How to report False Positive to us?

[itobe]

Hijack.DisplayProperties, Registry Data, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer Value=NoActiveDesktopChanges, 6-56

 

hi friends,

 

here is a reference of solving the problem above: If you are running Vista then this is a false positive and should be added to the Ignore List.

 

Even in XP this detection isn't actually malware, it's a setting that is often modified by malware to prevent changing the desktop settings.

 

If you've removed it, then just restore it from quarantine and the next time you scan, just add it to the ignore list.

 

BTW, if someone can not find it from quarantine any more, donot worry, you can navigate to here (u'd better somewhat comfortable with the registry):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges

change it back to 1 instead of 0.

 

cheers

[rjrandy79]

I wanted to remove the notification area from my desktop but after following the steps below and run iobit securit 360 smart scan i might receive false positive report...

 

here it is:

 

How to Remove The Notification Area In Windows XP Pro

 

1.Click on the START button in your task bar and select RUN from the menu.

 

2.Type “gpedit.msc” (for General Policy Editor) in the box for the file name and click “Okay”. Note: do not type the quotation marks.

 

3.Once the General Policy Editor file has loaded, click to expand the “Administrative Template”, and then click to select the Start menu and Task bar.

 

4.From the options on the screen, locate and click to select the “Hide the Notification Area”. Right-click it and select “Properties”.

 

5.In the Properties option window, click “Enable” and then click “Okay” to save your changes. The next time you log onto your machine, the Notification Area will be gone.

 

This is the report after following that steps and scan my computer with oibit.

IObit Security 360

 

OS:Windows XP

Version:1.0.0.60

Define Version:1183

Time Elapsed:00:00:30

Objects Scanned:9141

Threats Found:1

 

|Name|Type|Description|ID|

Hijack.Tray - Removed, Registry Data, HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer Value=NoTrayItemsDisplay, 6-720

 

 

What should i do?

 

Thanks and more power to iobit security!!!

[occasional]

False positive - sdm-2_0-windows-i586.exe

 

IObit Security 360

 

OS:Windows XP

Version:1.0.0.60

Define Version:1183

Time Elapsed:00:11:09

Objects Scanned:74497

Threats Found:1

 

|Name|Type|Description|ID|

Adware.EShoper, File, C:\FOLDER\Installed\Java\Sun Java Download Manager\sdm-2_0-windows-i586.exe, 12-236

 

==================================================================

 

 

 

Sun Download Manager v2.0 README FILE

 

 

 

==================================================================

 

 

 

Sun Download Manager (SDM) is subject to the terms detailed in

 

the binary code license agreement supplied in this release. See the

 

files SDMEntitlement.txt and SDMTranslatedLicense.html in the directory

 

where SDM is installed.

 

 

 

Before running SDM please review the online help:

 

http://www.sun.com/download/sdm/sdm_help.xml.

 

 

 

It provides complete installation and usage instructions as well as

 

known issues and troubleshooting advice. Help may also be accessed at

 

any time by selecting Help->Online Help from the SDM application.

 

 

 

==================================================================

 

 

 

Obtaining Sun Download Manager

 

------------------------------

 

 

 

Go to the URL below and follow the steps to "Get the Software".

 

The Sun Download Manager package is available for:

 

Solaris OS SPARC, Solaris OS x86, Linux, Windows, and generic Java (for

 

any Java platform, such as Mac OSX).

 

 

 

http://www.sun.com/download/sdm/

 

 

 

This README file accompanies the "stand alone" version of SDM.

[MagisterNoctis]

False positive: TheWorld Browser.

 

LS,

 

Since when a legitimate browser that I'm already using for a long time seems to be malware???

This browser, called TheWorld browser is already promoted and praised as a valuable, faster and safer alternative for Internet Explorer by ZDNet, CNet and more. Better protection, more options, more user-friendly. It uses the same render-engine of Internet Explorer but improved it by adding its own features.

