Announcement

Collapse
No announcement yet.

How to report False Positive to us?

Collapse
This topic is closed.
X
This is a sticky topic.
X
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • #76
    Win32.Aliser still showing in def 1128

    Hey Guys,

    IOBit 360 Still shows the Win32.Aliser trojan in def 1128.

    What is the Win32.Stanit file? False positive also. If I remove I no longer can bring up Taskmanager. IObit flags every time I try to start it.

    Lee

    IObit Security 360

    OS:Windows XP
    Version:0.3.1.20
    Define Version:1128
    Time:8/20/2009 7:01:09 PM

    |Name|Type|Description|ID|
    Tracking Cookies, Cookies, Cookie:owner@extras.expedia.com/, 7-1822
    Tracking Cookies, Cookies, Cookie:owner@travelocity.com/, 7-2166
    Tracking Cookies, Cookies, Cookie:owner@dm.travelocity.com/, 7-2166
    Tracking Cookies, Cookies, Cookie:owner@expedia.com/, 7-1822
    Win32.Aliser, File, C:\Program Files\Windows Media Player\dlimport.exe, 12-856
    Win32.Stanit, File, C:\WINNT\system32\taskmgr.exe, 12-754

    Comment


    • #77
      Three false positives. This is just limewires application and uninstaller programs

      IObit Security 360

      OS:Windows Vista
      Version:0.3.1.20
      Define Version:1128
      Time:8/20/2009 11:43:05 PM

      |Name|Type|Description|ID|
      Dropper.Comet.AY, File, C:\Program Files (x86)\LimeWire\uninstall.exe, 12-400
      Dropper.Comet.AY, File, C:\Program Files (x86)\LimeWire\.NetworkShare\LimeWireWin4.18.8.exe, 12-400
      Dropper.Comet.AY, File, C:\Users\Loki\Downloads\LimeWireWin.exe, 12-400

      Comment


      • #78
        False Positive

        IObit Security 360

        OS:Windows XP
        Version:0.4.0.20
        Define Version:1129
        Time Elapsed:2009.08.21. 13:05:26
        Objects Scanned:57598
        Threats Found:1

        |Name|Type|Description|ID|
        Dropper.Banker, File, D:\cuccos\avg75free_524a1289.exe, 12-613

        Well, Avira and Malwarebytes didn't find anything, so I must say, it's a false positive.

        Comment


        • #79
          Almost sure, this is a FP

          IObit Security 360

          Betriebssystem:Windows 2000
          Version:0.4.0.20
          Definitionsversion:1130
          Zeit:21.08.2009 18:40:55
          Scan Objects:54845
          Threats Found:1

          |Name|Typ|Beschreibung|ID|
          ADSPY.AdRotator, File, D:\Programme\NSIS Media Remover.exe, 12-464

          Virustotal gives 0/41

          Comment


          • #80
            Poss False

            Symantic file may be false pos.

            IObit Security 360

            OS:Windows Vista
            Version:0.4.0.20
            Define Version:1130
            Time Elapsed:8/21/2009 6:41:57 PM
            Objects Scanned:75470
            Threats Found:2

            |Name|Type|Description|ID|
            Tracking Cookies, Cookies, Cookie:mel@apmebf.com/, 7-1648
            Dropper.Banker, File, C:\Program Files\Symantec\LiveUpdate\LUSETUP.EXE, 12-623


            Comment


            • #81
              is this False positive?

              It is finding win32.aliser.8364 in outlook express?

              IObit Security 360

              OS:Windows XP
              Version:0.3.1.20
              Define Version:1127
              Time:22/08/2009 11:24:45

              |Name|Type|Description|ID|
              Tracking Cookies, Cookies, Cookie:collin@quantserve.com/, 7-2077
              Tracking Cookies, Cookies, Cookie:collin@real.com/, 7-1575
              Tracking Cookies, Cookies, Cookie:collin@burstnet.com/, 7-1700
              Tracking Cookies, Cookies, Cookie:collin@atdmt.com/, 7-1545
              Tracking Cookies, Cookies, Cookie:collin@content.yieldmanager.com/ak/, 7-1542
              Win32.Aliser.8364, File, C:\Program Files\outlook Express\setup50.exe, 12-528

              Comment


              • #82
                False Positive

                I believe this to be a false positive on the uninstall.exe file for Bibble 5. See attached file. For some reason it wouldn't attach a log file so converted to a txt file and attached it plus also pasted information.

