Jump to content
IObit Forum
Top Free Driver Updater Tools Best 25 PC Optimization Software Best 22 Antimalware Best 22 Uninstaller Software IObit Coupons & Discount Offers PC Optimizer

How to report False Positive to us?


Recommended Posts

Hello Everyone,

 

Before reporting false positives, please read the following guidelines and requirements, and provide us with the requested information as below:

 

1) Save a scan log first and post it here.

Please use the latest version of IObit Malware Fighter to run a scan. This will help us know the detailed information of the scan result.

 

Scan Log Example:

 

IObit Malware Fighter

 

OS: Windows 8

Version: 2.4.1.15

Define Version: 1383

Time Elapsed: 00:19:53

Objects Scanned: 66821

Threats Found: 1

Save Time: 20/10/2014 13:54:27

 

|Name|Type|Description|ID|

Trojan.Generic, FILE, C:\Program Files\tixati\errorreporter.exe, 4123518

 

2) Upload and scan the reported file (take errorreporter.exe for an example) mentioned in the scan log to Virus Total and give us the report link.

 

How to upload and scan a file at VirusTotal

 

Go to Virus Total

• Click Choose File

• On the left of the window that opens click My Computer

• Open (C:)

• Find the reported file according to the full path in the scan log

• Double click the file name, and it will disappear in the VirusTotal box.

• Click Scan it! and wait (you may be in a queue)

• When the scan has finished, copy the address from the address bar to post here.

 

3) Zip the reported file (take errorreporter.exe for an example) with password "infected", update it to Wikisend, and give us the download link.

Our specialists are unable to make a conclusive analysis without a sample.

 

Our IObit Specialist Team will do further investigation and reply to you with a result ASAP.

 

Thank you.

Link to comment
Share on other sites

  • Replies 354
  • Created
  • Last Reply

Top Posters In This Topic

False positive 1

 

Hello,

 

IObit Security 360

 

OS:Windows Vista

Version:0.1.0.31

Time:9/06/2009 17:01:00

 

|Name|Type|Description|

Misleading.SystemSecurity, File, C:\Users\gebruikers pc\Desktop\System Security Expert 2.9.appref-ms

 

- its a shortcut -

 

A False Positive on my own program.

"System Security Expert 2009" -Shortcut-

 

softpedia.com/get/System/Launchers-Shutdown-Tools/SYSBoost.shtml

Link to comment
Share on other sites

IObit Security 360

 

OS:Windows XP

Version:0.1.0.31

Time:6/9/2009 10:46:43 AM

 

|Name|Type|Description|

Tracking Cookies, Cookies, Cookie:compaq_owner@ad.yieldmanager.com/

Trojan.Downloader, File, C:\Program Files\Motorola Phone Tools\MPT_TEST_Info.exe

 

 

The motorola phone sync-software-ha-ha please don't take this I won't know which way to go

Link to comment
Share on other sites

Registryeasy Software ???????

 

Hello ,, IObit Security 360 is telling me that my REGISTRYEASY SOFTWARE is a Virus or Spyware .

 

Please download at http://www.registryeasy.com/

 

version 5.1

 

Serial # ---->> 6021-8BFC-5TUD-VOJ0

 

I hope you will download and run that software and then send me EMAIL ASAP to tell me if there are Bugs or Spam or something inside that Registry Checker software Because it is the one that I use the most to check and fix all my Registry problems .

 

 

Regards

Bill davis

 

davis287@yahoo.com

Link to comment
Share on other sites

Hello,

 

Using Windows 7 32bit, I know it may not be supported but I thought you may want to know what IObit found on my system. File was scanned at Virus Total and Jotti and no other scanner found anything suspicious.

 

IObit Security 360

 

OS:Windows 7

Version:0.1.0.31

Time:15/06/2009 9:10:29 PM

 

|Name|Type|Description|

Trojan.Agent, File, C:\Windows\system32\Winrpc32.dll

 

p.s. I have Nod32 v4 and PrevX and they don't detect anything either.

Link to comment
Share on other sites

Hello ,, IObit Security 360 is telling me that my REGISTRYEASY SOFTWARE is a Virus or Spyware .

 

Please download at http://www.registryeasy.com/

 

version 5.1

 

Serial # ---->> 6021-8BFC-5TUD-VOJ0

 

I hope you will download and run that software and then send me EMAIL ASAP to tell me if there are Bugs or Spam or something inside that Registry Checker software Because it is the one that I use the most to check and fix all my Registry problems .

