How to report False Positive to us?

[Leeman]

Win32.Aliser still showing in def 1128

 

Hey Guys,

 

IOBit 360 Still shows the Win32.Aliser trojan in def 1128.

 

What is the Win32.Stanit file? False positive also. If I remove I no longer can bring up Taskmanager. IObit flags every time I try to start it.

 

Lee

 

IObit Security 360

 

OS:Windows XP

Version:0.3.1.20

Define Version:1128

Time:8/20/2009 7:01:09 PM

 

|Name|Type|Description|ID|

Tracking Cookies, Cookies, Cookie:owner@extras.expedia.com/, 7-1822

Tracking Cookies, Cookies, Cookie:owner@travelocity.com/, 7-2166

Tracking Cookies, Cookies, Cookie:owner@dm.travelocity.com/, 7-2166

Tracking Cookies, Cookies, Cookie:owner@expedia.com/, 7-1822

Win32.Aliser, File, C:\Program Files\Windows Media Player\dlimport.exe, 12-856

Win32.Stanit, File, C:\WINNT\system32\taskmgr.exe, 12-754

[Loki]

Three false positives. This is just limewires application and uninstaller programs

 

IObit Security 360

 

OS:Windows Vista

Version:0.3.1.20

Define Version:1128

Time:8/20/2009 11:43:05 PM

 

|Name|Type|Description|ID|

Dropper.Comet.AY, File, C:\Program Files (x86)\LimeWire\uninstall.exe, 12-400

Dropper.Comet.AY, File, C:\Program Files (x86)\LimeWire\.NetworkShare\LimeWireWin4.18.8.exe, 12-400

Dropper.Comet.AY, File, C:\Users\Loki\Downloads\LimeWireWin.exe, 12-400

[lostprophet]

False Positive

 

IObit Security 360

 

OS:Windows XP

Version:0.4.0.20

Define Version:1129

Time Elapsed:2009.08.21. 13:05:26

Objects Scanned:57598

Threats Found:1

 

|Name|Type|Description|ID|

Dropper.Banker, File, D:\cuccos\avg75free_524a1289.exe, 12-613

 

Well, Avira and Malwarebytes didn't find anything, so I must say, it's a false positive.

[petsie]

Almost sure, this is a FP

 

IObit Security 360

 

Betriebssystem:Windows 2000

Version:0.4.0.20

Definitionsversion:1130

Zeit:21.08.2009 18:40:55

Scan Objects:54845

Threats Found:1

 

|Name|Typ|Beschreibung|ID|

ADSPY.AdRotator, File, D:\Programme\NSIS Media Remover.exe, 12-464

 

Virustotal gives 0/41

[Melvin_Deal]

Poss False

 

Symantic file may be false pos.

 

IObit Security 360

 

OS:Windows Vista

Version:0.4.0.20

Define Version:1130

Time Elapsed:8/21/2009 6:41:57 PM

Objects Scanned:75470

Threats Found:2

 

|Name|Type|Description|ID|

Tracking Cookies, Cookies, Cookie:mel@apmebf.com/, 7-1648

Dropper.Banker, File, C:\Program Files\Symantec\LiveUpdate\LUSETUP.EXE, 12-623

[IGS]

is this False positive?

 

It is finding win32.aliser.8364 in outlook express?

 

IObit Security 360

 

OS:Windows XP

Version:0.3.1.20

Define Version:1127

Time:22/08/2009 11:24:45

 

|Name|Type|Description|ID|

Tracking Cookies, Cookies, Cookie:collin@quantserve.com/, 7-2077

Tracking Cookies, Cookies, Cookie:collin@real.com/, 7-1575

Tracking Cookies, Cookies, Cookie:collin@burstnet.com/, 7-1700

Tracking Cookies, Cookies, Cookie:collin@atdmt.com/, 7-1545

Tracking Cookies, Cookies, Cookie:collin@content.yieldmanager.com/ak/, 7-1542

Win32.Aliser.8364, File, C:\Program Files\outlook Express\setup50.exe, 12-528

[dFlyer]

False Positive

 

I believe this to be a false positive on the uninstall.exe file for Bibble 5. See attached file. For some reason it wouldn't attach a log file so converted to a txt file and attached it plus also pasted information.