 

Never experienced complaints about it, also no other well-known antivirus or antimalware scanner has discovered any harm in it.

 

Just to let you know that I have my sincere doubts about considering this IE-alternative as malware. It's rather a false positive imho. Please consider further research in order to make sure it's a 100 percent safe application. I've downloaded it from their official website. McAfee SiteAdvisor is also not aware of any complaints.

 

Greetings,

 

M.

Registered customer of Advanced SystemCare 3.

[Armoured]

False positive on a GLBasic tool

 

Hi

This is the log:

IObit Security 360

 

OS:Windows XP

Versione:1.0.0.60

Versione database:1194

Tempo trascorso:00:08:03

Oggetti analizzati:65360

Minacce rilevate:3

 

| Nome | Tipo |Descrizione|ID|

Disabled.SecurityCenter, Registry Data, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center Value=UpdatesDisableNotify, 6-14

Tracking Cookies, Cookies, Cookie:pluto@atdmt.com/, 7-1545

ADSPY.AdSpy, File, C:\Programmi\GLBasic\Tools\DoctorGBAS.exe, 12-2216

 

"DoctorGBAS.exe" isn't a virus...

Plese fix this problem

[SJSF]

False positive

 

This False positive is AVG Anti-Rotkit's uninstaller.

[hifunda]

IOBit flagging Email Sender Deluxe as trojan!

 

The content of the log file is below:

 

IObit Security 360

 

OS:Windows XP

Version:1.0.0.60

Define Version:1201

Time Elapsed:01:05:29

Objects Scanned:69457

Threats Found:2

 

|Name|Type|Description|ID|

W32.Sality, File, D:\j2sdk1.4.2_15\bin\java.exe, 12-1385

Trojan.Crypt, File, E:\Email Sender Deluxe\Email Sender Deluxe.exe, 12-687

 

Please tell me if Email Sender Deluxe is really infecting my computer, I use it to send email campaigns!

[enoskype]

Hi hifunda,

 

Please upload Deluxe.exe file to VirusTotal for analization by 41 Anti Virus engines. Feedback of the result will be appreciated.

 

Cheers.

[MagisterNoctis]

Another (known) false positive! SpywareBlaster.

 

Lectori salutem,

 

 

Following logfile in Dutch, hope you understand the translations of your own software, however, the Dutch translation of Security 360 v1.0 is far from perfect, it's in fact full of wrong spelling and grammar as well...

 

---------------------------------

 

IObit Security 360

 

OS:Windows XP

Versie:1.0.0.60

Define Versie:1202

Verstreken Tijd:00:24:15

Objecten Gescand:59952

Bedreigingen gevonden:1

 

|Naam|Type|Beschrijving|ID|

Hijack.Homepage, Registry Data, HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel Value=Homepage, 6-238

 

----------------------------------

 

This is without a doubt a false positive, but other antimalware scanners often make the same mistake. Just take a look at the screenshot attached and you will know what I mean....

 

I locked the homepage of Internet Explorer (or should I say Internet Exploder, for I prefer Mozilla Firefox above all other inferior, unsafe browsers) intentionally with a legitimate and trusted tool called SpywareBlaster to PREVENT malicious attacks from changing my homepage! There are more scanners that confuse this prevention measure in order to safeguard my browser settings with a "hijack". I wonder why...

 

Any ideas how Iobit could avoid confusing an intentionally protection with a hijack in future releases or (minor) updates? If you are the ones who pretend to have developed a security tool that's much better than all other scanners, then it's pitiful that Security 360 makes the very same mistake as all others, which is imho a potential proof that there is still a lot of work to be done to make this software more worthwhile in the future, just as ASC3 Pro had several nasty flaws in its first releases, but in the meantime after several upgrades and bugfixes they are solved at last.

 

I had my complaints about ASC3 Pro in the past, but thanks to the many bugfixes I'm nowadays quite satisfied.

