Announcement

Collapse
No announcement yet.

How to report False Positive to us?

Collapse
This topic is closed.
X
This is a sticky topic.
X
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • #91
    @ thomasa:

    do you have a secondary external hard disk or a USB drive called D:\ maybe?
    If so, please plug in you external HDD and try again

    You may also have an hidden partition, in this case please read here and here to fix this issue

    Hope it helps
    Last edited by leofelix; Aug. 23rd, 2009, 22:24.

    Comment


    • #92
      Originally posted by leofelix View Post
      @ thomasa:

      do you have a secondary external hard disk or a USB drive called D:\ maybe?
      If so, please plug in you external HDD and try again

      You may also have an hidden partition, in this case please read here and here to fix this issue

      Hope it helps

      If I had to guess, the D:\ drive contains restore files and others. HP/Compaq and Dell really like to do that.

      Comment


      • #93
        IObit Security 360

        OS:Windows XP
        Version:0.4.0.20
        Define Version:1136
        Time Elapsed:2009/08/24 17:52:05
        Objects Scanned:62225
        Threats Found:1

        |Name|Type|Description|ID|
        Malware.Trace, Registry Key, HKEY_CLASSES_ROOT\WR, 4-21837

        http://www.macropool.com/en/index.html

        A legit program

        Comment


        • #94
          2 f.p and one possible f.p

          IObit Security 360

          OS:Windows XP
          Versione:0.4.0.20
          Versione database:1138
          Tempo trascorso:26/08/2009 2.00.41
          Oggetti analizzati:72758
          Minacce rilevate:3

          | Nome | Tipo |Descrizione|ID|
          Dropper.Dldr, File, C:\a-disk\backup\1abcbckp.exe, 12-640
          Dropper.Dldr, File, C:\a-XP\antimalware\Quttera\QutteraInstall0.2.1.0.34.exe, 12-646
          Dropper.Dldr, File, C:\a-CD\Mzbackup148\MozBackup-1.4.8-EN.exe, 12-646

          ----------

          1abcbckp.exe false positive:

          File Info

          Report generated: 26.8.2009 at 2.15.15 (GMT 1)
          Filename: 1abcbckp.exe
          File size: 331 KB
          MD5 Hash: d5ee22bedfba173112590e4520bcdc20
          SHA1 Hash: 71B957E734B376BA239DA131ECBB66F46FDF2D84
          Self-Extract Archive: Nothing found
          Binder Detector: Nothing found
          Detection rate: 0 on 22

          Detections

          a-squared - -
          Avira AntiVir - -
          Avast - -
          AVG - -
          BitDefender - -
          ClamAV - -
          Comodo - -
          Dr.Web - -
          Ewido - -
          F-PROT6 - -
          Ikarus T3 - -
          Kaspersky - -
          McAfee - -
          NOD32 v3 - -
          Norman - -
          Panda - -
          QuickHeal - -
          Solo Antivirus - -
          Sophos - -
          TrendMicro - -
          VBA32 - -
          VirusBuster - -

          Scan report generated by
          NoVirusThanks.org


          ------------

          MozBackup-1.4.8-EN.exe false positive

          VirusTotal Report CLEAN



          -------

          QutteraInstall0.2.1.0.34.exe possible false positive


          VirusTotal report 4/40


          hxxp://quttera.com/free/

          "Quttera detects zero-day vulnerability exploits, shellcodes and potentially malicious executable code hidden in computer files such as movies, images, documents and etc."

          Comment


          • #95
            fp

            hi, leofelix
            this FP has been solved, please update definition version of IS360 to 1139.

            Originally posted by leofelix View Post
            IObit Security 360

            OS:Windows XP
            Versione:0.4.0.20
            Versione database:1138
            Tempo trascorso:26/08/2009 2.00.41
            Oggetti analizzati:72758
            Minacce rilevate:3

            | Nome | Tipo |Descrizione|ID|
            Dropper.Dldr, File, C:\a-disk\backup\1abcbckp.exe, 12-640
            Dropper.Dldr, File, C:\a-XP\antimalware\Quttera\QutteraInstall0.2.1.0.34.exe, 12-646
            Dropper.Dldr, File, C:\a-CD\Mzbackup148\MozBackup-1.4.8-EN.exe, 12-646

            ----------

            1abcbckp.exe false positive:

            File Info

            Report generated: 26.8.2009 at 2.15.15 (GMT 1)
            Filename: 1abcbckp.exe
            File size: 331 KB
            MD5 Hash: d5ee22bedfba173112590e4520bcdc20
            SHA1 Hash: 71B957E734B376BA239DA131ECBB66F46FDF2D84
            Self-Extract Archive: Nothing found
            Binder Detector: Nothing found
            Detection rate: 0 on 22