 

IObit Security 360

 

OS:Windows Vista

Version:0.4.0.20

Define Version:1132

Time Elapsed:8/22/2009 10:46:52 AM

Objects Scanned:1

Threats Found:1

 

|Name|Type|Description|ID|

Trojan.Obfuscated, File, C:\Program Files\Bibble Labs\Bibble 5\uninstall.exe, 11-8741

[leofelix]

Arovax Shield is a trusted software

 

IObit Security 360

 

OS:Windows XP

Versione:0.4.0.20

Versione database:1132

Tempo trascorso:22/08/2009 21.18.43

Oggetti analizzati:72758

Minacce trovate:1

 

| Nome | Tipo |Descrizione|ID|

Adspy.VirusBurst.FV, File, C:\CDXP\antimalware\ashield_2_setup_103.exe, 12-410

 

---------

 

Even if no longer updated since 2007, Arovax Shield ( hxxp://www.arovaxshield.com/ ) is not spyware or other kind of malware

 

Virustotal response

[leofelix]

Win32.Aliser: dw.exe false positive

 

IObit Security 360

 

OS:Windows XP

Versione:0.4.0.20

Versione database:1132

Tempo trascorso:23/08/2009 3.08.22

Oggetti analizzati:62187

Minacce trovate:1

 

| Nome | Tipo |Descrizione|ID|

Win32.Aliser, File, C:\Programmi\MSN\MSNCoreFiles\dw.exe, 12-787

 

false positive this file is made by Microsoft

 

Virustotal response

[thomasa]

i really need help on this i can not reformat my pc it says it can not find mup.sys but i have it in my driver folder here the log

 

IObit Security 360

 

OS:Windows XP

Version:0.3.1.20

Define Version:1127

Time:8/20/2009 4:14:13 AM

 

|Name|Type|Description|ID|

Disabled.SecurityCenter - Removed, Registry Data, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center Value=UpdatesDisableNotify, 6-14

Win32.Aliser.8364 - Quarantined, File, C:\Program Files\Outlook Express\setup50.exe, 12-528

Win32.Aliser.8364 - Quarantined, File, C:\WINDOWS\$NtServicePackUninstall$\setup50.exe, 12-528

Win32.Stanit - Quarantined, File, C:\WINDOWS\$NtServicePackUninstall$\taskmgr.exe, 12-671

Win32.Aliser.8364 - Quarantined, File, C:\WINDOWS\ServicePackFiles\i386\setup50.exe, 12-528

Backdoor.Autorun - Quarantined, File, C:\WINDOWS\Debug\Setup\Backup\INTPPM_Backup.bak, 9-6052

Win32.Aliser.8364 - Quarantined, File, C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\migrate.exe, 12-955

Worm.Rbot - Quarantined, File, D:\I386\SYSTEM32\drivers\mup.sys, 12-599

Worm.Rbot - Quarantined, File, D:\MiniNT\system32\drivers\mup.sys, 12-599

Trojan.Spy - Quarantined, File, D:\I386\Apps\APP19901\src\install\Worldwide-Compaq\progfiles\Apps\hpuninstall.exe, 12-367

Trojan.Spy - Quarantined, File, D:\I386\Apps\APP19901\src\install\Worldwide-Compaq\progfiles\Apps\onplay.exe, 12-367

[enoskype]

Hi thomasa,

 

Restore all of them using the Restore button in Quarantine section.

Use the option in IS 360 not to start with Windows. Restart Windows without IS 360 3.1 starting in startup.

You are using an old definition file.

Download, install, update and use the new verion IS 360 RC. Scan again.

 

Report back please.

 

Cheers.

[leofelix]

i really need help on this i can not reformat my pc it says it can not find mup.sys but i have it in my driver folder here the log

 

Hi

please restore immediately mup.sys from quarantine.

mup.sys is a Microsoft legitimate driver, usually located into "C:\Windows\System32\drivers". and is not visible by default.

 

Even if the most of files detected by IOBit Security 360 RC seem to be false positive, please upload them to http://www.virustotal.com/ in order to check if they are really infected or not.