 

But to stay on-topic: proof of the false positive that I am reporting now = screenshot (file-attach).

 

Grtz,

 

M.

[enoskype]

Hi MagisterNoctis,

 

First of all, I do use SpywareBlaster together with IS 360 and others.

 

Think about a malware that changes the Home Page and locks it. A computer rookie will not know that, and the result is that the home page is hijacked!!!

 

IS 360 is warning that the Home Page is locked by a software, without accusing SpywareBlaster.

 

Since a user would know that the Home Page is willingly locked (There are many other softwares that doing the same thing.), and easily this warning can be ignored and the item can be moved to the Ignore List.

 

In summary, I don't think that IObit is going to change that behaviour exactly like the other security software which will not change, because Home Page is one of the first targets for hijacking.

 

Cheers.

[hifunda]

Hi hifunda,

 

Please upload Deluxe.exe file to VirusTotal for analization by 41 Anti Virus engines. Feedback of the result will be appreciated.

 

Cheers.

 

This is the link to the VirusTotal analysis :

 

http://www.virustotal.com/analisis/2f194f75c59ad4e967a4c900a526e917b7dcce241e8510772bac81cbfc967b32-1251071313

[enoskype]

OK hifunda, you can put it into the Ignore list until IObit sees it as a false positive.

 

Cheers.

[Melvin_Deal]

This is one 360 asc and the others miss.

 

Hkey_classes_root\clsid\{a679oaa5-c6c7-4bcf-a46d-0fdac4ea90eb}

[sasa086]

false positive

 

IObit Security 360

 

OS:Windows XP

Version:1.0.0.60

Define Version:1206

Time Elapsed:00:17:57

Objects Scanned:66407

Threats Found:11

 

|Name|Type|Description|ID|

Trojan.Dropper, File, D:\Backup\Ghost32\Ghost32\ghostexp.exe, 12-3197

Trojan.Crypt.XPACK.Gen, File, D:\Program Files\totalcmd\totalcmd\TCMADMIN.EXE, 11-8500

Trojan.Dropper, File, D:\Video Edit\Ghost32\Ghost32\ghostexp.exe, 12-3197

Backdoor.Bot, File, D:\Video Edit\avidemux_2.3.0_win32\avidemux_2.3.0\lib\gtk-2.0\2.4.0\engines\libwimp.dll, 11-9433

 

 

I tested those files with VirusTotal and result is 0/41. None of those are infected.

[tindrak]

False positive - OpenVPN

 

IObit Security 360

 

OS:Windows XP

Version:1.0.0.60

Define Version:1209

Time Elapsed:00:07:28

Objects Scanned:59715

Threats Found:1

 

|Name|Type|Description|ID|

Trojan.Bot, File, C:\Program Files\OpenVPN\bin\openvpn.exe, 9-94052

 

OpenVPN is NOT malware, see http://www.openvpn.net

[itobe]

IObit Security 360

 

OS:Windows XP

Version:1.0.0.60

Define Version:1209

Time Elapsed:00:07:28

Objects Scanned:59715

Threats Found:1

 

|Name|Type|Description|ID|

Trojan.Bot, File, C:\Program Files\OpenVPN\bin\openvpn.exe, 9-94052

 

OpenVPN is NOT malware, see http://www.openvpn.net

 

hi tindrak,

 

well, we saw the webside you offered, and also think it mostly be a fp.

 

however, would you please updload the openvpn.exe in your system to virustotal for sure that it has not been infected with unknown malware or something else. attach it to us also is welcomed.

 

sorry for the trouble to you and thanks for your support to IObit. We will try our best to make our product better and better.

 

best regards and cheers, friend.

