coinst_8.97.100.3.dll - False Positive?

[petitlou67]

backdoor.frauder in amd catalyst 12.6 drivers

 

Hello,

 

advanced system care V5 when i start a quick tuning

 

detect one module of catalyst 12.6 installer

 

coinst_8.97.100.3.dll as backdoor.frauder with high risk

(see attached image file)

 

i think this is a false positive , i have asked amd about this, they are very astonished and have no website problem

 

what do you think ?

 

best regards

[enoskype]

Hi petitlou67,

 

Most probably false positive, but please upload the coinst_8.97.100.3.dll file to Virus Total and IObit Cloud and give the links for analyses in this thread.

 

Also upload the file to Wikisend and give the link here for download for IObit to futher investigate.

 

Cheers.

[petitlou67]

hello,

 

link wikisend http://wikisend.com/download/330954/coinst_8.97.100.3.dll

 

other in attachement

[ian pitman]

False positives

 

Malware Fighter reports a number of problems when I scan my hard drive which I know are false positives. However, when I use your program to produce a scan report and try to send it to you for analysis it won't upload. I get a dialog box saying that the file is invalid. These scan logs are in wordpad/txt formats so how come they are invalid? Is there any other way of reporting false postives to you? Thanks - Ian

 

 

EDIT: Please open a new thread in this section! (False Positive Reports by IObit Products)

[wozofoz]

How to report false positive

 

Malware Fighter reports a number of problems when I scan my hard drive which I know are false positives. However, when I use your program to produce a scan report and try to send it to you for analysis it won't upload. I get a dialog box saying that the file is invalid. These scan logs are in wordpad/txt formats so how come they are invalid? Is there any other way of reporting false postives to you? Thanks - Ian

Hi :smile:

Follow this procedure for IObit to further investigate it.

 

• Copy and paste the IObit Malware Fighter report in your next post

• Upload the software .exe to VirusTotal and supply the report link in your next post

• Also, ZIP the software .exe and upload it to Wikisend and supply the link in your next post

 

You can use THIS post as an example.

 

All the best, woz of oz

[Cicely]

Hi ian pitman,

 

Thanks for your feedbacks.

 

Please follow the steps by wozofoz to report false positive. With these information, we can look into it. If it is false postive, we will remove it asap.

 

Thanks wozofoz's timely and detailed guide. :wink:

 

Thanks for your cooperation in advance. :-D

[CKCustom]

are you including it all

 

Before reporting a false positive, please save a scan report first and post it here. This will help us know the detailed information about the scan result.

 

I have stuff on my server and computers that to you would be malware but it has to be written that way or it wont work correct. it is video compression files on the fly. I will go into deeper explanation privately if needed.

[Edward27821]

Is there a blog or other item which details how to do this?

[enoskype]

Hi Edward27821,

 

Please elaborate this in "how to do this?".

 

Do you mean:

1) Getting the IMF report log?

2) Uploading to VirusTotal and giving the analysis report link?

3) Uploading to Wikisend and giving the download link or attaching as a zip to a post?

4) Or, all of the 3 above?

 

Cheers.

[Edward27821]

#1 & #3

 

But first, Why would I need to?

[enoskype]

Hi Edward27821,

 

1) If IMF finds a malware and you suspect that it is not a malware, you can use to "Save Report" choice or use the "False Positive" link on the IMF result and copy the content of the report and post it in the False Positive Reports by IObit Products (this) section of the forum.

-Please see the attached image-

 

2) So, when you give the download link of the uploaded suspected malware file at Wikisend File Sharing Page, IObit will investigate after downloading the concerned file.

The uploaded file should be compressed as a .zip or .rar file (preferably password protected giving the password in the post or sending by Private Message -PM- to Cicely ), as uploading and downloading may be interupted by security measures.

 

If IObit finds out that the file is not a malware, they will correct their database accordingly and will give the # of the database that it is corrected.

One of the forum leaders will add [sOLVED by db 13xx] to the title of the specific thread of the Original Poster (OP), so everybody will be informed about the outcome and act accordingly.

 

Please shoot if there is more unclear point.

 

Cheers.

 

NOTE: I will move these concerned posts to How to report False Positive to us? thread after you reply to me.

There is also Guidelines and Requirements for Reporting a False Positive thread to look into for info.

[Edward27821]

Thank you.

I've bookmarked the links.

[JRodShop]

false positive (1).. Dvd Audio Ripper.exe

 

One false positive this morning using Smart Scan, and it found it twice. File is not attached. You ask that log file be saved and uploaded, but it appears .log file is not acceptable??

[enoskype]

Hi JRodShop, welcome to IObit Forums! :-D

 

Please copy the content of the log file and paste it to your next post as a thread using the New Threat button in False Positive Reports by IObit Products sub section of the forum with the title False Positive? - Dvd Audio Ripper.exe .

 

To check whether it is false positive, please supply IObit the following information:

 

• Upload the file that were reported as threat to VirusTotal and supply the report link in your next post mentioned above.

• Also, ZIP the file that were reported as threat and upload it to Wikisend and supply the link in your next post mentioned above.

 

You can use THIS post as an example.

 

Thanks in advance.