 

 

[EDIT to say] Sorry, I didn't notice that enoskype posted some seconds ago

[thomasa]

setup50.exe http://www.virustotal.com/analisis/3f2d885c2be50b1a1cf4d23204fc11141c8b74c749643e8281f9e65aefbb3c94-1250834073

 

taskmgr.exe http://www.virustotal.com/analisis/7c034751379a438929cc91a0c85ae49e2b25b4e89e13c4d7445533de61f0fb9a-1250983234

 

INTPPM_Backup.bak http://www.virustotal.com/analisis/fb5e512425fc9449316ec95969ebe71e2d576dbab833d61e2a5b9330fd70ee02-1249196873

 

migrate.exe http://www.virustotal.com/analisis/8c667f9559a6a403f91eeb3d9a0a402c1a00eee7825b58f324f2a98c726d1dc6-1250743709

[leofelix]

taskmgr.exe http://www.virustotal.com/analisis/7c034751379a438929cc91a0c85ae49e2b25b4e89e13c4d7445533de61f0fb9a-1250983234

 

 

They seems to be all false positive detections, so please remove the from quarantine.

 

However I noticed you uploaded to virustotal Tasku_Manageri.exe not taskmgr.exe.

 

Is Tasku_Manageri.exe the original file provided by Microsoft in your language?

[thomasa]

They seems to be all false positive detections, so please remove the from quarantine.

 

However I noticed you uploaded to virustotal Tasku_Manageri.exe not taskmgr.exe.

 

Is Tasku_Manageri.exe the original file provided by Microsoft in your language?

 

yea and i just want get this fix so it can run better what about these

 

http://img36.imageshack.us/i/93308563.jpg/

 

http://img248.imageshack.us/i/61362496.jpg/

 

http://img194.imageshack.us/i/29192227.jpg/

 

http://img44.imageshack.us/i/28023691.jpg/

[leofelix]

@ thomasa:

 

do you have a secondary external hard disk or a USB drive called D:\ maybe?

If so, please plug in you external HDD and try again

 

You may also have an hidden partition, in this case please read here and here to fix this issue

 

Hope it helps

[danburrito]

@ thomasa:

 

do you have a secondary external hard disk or a USB drive called D:\ maybe?

If so, please plug in you external HDD and try again

 

You may also have an hidden partition, in this case please read here and here to fix this issue

 

Hope it helps

 

 

If I had to guess, the D:\ drive contains restore files and others. HP/Compaq and Dell really like to do that.

[Harrysmiith]

IObit Security 360

 

OS:Windows XP

Version:0.4.0.20

Define Version:1136

Time Elapsed:2009/08/24 17:52:05

Objects Scanned:62225

Threats Found:1

 

|Name|Type|Description|ID|

Malware.Trace, Registry Key, HKEY_CLASSES_ROOT\WR, 4-21837

 

http://www.macropool.com/en/index.html

 

A legit program

[leofelix]

2 f.p and one possible f.p

 

IObit Security 360

 

OS:Windows XP

Versione:0.4.0.20

Versione database:1138

Tempo trascorso:26/08/2009 2.00.41

Oggetti analizzati:72758

Minacce rilevate:3

 

| Nome | Tipo |Descrizione|ID|

Dropper.Dldr, File, C:\a-disk\backup\1abcbckp.exe, 12-640

Dropper.Dldr, File, C:\a-XP\antimalware\Quttera\QutteraInstall0.2.1.0.34.exe, 12-646

Dropper.Dldr, File, C:\a-CD\Mzbackup148\MozBackup-1.4.8-EN.exe, 12-646

 

----------

 

1abcbckp.exe false positive:

 

File Info

 

Report generated: 26.8.2009 at 2.15.15 (GMT 1)

Filename: 1abcbckp.exe

File size: 331 KB

MD5 Hash: d5ee22bedfba173112590e4520bcdc20

SHA1 Hash: 71B957E734B376BA239DA131ECBB66F46FDF2D84

Self-Extract Archive: Nothing found

Binder Detector: Nothing found

Detection rate: 0 on 22

 