                IObit Security 360

                OS:Windows Vista
                Version:0.4.0.20
                Define Version:1132
                Time Elapsed:8/22/2009 10:46:52 AM
                Objects Scanned:1
                Threats Found:1

                |Name|Type|Description|ID|
                Trojan.Obfuscated, File, C:\Program Files\Bibble Labs\Bibble 5\uninstall.exe, 11-8741

                Comment


                • #83
                  Arovax Shield is a trusted software

                  IObit Security 360

                  OS:Windows XP
                  Versione:0.4.0.20
                  Versione database:1132
                  Tempo trascorso:22/08/2009 21.18.43
                  Oggetti analizzati:72758
                  Minacce trovate:1

                  | Nome | Tipo |Descrizione|ID|
                  Adspy.VirusBurst.FV, File, C:\CDXP\antimalware\ashield_2_setup_103.exe, 12-410

                  ---------

                  Even if no longer updated since 2007, Arovax Shield ( hxxp://www.arovaxshield.com/ ) is not spyware or other kind of malware

                  Virustotal response
                  Last edited by leofelix; Aug. 22nd, 2009, 21:43.

                  Comment


                  • #84
                    Win32.Aliser: dw.exe false positive

                    IObit Security 360

                    OS:Windows XP
                    Versione:0.4.0.20
                    Versione database:1132
                    Tempo trascorso:23/08/2009 3.08.22
                    Oggetti analizzati:62187
                    Minacce trovate:1

                    | Nome | Tipo |Descrizione|ID|
                    Win32.Aliser, File, C:\Programmi\MSN\MSNCoreFiles\dw.exe, 12-787

                    false positive this file is made by Microsoft

                    Virustotal response

                    Comment


                    • #85
                      i really need help on this i can not reformat my pc it says it can not find mup.sys but i have it in my driver folder here the log

                      IObit Security 360

                      OS:Windows XP
                      Version:0.3.1.20
                      Define Version:1127
                      Time:8/20/2009 4:14:13 AM

                      |Name|Type|Description|ID|
                      Disabled.SecurityCenter - Removed, Registry Data, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center Value=UpdatesDisableNotify, 6-14
                      Win32.Aliser.8364 - Quarantined, File, C:\Program Files\Outlook Express\setup50.exe, 12-528
                      Win32.Aliser.8364 - Quarantined, File, C:\WINDOWS\$NtServicePackUninstall$\setup50.exe, 12-528
                      Win32.Stanit - Quarantined, File, C:\WINDOWS\$NtServicePackUninstall$\taskmgr.exe, 12-671
                      Win32.Aliser.8364 - Quarantined, File, C:\WINDOWS\ServicePackFiles\i386\setup50.exe, 12-528
                      Backdoor.Autorun - Quarantined, File, C:\WINDOWS\Debug\Setup\Backup\INTPPM_Backup.bak, 9-6052
                      Win32.Aliser.8364 - Quarantined, File, C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\migrate.exe, 12-955
                      Worm.Rbot - Quarantined, File, D:\I386\SYSTEM32\drivers\mup.sys, 12-599
                      Worm.Rbot - Quarantined, File, D:\MiniNT\system32\drivers\mup.sys, 12-599
                      Trojan.Spy - Quarantined, File, D:\I386\Apps\APP19901\src\install\Worldwide-Compaq\progfiles\Apps\hpuninstall.exe, 12-367
                      Trojan.Spy - Quarantined, File, D:\I386\Apps\APP19901\src\install\Worldwide-Compaq\progfiles\Apps\onplay.exe, 12-367
                      Windows XP Home Edition Service Pack 3
                      Y!TunnelPro Version 2.5 Build 504
                      Yahoo! Messenger Version 10.0.0 Build 331
                      Internet Explorer Version 7.0.5730.13
                      Cable
                      Windows Firewall
                      TrojanHunter Version 5.1 Build 975
                      Netgear Router
                      SUPERAntiSpyware Professional Version 4.27 Build 1002
                      Packed Driver Detector Version 0.9
                      IObit Security 360 RC
                      Advanced SystemCare
                      Avira AntiVir Control Center
                      Registry Mechanic Version 8.0.0 Build 906
                      HijackThis Version 2.0 Build 2