[samtso]

false positive - exact audio copy

 

IObit Security 360

 

OS:Windows XP

Version:1.0.0.60

Define Version:1210

Time Elapsed:00:24:50

Objects Scanned:70920

Threats Found:6

 

|Name|Type|Description|ID|

Tracking Cookies, Cookies, Cookie:samtso@www-origin.intel.com/, 7-1906

Tracking Cookies, Cookies, Cookie:samtso@intel.com/, 7-1906

Tracking Cookies, Cookies, Cookie:samtso@www.intel.com/, 7-1906

Tracking Cookies, Cookies, Cookie:samtso@downloadcenter.intel.com/, 7-1906

Adware.ADON, File, F:\Programs\Multimedia\Exact Audio Copy\eac-0.99pb4.exe, 10-9108

Adware.ADON, File, F:\Programs\Multimedia\Exact Audio Copy\eac-0.99pb5.exe, 10-6486

 

I think this is a false positive for exact audio copy, please let me know if you need file sample.

Regards,

Sam

[enoskype]

Hi sam,

 

Best thing to do is to upload the files to VirusTotal you think that are false positives, and post the result links here.

 

Cheers.

[samtso]

Hi sam,

 

Best thing to do is to upload the files to VirusTotal you think that are false positives, and post the result links here.

 

Cheers.

 

Hi enoskype,

 

Here's the result link of "eac-0.99pb4.exe" from VirusTotal

http://www.virustotal.com/analisis/e21aa275fe363db8720288c47fca06713572d4fc01bc9ea8980434a9850f9c1a-1254441649

 

and "eac-0.99pb5.exe"

http://www.virustotal.com/analisis/b22044645a71bfcabf808f321fe03c423f89eb59c4351ab361255415ac8b45ef-1254402528

 

Thanks,

Sam

[itobe]

Hi enoskype,

 

Here's the result link of "eac-0.99pb4.exe" from VirusTotal

http://www.virustotal.com/analisis/e21aa275fe363db8720288c47fca06713572d4fc01bc9ea8980434a9850f9c1a-1254441649

 

and "eac-0.99pb5.exe"

http://www.virustotal.com/analisis/b22044645a71bfcabf808f321fe03c423f89eb59c4351ab361255415ac8b45ef-1254402528

 

Thanks,

Sam

 

hi samtso,

 

we saw the info you offered and the FPs will be resolved next db version 1212. thanks for your quick response.

 

best regards.

[samtso]

Thank you to your quick response too:-D

[pascalg]

What is This?

 

IObit Security 360

 

OS:Windows Vista

Version:1.0.1.30

Define Version:1211

Time Elapsed:00:05:55

Objects Scanned:61248

Threats Found:10

 

|Name|Type|Description|ID|

Trojan.Agent, Registry Key, HKEY_CLASSES_ROOT\CLSID\{3831331e-0d11-4716-871d-68f3b11d23c9}, 5-12133

Trojan.Agent, Registry Key, HKEY_CLASSES_ROOT\CLSID\{3dcd2bc5-8489-48ae-891f-90c8b2f19f56}, 5-12134

Trojan.Agent, Registry Key, HKEY_CLASSES_ROOT\CLSID\{52c01a76-19e2-4a50-ae8a-38ffbccf9182}, 5-12135

Trojan.Agent, Registry Key, HKEY_CLASSES_ROOT\CLSID\{762ec429-1a5d-4ab8-844a-9a552e1241da}, 5-12136

Trojan.Agent, Registry Key, HKEY_CLASSES_ROOT\CLSID\{a506ef88-9efc-4522-bfe1-a8e886a64d80}, 5-12137

Trojan.Agent, Registry Key, HKEY_CLASSES_ROOT\CLSID\{b87799af-2ce9-4daa-93cf-65f002035369}, 5-12138

Trojan.Agent, Registry Key, HKEY_CLASSES_ROOT\CLSID\{bbc73c94-337c-43cc-b52c-31eb9fa34013}, 5-12139

Trojan.Agent, Registry Key, HKEY_CLASSES_ROOT\CLSID\{c406f816-318d-4f7d-81cb-ba93ca7b70d5}, 5-12140