 

 

Regards

Bill davis

 

davis287@yahoo.com

 

 

 

Please check my thread http://forums.iobit.com/showthread.php?p=17826#post17826

Link to comment
Share on other sites

Is reporting possible FP over Send Feedback enough?

 

Anyway:

 

WXP SP 3

 

Scan says this is a Trojan Agent - Smart Scan 10 min ago.

 

C:\WinXP.Activation.v1.1.Swedish.exe

 

If this is a FP - how long does it take before there is an update available that takes care of the FP?

 

Best Regards

Link to comment
Share on other sites

Registry Fix 7.1 is a false positive!!!

 

Before reporting a false positive, please save a scan report first and post it here. This will help us know the detailed information about the scan result.

 

I have previously reported this to you as feedback but received nothing helpful in response. The following is the last scan report from IObit 360:

 

IObit Security 360

 

OS:Windows XP

Version:0.1.1.8

Time:6/26/2009 12:35:49 PM

 

|Name|Type|Description|

Rogue.RegistryFix, File, C:\Program Files\RegistryFix7\logs\26-6-2009 (12-13-56).txt

Rogue.RegistryFix, File, C:\Program Files\RegistryFix7\logs\26-6-2009 (12-16-17).txt

Rogue.RegistryFix, File, C:\Program Files\RegistryFix7\logs\26-6-2009 (9-58-55).txt

Rogue.RegistryFix, File, C:\Program Files\RegistryFix7\RegistryFix7Backup\6,26,2009_10,9,11.cab

 

I have contacted the folks at Registry Fix and they have said that they have attempted to contact you about this issue. They have assured me that their program contains no malware. I have tested for it with other prominent detection tools and yours is the only one that shows Registry Fix 7.1 to be rouge-ware. Please consider removing Registry Fix 7.1 from your list of malware. Otherwise, explain your rationale and justify why you categorized it as such. Thanks.

 

CAS

Link to comment
Share on other sites

I have previously reported this to you as feedback but received nothing helpful in response. The following is the last scan report from IObit 360:

 

IObit Security 360

 

OS:Windows XP

Version:0.1.1.8

Time:6/26/2009 12:35:49 PM

 

|Name|Type|Description|

Rogue.RegistryFix, File, C:\Program Files\RegistryFix7\logs\26-6-2009 (12-13-56).txt

Rogue.RegistryFix, File, C:\Program Files\RegistryFix7\logs\26-6-2009 (12-16-17).txt

Rogue.RegistryFix, File, C:\Program Files\RegistryFix7\logs\26-6-2009 (9-58-55).txt

Rogue.RegistryFix, File, C:\Program Files\RegistryFix7\RegistryFix7Backup\6,26,2009_10,9,11.cab

 

I have contacted the folks at Registry Fix and they have said that they have attempted to contact you about this issue. They have assured me that their program contains no malware. I have tested for it with other prominent detection tools and yours is the only one that shows Registry Fix 7.1 to be rouge-ware. Please consider removing Registry Fix 7.1 from your list of malware. Otherwise, explain your rationale and justify why you categorized it as such. Thanks.

 

CAS

 

This is a correct detection and is a rogue program. Remove immediately :neutral:

Link to comment
Share on other sites

Bfd....

 

I believe it is a Rogue program. I went to download it and Avira stopped me saying its a Trojan, it said this, TR/Fake.RegFix. And if Avira says it I believe it. And of course a person that puts a product out will say its clean to sell it.

 

Interestingly, Avast allows it without any problem! So does Windows Defender, AdAware, and SpyBot.

Link to comment
Share on other sites

Interestingly, Avast allows it without any problem! So does Windows Defender, AdAware, and SpyBot.

 

Well Avast isn't to bad but cant detect as well as Avira. As for the others I wouldn't bother with them. I can say that I got an email just the other day where Avira got some big award for 100% detection rating. Spybot is ok but I perfer MalwareBytes over it. My main programs I use are Avira Free, MalwareBytes, and SuperAntiSpyware. I have been checking out IObit Security 360 lately and it could take the place of MalwareBytes, thats how good it seems.

Link to comment
Share on other sites

False positive reported on uninstaller package from Indigo Rose Corporation

 

Here's the Report:

 

IObit Security 360

 

OS:Windows XP

Version:0.1.1.8

Time:6/26/2009 11:21:07 PM

 

|Name|Type|Description|

Unwanted.SpywareVanisher, File, C:\WINDOWS\iun6002.exe

 

I looked around and found several sites that say this program should be ok, including a forum thread on Indigo Rose's site itself.