                      Comment


                      • #86
                        Hi thomasa,

                        Restore all of them using the Restore button in Quarantine section.
                        Use the option in IS 360 not to start with Windows. Restart Windows without IS 360 3.1 starting in startup.
                        You are using an old definition file.
                        Download, install, update and use the new verion IS 360 RC. Scan again.

                        Report back please.

                        Cheers.
                        enoskype

                        - Beauty lies in the eye of the beholder and belongs to the man who can appreciate it. -

                        Comment


                        • #87
                          Originally posted by thomasa View Post
                          i really need help on this i can not reformat my pc it says it can not find mup.sys but i have it in my driver folder here the log
                          Hi
                          please restore immediately mup.sys from quarantine.
                          mup.sys is a Microsoft legitimate driver, usually located into "C:\Windows\System32\drivers". and is not visible by default.

                          Even if the most of files detected by IOBit Security 360 RC seem to be false positive, please upload them to http://www.virustotal.com/ in order to check if they are really infected or not.


                          [EDIT to say] Sorry, I didn't notice that enoskype posted some seconds ago
                          Last edited by leofelix; Aug. 23rd, 2009, 16:04.

                          Comment


                          • #88
                            setup50.exe http://www.virustotal.com/analisis/3...c94-1250834073

                            taskmgr.exe http://www.virustotal.com/analisis/7...b9a-1250983234

                            INTPPM_Backup.bak http://www.virustotal.com/analisis/f...e02-1249196873

                            migrate.exe http://www.virustotal.com/analisis/8...dc6-1250743709
                            Windows XP Home Edition Service Pack 3
                            Y!TunnelPro Version 2.5 Build 504
                            Yahoo! Messenger Version 10.0.0 Build 331
                            Internet Explorer Version 7.0.5730.13
                            Cable
                            Windows Firewall
                            TrojanHunter Version 5.1 Build 975
                            Netgear Router
                            SUPERAntiSpyware Professional Version 4.27 Build 1002
                            Packed Driver Detector Version 0.9
                            IObit Security 360 RC
                            Advanced SystemCare
                            Avira AntiVir Control Center
                            Registry Mechanic Version 8.0.0 Build 906
                            HijackThis Version 2.0 Build 2

                            Comment


                            • #89
                              Originally posted by thomasa View Post
                              They seems to be all false positive detections, so please remove the from quarantine.

                              However I noticed you uploaded to virustotal Tasku_Manageri.exe not taskmgr.exe.

                              Is Tasku_Manageri.exe the original file provided by Microsoft in your language?

                              Comment


                              • #90
                                Originally posted by leofelix View Post
                                They seems to be all false positive detections, so please remove the from quarantine.

                                However I noticed you uploaded to virustotal Tasku_Manageri.exe not taskmgr.exe.

                                Is Tasku_Manageri.exe the original file provided by Microsoft in your language?
                                yea and i just want get this fix so it can run better what about these

                                http://img36.imageshack.us/i/93308563.jpg/

                                http://img248.imageshack.us/i/61362496.jpg/

                                http://img194.imageshack.us/i/29192227.jpg/

                                http://img44.imageshack.us/i/28023691.jpg/
                                Windows XP Home Edition Service Pack 3
                                Y!TunnelPro Version 2.5 Build 504
                                Yahoo! Messenger Version 10.0.0 Build 331
                                Internet Explorer Version 7.0.5730.13
                                Cable
                                Windows Firewall
                                TrojanHunter Version 5.1 Build 975
                                Netgear Router
                                SUPERAntiSpyware Professional Version 4.27 Build 1002
                                Packed Driver Detector Version 0.9
                                IObit Security 360 RC
                                Advanced SystemCare
                                Avira AntiVir Control Center
                                Registry Mechanic Version 8.0.0 Build 906
                                HijackThis Version 2.0 Build 2

                                Comment

                                Working...
                                X