Detections

 

a-squared - -

Avira AntiVir - -

Avast - -

AVG - -

BitDefender - -

ClamAV - -

Comodo - -

Dr.Web - -

Ewido - -

F-PROT6 - -

Ikarus T3 - -

Kaspersky - -

McAfee - -

NOD32 v3 - -

Norman - -

Panda - -

QuickHeal - -

Solo Antivirus - -

Sophos - -

TrendMicro - -

VBA32 - -

VirusBuster - -

 

Scan report generated by

NoVirusThanks.org

 

------------

 

MozBackup-1.4.8-EN.exe false positive

VirusTotal Report CLEAN

 

 

-------

 

QutteraInstall0.2.1.0.34.exe possible false positive

 

 

VirusTotal report 4/40

 

 

hxxp://quttera.com/free/

 

"Quttera detects zero-day vulnerability exploits, shellcodes and potentially malicious executable code hidden in computer files such as movies, images, documents and etc."

[itobe]

fp

 

hi, leofelix

this FP has been solved, please update definition version of IS360 to 1139.

 

IObit Security 360

 

OS:Windows XP

Versione:0.4.0.20

Versione database:1138

Tempo trascorso:26/08/2009 2.00.41

Oggetti analizzati:72758

Minacce rilevate:3

 

| Nome | Tipo |Descrizione|ID|

Dropper.Dldr, File, C:\a-disk\backup\1abcbckp.exe, 12-640

Dropper.Dldr, File, C:\a-XP\antimalware\Quttera\QutteraInstall0.2.1.0.34.exe, 12-646

Dropper.Dldr, File, C:\a-CD\Mzbackup148\MozBackup-1.4.8-EN.exe, 12-646

 

----------

 

1abcbckp.exe false positive:

 

File Info

 

Report generated: 26.8.2009 at 2.15.15 (GMT 1)

Filename: 1abcbckp.exe

File size: 331 KB

MD5 Hash: d5ee22bedfba173112590e4520bcdc20

SHA1 Hash: 71B957E734B376BA239DA131ECBB66F46FDF2D84

Self-Extract Archive: Nothing found

Binder Detector: Nothing found

Detection rate: 0 on 22

 

Detections

 

a-squared - -

Avira AntiVir - -

Avast - -

AVG - -

BitDefender - -

ClamAV - -

Comodo - -

Dr.Web - -

Ewido - -

F-PROT6 - -

Ikarus T3 - -

Kaspersky - -

McAfee - -

NOD32 v3 - -

Norman - -

Panda - -

QuickHeal - -

Solo Antivirus - -

Sophos - -

TrendMicro - -

VBA32 - -

VirusBuster - -

 

Scan report generated by

NoVirusThanks.org

 

------------

 

MozBackup-1.4.8-EN.exe false positive

VirusTotal Report CLEAN

 

 

-------

 

QutteraInstall0.2.1.0.34.exe possible false positive

 

 

VirusTotal report 4/40

 

 

hxxp://quttera.com/free/

 

"Quttera detects zero-day vulnerability exploits, shellcodes and potentially malicious executable code hidden in computer files such as movies, images, documents and etc."

[TheJointChief]

PC Security Test 2007 - Kinda False Pos

 

Before reporting a false positive, please save a scan report first and post it here. This will help us know the detailed information about the scan result.

 

I didn't bother with the report, because your AV isn't the only one picking up this program's virus(s). This PC test program has 2-3 viruses ON PURPOSE, to test if your PC's AV/Firewall will block them or not, they are harmless, the author went to great trouble to explain this.

 

pcst2007us.zip

 

PC Security Test 2007.

 

So it's not so much a false positive, as an unneeded positive, if that makes sense. The virus IS there, but if your program removes it, the tests wont work anymore (because there is no longer a virus to test with).

 

-TJC

[enoskype]

Hi TheJointChief,

 

You can check "Quarantine treats when removing them" under Scan Settings in Options.

 

After that you can right click on them in Quarantine List and put them to the "Ignore List".

In that way, they will be seen by the other security software, but not by IS 360.

 

OR.

 

You can use the "Restore" button in Quarantine List to get them back in the original locations, if you want to test IS360 and other security software to find them again.