 

Here are a couple links:

 

http://www.file.net/process/iun6002.exe.html

 

http://www.indigorose.com/forums/showthread.php?t=4718

 

Interestingly, here's a link to what looks like a reputable site, but it says the file is most likely spyware. Not sure what to make of that.

 

http://www.auditmypc.com/process/iun6002.asp

 

Ok, that's all I've got. Hope it helps a little bit.

 

Thanks and have a great one.

Link to comment
Share on other sites

False Positives from Jaduratna?

 

Upon installing IObit Security 360 and scanning my hard disks it reported Three things the first two I do not understand ?

 

Hijack.StartMenu, Registry Data, HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced Value=Start_ShowSearch

Hijack.StartMenu, Registry Data, HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced Value=Start_ShowMyDocs

 

I have opted for: search & MyDocs not to be shown on my start menu, and they dont, please could you free me from my ignorance and explain what these mean?

 

the other states:

 

Spyware.OnlineGames, File, C:\Program Files\lxarscan.dll

 

this file is for a Lexmark Printer and I have scanned this file with Avira Antivir & Avast & AVG none of which find anything amiss with this file, I do find it hard to believe that the only 3 things found infected are all false positives.

 

any help would be gratefully recieved, thankyou

Link to comment
Share on other sites

False Positives

 

IObit Security 360

 

OS:Windows XP

Version:0.1.1.8

Time:7/4/2009 12:47:02 AM

 

|Name|Type|Description|

Hijack.StartMenu, Registry Data, HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced Value=Start_ShowMyDocs

Disabled.SecurityCenter, Registry Data, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center Value=AntiVirusDisableNotify

Disabled.SecurityCenter, Registry Data, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center Value=FirewallDisableNotify

Disabled.SecurityCenter, Registry Data, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center Value=UpdatesDisableNotify

Trojan.Agent, File, C:\setup.exe

Trojan.Agent, Registry Value, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings Value=bf

Trojan.Agent, Registry Value, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings Value=bk

Trojan.Agent, Registry Value, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings Value=iu

Trojan.Agent, Registry Value, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings Value=mu

Trojan.Agent, File, C:\install.exe

Link to comment
Share on other sites

Hi troimer

Did you submit the report to VirusTotal?

What was the result there?

Cheers

solbjerg

 

 

IObit Security 360

 

OS:Windows XP

Version:0.1.1.8

Time:7/4/2009 12:47:02 AM

 

|Name|Type|Description|

Hijack.StartMenu, Registry Data, HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced Value=Start_ShowMyDocs

Disabled.SecurityCenter, Registry Data, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center Value=AntiVirusDisableNotify

Disabled.SecurityCenter, Registry Data, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center Value=FirewallDisableNotify

Disabled.SecurityCenter, Registry Data, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center Value=UpdatesDisableNotify

Trojan.Agent, File, C:\setup.exe

Trojan.Agent, Registry Value, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings Value=bf

Trojan.Agent, Registry Value, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings Value=bk

Trojan.Agent, Registry Value, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings Value=iu

Trojan.Agent, Registry Value, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings Value=mu

Trojan.Agent, File, C:\install.exe

Link to comment
Share on other sites

  • 2 weeks later...

I have found a false positive!

 

That's the report:

IObit Security 360

 

OS:Windows XP

Version:0.2.0.67

Define Version:1068

Time:17.07.2009 20:26:58

 

|Name|Type|Description|ID|

Hijack.Homepage, Registry Data, HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel Value=Homepage, 6-64

Spyware.Banker, File, D:\John\Internet\[\url]www.saveyourpc.de.tl\Backup\DWebsiteBackup.exe[/url], 12-919

Spyware.Banker, File, D:\John\Internet\[\url]www.saveyourpc.de.tl\Backup\EWebsiteBackup.exe[/url], 12-919

Spyware.Banker, File, D:\John\Internet\[\url]www.saveyourpc.de.tl\Backup\GWebsiteBackup.exe[/url], 12-919

 

It says my Website Backups, which I have made with WinRAR (I packed all my html documents to an "SFX archive") is a Spyware Banker. I uploaded you these backups if necessary, for analyzing further (you can download it here).

