Jump to content
IObit Forum
Top Free Driver Updater Tools Best 25 PC Optimization Software Best 22 Antimalware Best 22 Uninstaller Software IObit Coupons & Discount Offers PC Optimizer

How to report False Positive to us?


Recommended Posts

OS:Windows XP

Version:1.0.1.30

Define Version:1248

Time Elapsed:00:00:13

Objects Scanned:62

Threats Found:1

 

|Name|Type|Description|ID|

Zuten.AF, File, C:\LucasArts\ClamWin\ClamWinPortable\App\clamwin\bin\ClamTray.exe, 12-377

It is a component of ClamWin AntiVirus Portable.

Of the 41 Anti-Virus scanners in Virus Total.com only eSafe detected the file as suspicious.

 

Hi SJSF,

 

We have investigated your submission, and it is proved to be a false positive.

 

latest version 1250 will solve this issue.

 

Cheers:-P

Link to comment
Share on other sites

Dropper.Zlob FALSE POSITIVE?

 

Is the following a FALSE POSITIVE?

 

IObit Security 360

 

OS:Windows XP

Version:1.1.0.30

Define Version:1262

Time Elapsed:00:08:42

Objects Scanned:72070

Threats Found:1

 

|Name|Type|Description|ID|

Dropper.Zlob, File, C:\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.14\comps\unagi\ampx.english.exe, 11-11612

Link to comment
Share on other sites

Virus Report Link

 

http://www.virustotal.com/analisis/b0b51c2c7487bc949e394836b91fa73270598d09935c9ec4b887d4c67d337556-1256913470

 

 

Result: 0/41 (0.00%)

Compact Print results

Antivirus Version Last Update Result

a-squared 4.5.0.41 2009.10.30 -

AhnLab-V3 5.0.0.2 2009.10.30 -

AntiVir 7.9.1.50 2009.10.30 -

Antiy-AVL 2.0.3.7 2009.10.30 -

Authentium 5.1.2.4 2009.10.30 -

Avast 4.8.1351.0 2009.10.29 -

AVG 8.5.0.423 2009.10.30 -

BitDefender 7.2 2009.10.30 -

CAT-QuickHeal 10.00 2009.10.30 -

ClamAV 0.94.1 2009.10.30 -

Comodo 2780 2009.10.30 -

DrWeb 5.0.0.12182 2009.10.30 -

eSafe 7.0.17.0 2009.10.29 -

eTrust-Vet 35.1.7093 2009.10.30 -

F-Prot 4.5.1.85 2009.10.30 -

F-Secure 9.0.15370.0 2009.10.27 -

Fortinet 3.120.0.0 2009.10.30 -

GData 19 2009.10.30 -

Ikarus T3.1.1.72.0 2009.10.30 -

Jiangmin 11.0.800 2009.10.30 -

K7AntiVirus 7.10.884 2009.10.30 -

Kaspersky 7.0.0.125 2009.10.30 -

McAfee 5786 2009.10.29 -

McAfee+Artemis 5786 2009.10.29 -

McAfee-GW-Edition 6.8.5 2009.10.30 -

Microsoft 1.5202 2009.10.30 -

NOD32 4558 2009.10.30 -

Norman 6.03.02 2009.10.30 -

nProtect 2009.1.8.0 2009.10.30 -

Panda 10.0.2.2 2009.10.30 -

PCTools 7.0.3.5 2009.10.30 -

Prevx 3.0 2009.10.30 -

Rising 21.53.43.00 2009.10.30 -

Sophos 4.47.0 2009.10.30 -

Sunbelt 3.2.1858.2 2009.10.30 -

Symantec 1.4.4.12 2009.10.30 -

TheHacker 6.5.0.2.056 2009.10.28 -

TrendMicro 8.950.0.1094 2009.10.30 -

VBA32 3.12.10.11 2009.10.29 -

ViRobot 2009.10.30.2013 2009.10.30 -

VirusBuster 4.6.5.0 2009.10.29 -

Additional information

File size: 403 bytes

MD5 : fe6bb0b52f34d991e7af466627d3ec36

SHA1 : 6001c5f76d9361ef5b4d8668440ed22c9ae6d489

SHA256: b0b51c2c7487bc949e394836b91fa73270598d09935c9ec4b887d4c67d337556

TrID : File type identification

ZIP compressed archive (100.0%)

ssdeep: 6:5jxrlWuWDP3CUHYBoeFQ4hgtoyEwlqLjrM99Q0AnLq1CZkxI+Wrlduk+lW:5jxrsXDKUHYBoeGiwHdAnG1y4IrrjJaW

PEiD : -

RDS : NSRL Reference Data Set

-

 

 

ATTENTION: VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.

