:26:58

        |Name|Type|Description|ID|
        Hijack.Homepage, Registry Data, HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel Value=Homepage, 6-64
        Spyware.Banker, File, D:\John\Internet\[\url]www.saveyourpc.de.tl\Backup\DWebsiteBackup.exe[/url], 12-919
        Spyware.Banker, File, D:\John\Internet\[\url]www.saveyourpc.de.tl\Backup\EWebsiteBackup.exe[/url], 12-919
        Spyware.Banker, File, D:\John\Internet\[\url]www.saveyourpc.de.tl\Backup\GWebsiteBackup.exe[/url], 12-919
        It says my Website Backups, which I have made with WinRAR (I packed all my html documents to an "SFX archive") is a Spyware Banker. I uploaded you these backups if necessary, for analyzing further (you can download it here).

        Virustotal is telling me the backup archives are O.K.!

        DWebsiteBackup.exe
        http://www.virustotal.com/de/analisi...de6-1247855808

        EWebsiteBackup.exe
        http://www.virustotal.com/de/analisi...099-1247856069

        GWebsiteBackup.exe
        http://www.virustotal.com/de/analisi...2c7-1247856311
        Last edited by 333halfevil; Jul. 18th, 2009, 05:11. Reason: Links disabled.
        Every problem has a solution!

        Comment


        • #19
          sims3 virus? or not

          IObit Security 360

          OS:Windows Vista
          Version:0.1.1.8
          Time:7/17/2009 11:14:14 PM

          |Name|Type|Description|
          Spyware.Banker, File, C:\Users\Badcam3\Desktop\123boxxerssims3\The Sims 3\The Sims 3\bin.dll

          Comment


          • #20
            The following seems to be a false positive. The system would not allow for the below to be deleted.

            IObit Security 360

            OS:Windows XP
            Version:0.2.0.67
            Define Version:1069
            Time:7/18/2009 12:58:10 PM

            |Name|Type|Description|ID|
            Rogue.Cax, File, C:\WINDOWS\system32\msvcp60.dll, 10-13643

            Comment


            • #21
              False report... No keygens, cracks...

              IObit Security 360

              OS:Windows Vista
              Version:0.2.0.67
              Define Version:1069
              Time:19. 7. 2009 3:34:34

              |Name|Type|Description|ID|
              Backdoor.PopAdStop, File, C:\Program Files\OpenOffice.org 3\share\uno_packages\cache\stamp.sys, 10-7527
              Backdoor.PopAdStop, File, C:\Users\Bubo\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys, 10-7527
              Backdoor.PopAdStop, File, C:\Users\User\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys, 10-7527
              Win32.Virus.Installer, File, D:\Soft\vcredist_x86.exe, 10-6082
              Malware.Packer, File, D:\Soft\vispa.exe, 11-1
              Malware.Packer, File, D:\Soft\xpy.exe, 11-1
              Spyware.Banker, File, D:\Soft\TeamViewer\TeamViewer_cz.exe, 11-8802

              Comment


              • #22
                I'm not a malware pro, but I looked up the locations and descriptions of these files, and they don't seem to be "bad." Can you help me? Here is the copy of the file.




                IObit Security 360

                OS:Windows XP
                Version:0.2.0.67
                Define Version:1070
                Time:7/19/2009 10:40:50 AM

                |Name|Type|Description|ID|
                Adware.Ezula, File, C:\WINDOWS\$NtServicePackUninstall$\mnmsrvc.exe, 10-14104
                Win32.Virus.Cax, File, C:\WINDOWS\$NtServicePackUninstall$\services.exe, 10-7905
                Rogue.MsnSniffer, File, C:\WINDOWS\$NtUninstallKB959426$\kernel32.dll, 10-7351
                Rogue.MsnSniffer, File, C:\WINDOWS\ServicePackFiles\i386\kernel32.dll, 10-7351

                Comment


                • #23
                  comdlg32.OCX

                  Running Vista64

                  Scanned the file with VirusTotal, Jotti's malware scan and Virscan.org online and none of them found malware in it.

                  Grtz, Makios

                  (tried to attach the log-file but didn't work so here is the text:

                  IObit Security 360

                  OS:Windows Vista
                  Version:0.2.1.75
                  Define Version:1069
                  Time:19-7-2009 17:29:35

                  |Name|Type|Description|ID|
                  Rogue.Gen, File, C:\Windows\system32\comdlg32.OCX, 10-10121
                  )

                  Comment


                  • #24
                    Another False Positive, HijackThis is certainly not malware!!

                    IObit Security 360

                    OS:Windows XP
                    Version:0.2.1.75
                    Define Version:1070
                    Time:19.07.2009 18:58:24

                    |Name|Type|Description|ID|
                    Adware.Cax, File, D:\Schutzprogramme\Tools\HijackThis\HiJackThis.exe, 10-12283
                    HijackThis.exe 1/41 (2.44%)
                    http://www.virustotal.com/de/analisi...c2d-1248023160
                    Every problem has a solution!

                    Comment


                    • #25
                      DisableRegedit false positive

                      DisableRegedit false positive





                      The value is (0) ZERO in the Registry.
                      It would have been correct if the value was (1) ONE.
                      The Registry entry exists to be able to disable Regedit for security reasons.

                      Cheers.
                      enoskype

                      - Beauty lies in the eye of the beholder and belongs to the man who can appreciate it. -

                      Comment


                      • #26
                        IObit Security 360

                        OS:Windows XP
                        Version:0.2.1.75
                        Define Version:1069
                        Time:7/20/2009 12:01:04 PM

                        |Name|Type|Description|ID|
                        Adware.Ezula, File, C:\WINDOWS\system32\mnmsrvc.exe, 10-13951

                        Comment


                        • #27
                          I believe this are false positives.You can find GSA Security here, http://www.softpedia.com/get/Antivir...ity-2010.shtml
                          Last edited by SJSF; Jul. 20th, 2009, 23:44.

                          Comment


                          • #28
                            HijackThis FP

                            IObit Security 360
                            OS:Windows Vista
                            Version:0.2.1.75
                            Define Version:1073
                            Time:7/20/2009 5:40:32 PM
                            |Name|Type|Description|ID|
                            Adware.Cax, File, D:\_Disk A\Virus, Spyware & Security\HijackThis v2.0.2.exe, 9-57678

                            Comment


                            • #29
                              Originally posted by danburrito View Post
                              IObit Security 360

                              Adware.Cax, File, D:\_Disk A\Virus, Spyware & Security\HijackThis v2.0.2.exe, 9-57678
                              Confirmed.

                              IObit Security 360

                              OS:Windows XP
                              Version:0.2.1.75
                              Define Version:1071
                              Time:2009-07-20 06:36:05 PM

                              |Name|Type|Description|ID|
                              Adware.Cax, File, C:\Program Files\Trend Micro\hijackthis.exe, 10-12283
                              .
                              Malware Removal Assistance
                              Usage of IObit Products

                              Comment


                              • #30
                                Originally posted by danburrito View Post
                                IObit Security 360
                                OS:Windows Vista
                                Version:0.2.1.75
                                Define Version:1073
                                Time:7/20/2009 5:40:32 PM
                                |Name|Type|Description|ID|
                                Adware.Cax, File, D:\_Disk A\Virus, Spyware & Security\HijackThis v2.0.2.exe, 9-57678
                                Seems to be fixed with definitions version 1074.

                                Thanks, guys.

                                Comment

                                Working...
                                X