 

Virustotal is telling me the backup archives are O.K.!

 

DWebsiteBackup.exe

http://www.virustotal.com/de/analisis/3e4e514dbd359c1d4b2f1149fb71ff88b20285cc6da4dd4fa21b199595ac9de6-1247855808

 

EWebsiteBackup.exe

http://www.virustotal.com/de/analisis/605fb3fb4796f420da27ce5c73fa0e245f103d5cb34e43f8ea717dc85772c099-1247856069

 

GWebsiteBackup.exe

http://www.virustotal.com/de/analisis/a5f70acf7ed3075757039ca72d52f4b8205afeff538634c93b9b1f6ddf1322c7-1247856311

Link to comment
Share on other sites

The following seems to be a false positive. The system would not allow for the below to be deleted.

 

IObit Security 360

 

OS:Windows XP

Version:0.2.0.67

Define Version:1069

Time:7/18/2009 12:58:10 PM

 

|Name|Type|Description|ID|

Rogue.Cax, File, C:\WINDOWS\system32\msvcp60.dll, 10-13643

Link to comment
Share on other sites

False report... No keygens, cracks...

 

IObit Security 360

 

OS:Windows Vista

Version:0.2.0.67

Define Version:1069

Time:19. 7. 2009 3:34:34

 

|Name|Type|Description|ID|

Backdoor.PopAdStop, File, C:\Program Files\OpenOffice.org 3\share\uno_packages\cache\stamp.sys, 10-7527

Backdoor.PopAdStop, File, C:\Users\Bubo\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys, 10-7527

Backdoor.PopAdStop, File, C:\Users\User\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys, 10-7527

Win32.Virus.Installer, File, D:\Soft\vcredist_x86.exe, 10-6082

Malware.Packer, File, D:\Soft\vispa.exe, 11-1

Malware.Packer, File, D:\Soft\xpy.exe, 11-1

Spyware.Banker, File, D:\Soft\TeamViewer\TeamViewer_cz.exe, 11-8802

Link to comment
Share on other sites

I'm not a malware pro, but I looked up the locations and descriptions of these files, and they don't seem to be "bad." Can you help me? Here is the copy of the file.

 

 

 

 

IObit Security 360

 

OS:Windows XP

Version:0.2.0.67

Define Version:1070

Time:7/19/2009 10:40:50 AM

 

|Name|Type|Description|ID|

Adware.Ezula, File, C:\WINDOWS\$NtServicePackUninstall$\mnmsrvc.exe, 10-14104

Win32.Virus.Cax, File, C:\WINDOWS\$NtServicePackUninstall$\services.exe, 10-7905

Rogue.MsnSniffer, File, C:\WINDOWS\$NtUninstallKB959426$\kernel32.dll, 10-7351

Rogue.MsnSniffer, File, C:\WINDOWS\ServicePackFiles\i386\kernel32.dll, 10-7351

Link to comment
Share on other sites

comdlg32.OCX

 

Running Vista64

 

Scanned the file with VirusTotal, Jotti's malware scan and Virscan.org online and none of them found malware in it.

 

Grtz, Makios

 

(tried to attach the log-file but didn't work so here is the text:

 

IObit Security 360

 

OS:Windows Vista

Version:0.2.1.75

Define Version:1069

Time:19-7-2009 17:29:35

 

|Name|Type|Description|ID|

Rogue.Gen, File, C:\Windows\system32\comdlg32.OCX, 10-10121 )

Link to comment
Share on other sites

Another False Positive, HijackThis is certainly not malware!!

 

IObit Security 360

 

OS:Windows XP

Version:0.2.1.75

Define Version:1070

Time:19.07.2009 18:58:24

 

|Name|Type|Description|ID|

Adware.Cax, File, D:\Schutzprogramme\Tools\HijackThis\HiJackThis.exe, 10-12283

 

HijackThis.exe 1/41 (2.44%)

http://www.virustotal.com/de/analisis/3c253bfd385c7f245f3c6131e58cbe22c0d03073a828b9938f923f00562d7c2d-1248023160

Link to comment
Share on other sites

DisableRegedit false positive

 

DisableRegedit false positive

 

 

http://forums.iobit.com/attachment.php?attachmentid=1093&d=1248024702

 

 

The value is (0) ZERO in the Registry.

It would have been correct if the value was (1) ONE.

The Registry entry exists to be able to disable Regedit for security reasons.

 

Cheers.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share


×
×
  • Create New...