 

VirusTotal © Hispasec Sistemas - Blog - Contact: info@virustotal.com - Terms of Service & Privacy Policy

Link to comment
Share on other sites

SmitfraudFix

 

SmitfraudFix (I think they are false positives)

 

 

 

IObit Security 360

 

OS:Windows 7

Version:1.1.0.30

Define Version:1264

Time Elapsed:00:36:21

Objects Scanned:74810

Threats Found:4

 

|Name|Type|Description|ID|

Tracking Cookies, Cookies, http://alert.services.conduit.com/Alerts/AlertServices.asmx/GetHostedFeedRss?alertID=778910&alertFeedId=774738, 7-1744

Tracking Cookies, Cookies, Cookie:stanley@atdmt.com/, 7-1543

Keylogger.Ezurl, File, C:\Users\Stanley\Documents\Downloads\SmitfraudFix\Agent.OMZ.Fix.exe, 9-79861

Spyware.Suspicious.Zlob, File, C:\Users\Stanley\Documents\Downloads\SmitfraudFix\o4Patch.exe, 9-87375

 

 

Cheers.

Link to comment
Share on other sites

  • 2 weeks later...

the new fraps version FP

 

I think is a FP

 

IObit Security 360

 

OS:Windows Vista

Versione:1.2.0.10

Versione database:1276

Tempo trascorso:00:00:00

Oggetti analizzati:1

Minacce rilevate:1

 

| Nome | Tipo |Descrizione|ID|

Agent.PWT, File, C:\Fraps\fraps.exe, 11-6247

Link to comment
Share on other sites

IObit Security 360

 

OS:Windows Vista

Version:1.3.0.10

Define Version:1280

Time Elapsed:00:10:55

Objects Scanned:67939

Threats Found:5

 

|Name|Type|Description|ID|

Trojan.DNSHijacker, Folder, C:\Program Files\BESTplayer, 3-2369

Trojan.DNSHijacker, File, C:\Program Files\BESTplayer\BESTplayer.exe, 3-2369Tracking Cookies, Cookies, Cookie:system@m.webtrends.com/, 7-2222

Tracking Cookies, Cookies, Cookie:wojtus@feedads0.googleadservices.com/~a/4_69kq3tyGUXtAIuyiZpVK9yzu0, 7-1856

Tracking Cookies, Cookies, Cookie:wojtus@home.sopserv.com/, 7-2184

 

 

BESTplayer is not a trojan, it is very good player from Poland :)

bestplayer.com.pl/

Link to comment
Share on other sites

Showing up again C:\install.exe

 

IObit Security 360

 

OS:Windows XP

Version:1.3.0.10

Define Version:1280

Time Elapsed:00:05:17

Objects Scanned:47630

Threats Found:1

 

|Name|Type|Description|ID|

Trojan.Win32/Agent, File, C:\install.exe, 4-3221

 

 

https://www.virustotal.com/analisis/08966ce743aa1cbed0874933e104ef7b913188ecd8f0c679f7d8378516c51da2-1258266088

 

File install.exe received on 2009.11.15 06:21:28 (UTC)

Current status: finished

 

Result: 0/40 (0.00%)