            Detections

            a-squared - -
            Avira AntiVir - -
            Avast - -
            AVG - -
            BitDefender - -
            ClamAV - -
            Comodo - -
            Dr.Web - -
            Ewido - -
            F-PROT6 - -
            Ikarus T3 - -
            Kaspersky - -
            McAfee - -
            NOD32 v3 - -
            Norman - -
            Panda - -
            QuickHeal - -
            Solo Antivirus - -
            Sophos - -
            TrendMicro - -
            VBA32 - -
            VirusBuster - -

            Scan report generated by
            NoVirusThanks.org


            ------------

            MozBackup-1.4.8-EN.exe false positive

            VirusTotal Report CLEAN



            -------

            QutteraInstall0.2.1.0.34.exe possible false positive


            VirusTotal report 4/40


            hxxp://quttera.com/free/

            "Quttera detects zero-day vulnerability exploits, shellcodes and potentially malicious executable code hidden in computer files such as movies, images, documents and etc."
            IObit Support Team--Any ideas or suggestions? Please kindly share with us...Thanx

            Comment


            • #96
              PC Security Test 2007 - Kinda False Pos

              Originally posted by Tim Xue View Post
              Before reporting a false positive, please save a scan report first and post it here. This will help us know the detailed information about the scan result.
              I didn't bother with the report, because your AV isn't the only one picking up this program's virus(s). This PC test program has 2-3 viruses ON PURPOSE, to test if your PC's AV/Firewall will block them or not, they are harmless, the author went to great trouble to explain this.

              pcst2007us.zip

              PC Security Test 2007.

              So it's not so much a false positive, as an unneeded positive, if that makes sense. The virus IS there, but if your program removes it, the tests wont work anymore (because there is no longer a virus to test with).

              -TJC
              Last edited by TheJointChief; Aug. 28th, 2009, 02:43. Reason: typos/title

              Comment


              • #97
                Hi TheJointChief,

                You can check "Quarantine treats when removing them" under Scan Settings in Options.

                After that you can right click on them in Quarantine List and put them to the "Ignore List".
                In that way, they will be seen by the other security software, but not by IS 360.

                OR.

                You can use the "Restore" button in Quarantine List to get them back in the original locations, if you want to test IS360 and other security software to find them again.

                Cheers.
                enoskype

                - Beauty lies in the eye of the beholder and belongs to the man who can appreciate it. -

                Comment


                • #98
                  Hello,
                  IObit Security 360

                  OS:Windows Vista
                  Version:0.4.0.20
                  Define Version:1140
                  Time Elapsed:8/27/2009 03:41:24
                  Objects Scanned:57713
                  Threats Found:74

                  |Name|Type|Description|ID|
                  Rogue.RegistryFix, File, C:\Program Files\RegistryFix7\logs\24-8-2009 (18-42-15).txt, 3-2957
                  Rogue.RegistryFix, File, C:\Program Files\RegistryFix7\logs\26-8-2009 (8-30-38).txt, 3-2957
                  Rogue.RegistryFix, File, C:\Program Files\RegistryFix7\RegistryFix7Backup\8,24,2009_18,52,48.cab, 3-2957
                  Rogue.RegistryFix, File, C:\Program Files\RegistryFix7\RegistryFix7Backup\8,26,2009_9,8,2.cab, 3-2957
                  Tracking Cookies, Cookies, Cookie:administrator@atdmt.com/, 7-1545
                  PHISH.FraudTool, File, C:\Users\Public\Desktop\TrendMicro_TIS_17.50_en-US_32-bit\Setup\Function\32bit\209\PccScan.dll, 12-1219
                  ------------------------------------------------------
                  In my experience RegistryFix7 is a registry cleaner and unless it is proved to the opposite it is a false positive.
                  Similarly for the PccScan.dll file introduced by Trend Micro during an online scanning session for virus,malaware etc.
                  Now the last one can be deleted after the online session has ended.
                  What really bugs me is that cookie- administrator@atdmt.com It has been detected and deleted by my protection software several times but it keeps coming back!
                  Is this cookie by any chance relative to the automatic time domain setting of the clock at the task bar?

                  Looking forward to read your points of view.

                  Comment


                  • #99
                    Originally posted by enoskype View Post
                    Hi TheJointChief,

                    You can check "Quarantine treats when removing them" under Scan Settings in Options.

                    After that you can right click on them in Quarantine List and put them to the "Ignore List".
                    In that way, they will be seen by the other security software, but not by IS 360.

                    OR.

                    You can use the "Restore" button in Quarantine List to get them back in the original locations, if you want to test IS360 and other security software to find them again.

                    Cheers.
                    Yea I know how to work around the issue, I would rather see them remove the "false positive" in the first place though, hence my reporting it here.