 

Cheers.

[AlexP]

Hello,

IObit Security 360

 

OS:Windows Vista

Version:0.4.0.20

Define Version:1140

Time Elapsed:8/27/2009 03:41:24

Objects Scanned:57713

Threats Found:74

 

|Name|Type|Description|ID|

Rogue.RegistryFix, File, C:\Program Files\RegistryFix7\logs\24-8-2009 (18-42-15).txt, 3-2957

Rogue.RegistryFix, File, C:\Program Files\RegistryFix7\logs\26-8-2009 (8-30-38).txt, 3-2957

Rogue.RegistryFix, File, C:\Program Files\RegistryFix7\RegistryFix7Backup\8,24,2009_18,52,48.cab, 3-2957

Rogue.RegistryFix, File, C:\Program Files\RegistryFix7\RegistryFix7Backup\8,26,2009_9,8,2.cab, 3-2957

Tracking Cookies, Cookies, Cookie:administrator@atdmt.com/, 7-1545

PHISH.FraudTool, File, C:\Users\Public\Desktop\TrendMicro_TIS_17.50_en-US_32-bit\Setup\Function\32bit\209\PccScan.dll, 12-1219

------------------------------------------------------

In my experience RegistryFix7 is a registry cleaner and unless it is proved to the opposite it is a false positive.

Similarly for the PccScan.dll file introduced by Trend Micro during an online scanning session for virus,malaware etc.

Now the last one can be deleted after the online session has ended.

What really bugs me is that cookie- administrator@atdmt.com It has been detected and deleted by my protection software several times but it keeps coming back!

Is this cookie by any chance relative to the automatic time domain setting of the clock at the task bar?

 

Looking forward to read your points of view.

[TheJointChief]

Hi TheJointChief,

 

You can check "Quarantine treats when removing them" under Scan Settings in Options.

 

After that you can right click on them in Quarantine List and put them to the "Ignore List".

In that way, they will be seen by the other security software, but not by IS 360.

 

OR.

 

You can use the "Restore" button in Quarantine List to get them back in the original locations, if you want to test IS360 and other security software to find them again.

 

Cheers.

 

Yea I know how to work around the issue, I would rather see them remove the "false positive" in the first place though, hence my reporting it here.

 

Thank you though :)

 

-TJC

[itobe]

|Name|Type|Description|ID|

Rogue.RegistryFix, File, C:\Program Files\RegistryFix7\logs\24-8-2009 (18-42-15).txt, 3-2957

Rogue.RegistryFix, File, C:\Program Files\RegistryFix7\logs\26-8-2009 (8-30-38).txt, 3-2957

Rogue.RegistryFix, File, C:\Program Files\RegistryFix7\RegistryFix7Backup\8,24,2009_18,52,48.cab, 3-2957

Rogue.RegistryFix, File, C:\Program Files\RegistryFix7\RegistryFix7Backup\8,26,2009_9,8,2.cab, 3-2957

Tracking Cookies, Cookies, Cookie:administrator@atdmt.com/, 7-1545

PHISH.FraudTool, File, C:\Users\Public\Desktop\TrendMicro_TIS_17.50_en-US_32-bit\Setup\Function\32bit\209\PccScan.dll, 12-1219

------------------------------------------------------

In my experience RegistryFix7 is a registry cleaner and unless it is proved to the opposite it is a false positive.

Similarly for the PccScan.dll file introduced by Trend Micro during an online scanning session for virus,malaware etc.

Now the last one can be deleted after the online session has ended.

What really bugs me is that cookie- administrator@atdmt.com It has been detected and deleted by my protection software several times but it keeps coming back!

Is this cookie by any chance relative to the automatic time domain setting of the clock at the task bar?

Looking forward to read your points of view.

 

hello AlexP,

 

first, please upload the file "PccScan.dll" to virustotal to make sure if it is a fp, and we will solve it as soon. much thanks.

 

plus, please check out the judgment from WOT which is the wellknown Internet security website: htttp://www.mywot.com/en/scorecard/RegistryFix.com

 

if u have further more doubts, everyone on board would help.

 

best regards