Compact Print results

Antivirus Version Last Update Result

a-squared 4.5.0.41 2009.11.15 -

AhnLab-V3 5.0.0.2 2009.11.13 -

AntiVir 7.9.1.65 2009.11.13 -

Antiy-AVL 2.0.3.7 2009.11.13 -

Authentium 5.2.0.5 2009.11.14 -

Avast 4.8.1351.0 2009.11.14 -

AVG 8.5.0.425 2009.11.14 -

BitDefender 7.2 2009.11.15 -

CAT-QuickHeal 10.00 2009.11.13 -

ClamAV 0.94.1 2009.11.15 -

Comodo 2957 2009.11.15 -

DrWeb 5.0.0.12182 2009.11.15 -

eSafe 7.0.17.0 2009.11.12 -

eTrust-Vet 35.1.7121 2009.11.14 -

F-Prot 4.5.1.85 2009.11.14 -

Fortinet 3.120.0.0 2009.11.15 -

GData 19 2009.11.15 -

Ikarus T3.1.1.74.0 2009.11.15 -

Jiangmin 11.0.800 2009.11.12 -

K7AntiVirus 7.10.896 2009.11.13 -

Kaspersky 7.0.0.125 2009.11.15 -

McAfee 5802 2009.11.14 -

McAfee+Artemis 5802 2009.11.14 -

McAfee-GW-Edition 6.8.5 2009.11.14 -

Microsoft 1.5202 2009.11.14 -

NOD32 4608 2009.11.14 -

Norman 6.03.02 2009.11.14 -

nProtect 2009.1.8.0 2009.11.15 -

Panda 10.0.2.2 2009.11.14 -

PCTools 7.0.3.5 2009.11.13 -

Prevx 3.0 2009.11.15 -

Rising 22.21.06.01 2009.11.15 -

Sophos 4.47.0 2009.11.15 -

Sunbelt 3.2.1858.2 2009.11.12 -

Symantec 1.4.4.12 2009.11.15 -

TheHacker 6.5.0.2.070 2009.11.14 -

TrendMicro 9.0.0.1003 2009.11.15 -

VBA32 3.12.10.11 2009.11.15 -

ViRobot 2009.11.14.2037 2009.11.14 -

VirusBuster 4.6.5.0 2009.11.14 -

Additional information

File size: 562688 bytes

MD5 : 520a6d1cbcc9cf642c625fe814c93c58

SHA1 : fb517abb38e9ccc67de411d4f18a9446c11c0923

SHA256: 08966ce743aa1cbed0874933e104ef7b913188ecd8f0c679f7d8378516c51da2

PEInfo: PE Structure information

 

( base data )

entrypointaddress.: 0x3DFD8

timedatestamp.....: 0x47316CA3 (Wed Nov 7 08:43:31 2007)

machinetype.......: 0x14C (Intel I386)

 

( 4 sections )

name viradd virsiz rawdsiz ntrpy md5

.text 0x1000 0x7A61E 0x7A800 6.32 88fac12502838d99cc519cb108c0e318

.data 0x7C000 0x798C 0x2200 3.40 f78c45748e6b7bcb33c43e9ea8ba0435

.rsrc 0x84000 0xBD8 0xC00 4.62 3564f93ee7baa50d785f29ecb0888286

.reloc 0x85000 0x97BC 0x9800 4.82 37ad37f70fa943e07c8139dc901c5c25

 

( 0 imports )

 

 

( 0 exports )

 

TrID : File type identification

InstallShield setup (46.1%)

Win32 Executable MS Visual C++ (generic) (40.4%)

Win32 Executable Generic (9.1%)

Generic Win/DOS Executable (2.1%)

DOS Executable Generic (2.1%)

ThreatExpert: http://www.threatexpert.com/report.aspx?md5=520a6d1cbcc9cf642c625fe814c93c58

ssdeep: 12288:bpNWz8beHITmTmbA4yrRGsR5A5lcwFhpto/cT9aRzS:bpC/mbANrr5MiwFhDoET9t

PEiD : -

RDS : NSRL Reference Data Set

Link to comment
Share on other sites

Registries are not FP~~

 

IObit Security 360

 

OS:Windows 7

Version:1.3.0.10

Define Version:1280

Time Elapsed:00:43:04

Objects Scanned:79633

Threats Found:11

 

|Name|Type|Description|ID|

Tracking Cookies, Cookies, Cookie:stanley@atdmt.com/, 7-1543

Adware.MWS, Registry Key, HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d}, 5-77

Adware.MWS, Registry Key, HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca}, 5-398

Adware.MWS, Registry Key, HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca}, 5-399

Adware.MWS, Registry Key, HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca}, 5-401

Trojan.Win32/Vundo, Registry Key, HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0}, 5-3872

Keylogger.Ezurl, File, C:\Users\Stanley\Documents\Downloads\SmitfraudFix\Agent.OMZ.Fix.exe, 9-58252

Spyware.Suspicious.Zlob, File, C:\Users\Stanley\Documents\Downloads\SmitfraudFix\o4Patch.exe, 9-64107

Qhost.NOL, File, D:\Windows\SetSpkDefault.exe, 11-3173

Qhost.NOL, File, D:\Users\Stanley\Desktop\Windows 7 BackUp\Documents\Downloads\Drivers\Audio_Realtek_6.0.1.5470_Vistax86\Audio_Realtek_6.0.1.5470_Vistax86\SetSpkDefault\x86\SetSpkDefault.exe, 11-3173

 

This is a FP

VirusTotal

 

 

Edit: I decided to combine those 2 reports.