                    Thank you though :)

                    -TJC

                    Comment


                    • Originally posted by AlexP View Post
                      |Name|Type|Description|ID|
                      Rogue.RegistryFix, File, C:\Program Files\RegistryFix7\logs\24-8-2009 (18-42-15).txt, 3-2957
                      Rogue.RegistryFix, File, C:\Program Files\RegistryFix7\logs\26-8-2009 (8-30-38).txt, 3-2957
                      Rogue.RegistryFix, File, C:\Program Files\RegistryFix7\RegistryFix7Backup\8,24,2009_18,52,48.cab, 3-2957
                      Rogue.RegistryFix, File, C:\Program Files\RegistryFix7\RegistryFix7Backup\8,26,2009_9,8,2.cab, 3-2957
                      Tracking Cookies, Cookies, Cookie:administrator@atdmt.com/, 7-1545
                      PHISH.FraudTool, File, C:\Users\Public\Desktop\TrendMicro_TIS_17.50_en-US_32-bit\Setup\Function\32bit\209\PccScan.dll, 12-1219
                      ------------------------------------------------------
                      In my experience RegistryFix7 is a registry cleaner and unless it is proved to the opposite it is a false positive.
                      Similarly for the PccScan.dll file introduced by Trend Micro during an online scanning session for virus,malaware etc.
                      Now the last one can be deleted after the online session has ended.
                      What really bugs me is that cookie- administrator@atdmt.com It has been detected and deleted by my protection software several times but it keeps coming back!
                      Is this cookie by any chance relative to the automatic time domain setting of the clock at the task bar?
                      Looking forward to read your points of view.
                      hello AlexP,

                      first, please upload the file "PccScan.dll" to virustotal to make sure if it is a fp, and we will solve it as soon. much thanks.

                      plus, please check out the judgment from WOT which is the wellknown Internet security website: htttp://www.mywot.com/en/scorecard/RegistryFix.com

                      if u have further more doubts, everyone on board would help.

                      best regards
                      Last edited by itobe; Aug. 27th, 2009, 07:38.
                      IObit Support Team--Any ideas or suggestions? Please kindly share with us...Thanx

                      Comment


                      • My False Positive reports

                        IObit Security 360

                        OS:Windows 7
                        Version:0.4.0.20
                        Define Version:1142
                        Time Elapsed:8/28/2009 12:57:27 AM
                        Objects Scanned:55231
                        Threats Found:1

                        |Name|Type|Description|ID|
                        Tracking Cookies - Removed, Cookies, Cookie:johan@atdmt.com/, 7-1545

                        ..tyvm :wink:

                        Comment


                        • Hi Johan,

                          That is not a false positive.

                          Cheers.
                          enoskype

                          - Beauty lies in the eye of the beholder and belongs to the man who can appreciate it. -

                          Comment


                          • IObit Security 360

                            OS:Windows XP
                            Version:0.4.0.20
                            Define Version:1142
                            Time Elapsed:8/28/2009 2:36:11 AM
                            Objects Scanned:65549
                            Threats Found:5

                            |Name|Type|Description|ID|
                            Spyware.OnlineGames, File, D:\G - Unot\Programs\Trainers\TRAINER.EXE, 11-78
                            Spyware.OnlineGames, File, D:\Movies\PROGRAMS\TRAINERS\TRAINER.EXE, 11-78
                            Trojan.Backdoor, File, D:\G - Unot\Programs\Reflexive\02_ALL_R\FFF_REFL.EXE, 9-36099
                            Trojan.Backdoor - Quarantined, File, D:\Movies\PROGRAMS\REFLEXIV\02_ALL_R\FFF_REFL.EXE, 9-36099
                            Trojan.Dldr, File, D:\Program Files\Garena\plugins\Game\WC3VC.dll, 12-914

                            Comment


                            • Originally posted by westside_game View Post
                              IObit Security 360
                              |Name|Type|Description|ID|
                              Spyware.OnlineGames, File, D:\G - Unot\Programs\Trainers\TRAINER.EXE, 11-78
                              Spyware.OnlineGames, File, D:\Movies\PROGRAMS\TRAINERS\TRAINER.EXE, 11-78
                              Trojan.Backdoor, File, D:\G - Unot\Programs\Reflexive\02_ALL_R\FFF_REFL.EXE, 9-36099
                              Trojan.Backdoor - Quarantined, File, D:\Movies\PROGRAMS\REFLEXIV\02_ALL_R\FFF_REFL.EXE, 9-36099
                              Trojan.Dldr, File, D:\Program Files\Garena\plugins\Game\WC3VC.dll, 12-914
                              hi westside_game,
                              Sorry, the False Positives troubled you.
                              however, please send the suspicious files to virustotal to make sure they do are false positives. (also you could PM to me)
                              thanks a lot.
                              best regards
                              IObit Support Team--Any ideas or suggestions? Please kindly share with us...Thanx

                              Comment


                              • ??????????????????

                                Sorry for being stupid. This pops up on my screen when I click on my Macrium Reflect program. I do have a clue what this is or what it means. It looks like 360 is trying to tell me some thing. Thank you.[garybear}

                                Comment

                                Working...
                                X