Trojan.Agent, Registry Key, HKEY_CLASSES_ROOT\CLSID\{d502d4a3-03e6-4eae-a14e-69606ca63430}, 5-12141

Trojan.Agent, Registry Key, HKEY_CLASSES_ROOT\CLSID\{ec22770d-3343-4c56-8a8d-3e560475f655}, 5-12142

[Shonix]

Avira Warning On New Iobit 360 Version

 

As I have a great deal of respect for both Iobit and Avira, I'm somewhat bemused to be encountering today's curious situation, viz:

 

1) In response to Iobit's notification of a new version of 360, I've downloaded this from the Iobit re-directed downloads website;

 

2) I've attempted to install the new version but Avira has interrupted the install with this warning:

 

"C:\ProgramFiles\Iobit Security 360\IS360Init.exe

is the TR/Dropper Gen2 Trojan."

 

3) I've asked Avira for more information. It reports that it hasn't any;

 

4) I've checked with Kaspersky's database and it reports no record of any malware called TR/Dropper Gen2.

 

So I seem to be in the bizarre situation of receiving from iObit an anti-malware app which Avira claims has a malware infestation but which Avira itself seems wholly unable to state just what that malware actually is.

 

Result: I've cancelled the new 360 installation though as a precaution, have not checked any of the Avira options re delete/quarantine etc lest Avira do more harm than good.

 

Advice welcome as to what to do next. Thanks! :???:

[itsmejjj]

IObit Security 360

 

OS:Windows 7

Version:1.0.1.30

Define Version:1212

Time Elapsed:00:04:02

Objects Scanned:59748

Threats Found:2

 

|Name|Type|Description|ID|

Trojan.Agent, File, C:\Windows\system32\msxm192z.dll, 4-11415

Trojan.Agent, Registry Value, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Value=ter8m, 4-34624 shifted this

 

 

3 more scans ----

 

 

 

 

 

IObit Security 360

 

OS:Windows 7

Version:1.0.1.30

Define Version:1212

Time Elapsed:00:05:45

Objects Scanned:59749

Threats Found:1

 

|Name|Type|Description|ID|

Trojan.Agent, File, C:\Windows\system32\msxm192z.dll, 4-11415 still there

cant find it on the net unknown ?

 

reboot rescan --still there no idea what it is --this came in to view after installing out post the new one for win7

Outpost Pro 6.7 with Windows 7 support---------------------????

 

 

itsmejjj

[itsmejjj]

Ok what ever it was ???

1 uninstall outpost ---modem of --when done-

2 reboot

3 rescan still there -360 would not remove this in a normal way -

searched the file --took ownership -unlock and kill---io360 was able to kill it this way --nice !

4 reboot Gone

pc is running normal as before--

 

sorry people --not false positive!

thinking when not able to remove , was part of the program and protected file--

yet only 360 found this --preforming a deep scan

as i type --

please kill the post i made on this or move to lounge

thank and again sorry i spend 2 hours trying to find what it was -but nothing

i found goggling the net

 

 

 

result of deep scan

 

 

IObit Security 360

 

OS:Windows 7

Version:1.0.1.30

Define Version:1212

Time Elapsed:00:17:44

Objects Scanned:76758

Threats Found:3

 

|Name|Type|Description|ID|

Spammer.Mail.Expout.A - Quarantined, File, D:\WINDOWS\nircmdc.exe, 12-2175

Spammer.Mail.Expout.A, File, D:\System Volume Information\_restore{EE58FE2C-A796-4584-8B66-DFB1DE6EECC7}\RP6\A0021805.exe, 12-2175

Rootkit.Agent, File, D:\WINDOWS\system32\drivers\protect.sys, 9-7445

 

left over from outpost---

scanned and mow truly all clean--so now the owner got a clean pc ---

this happens ---perhaps the trojon may of been injected when on the net

and not from a install -i could find no info on it ---msxm192z.dll

 

itsmejjj

 

please move the posts if admins do not want this here or just dilate them