 

Cheers.

Link to comment
Share on other sites

Hey enoskype,

 

 

Thank you for the example!

Got to start learning got to look at registries :smile:

 

and this FP still exist:

Keylogger.Ezurl, File, C:\Users\Stanley\Documents\Downloads\SmitfraudFix\ Agent.OMZ.Fix.exe, 9-58252

Spyware.Suspicious.Zlob, File, C:\Users\Stanley\Documents\Downloads\SmitfraudFix\ o4Patch.exe, 9-64107

 

 

Cheers.

Link to comment
Share on other sites

It bleongs to Microsoft Corporation

9.0.21022.8 built by: RTM

Install.exe

Microsoft® Visual Studio® 2008

 

 

I scanned it with AVG / Avira/ SAS/ MSE / all say its clean.

If I put it into a folder and scan with iobit 360 it

comes out clean.

 

Just did another scan after updating and nothing showed up

so I guess its been fixed??

Link to comment
Share on other sites

I googled it something to do with .net 2 why its there :?:

 

The following command C:\install.exe performs a silent install of the Dotnetfx.exe redistributable Package Technical Reference Download locations for NET Framework 2.0 Final

 

dotnetfx.exe is a process belonging to Microsoft Windows which updates the .NET technology interface. This is a operating system core component update.

Link to comment
Share on other sites

PAF5\pstart.exe not a Matles.A dangerous program

 

Before reporting a false positive, please save a scan report first and post it here. This will help us know the detailed information about the scan result.

 

Here is my "false positive" I'm not sure how to make an "official report" if that is possible.

Matles.A C:\Program Files\FamilySearch\Paf5\pstart.exe

 

First of all, I have used the program "Personal Ancestral File" ver.5 for several years. It is NOT a virus/trojan/dangerous program. It is a free program placed by the Church of Jesus Christ of Latter Day Saints for genealogists of all faiths/demoninations...... I have not had any problems to date with this program and it does what it purports to do. Please remove this program from the warning list for Matles.A It is incorrect.

 

Short of a change in your programming to allow the PAF program, I will have to either find a work around for the program to continue working - or to remove your program from my computer as well as the many computers upon which I have installed your Security 360 program.

 

Thanks

Will Stamps

Stamps Technology Services

801-589-0435

willstamps@aim.com

 

 

 

Matles.A C:\Program Files\FamilySearch\Paf5\pstart.exe

Link to comment
Share on other sites

Driver Checker (False Posotive?)

 

Driver Checker 2.7.3

Seems to work great!

Downloads 2 drivers per day.

Your software takes me to a web sitre that says, it just wants money for the software?

 

IObit Security 360

 

OS:Windows XP

Version:1.3.0.10

Define Version:1282

Time Elapsed:01:07:46

Objects Scanned:68462

Threats Found:71

 

|Name|Type|Description|ID|

Rogue.DriverChecker, Folder, C:\Program Files\Driver Checker, 3-2705

Rogue.DriverChecker, File, C:\Program Files\Driver Checker\DcDriver.dll, 3-2705

Rogue.DriverChecker, Folder, C:\Program Files\Driver Checker\DcInfo, 3-2705

Rogue.DriverChecker, File, C:\Program Files\Driver Checker\dcUpdate.exe, 3-2705

Rogue.DriverChecker, Folder, C:\Program Files\Driver Checker\download, 3-2705

Rogue.DriverChecker, File, C:\Program Files\Driver Checker\DriverChecker.exe, 3-2705

Rogue.DriverChecker, File, C:\Program Files\Driver Checker\DriverCheckerhelp.chm, 3-2705

Rogue.DriverChecker, File, C:\Program Files\Driver Checker\driverfiles.dll, 3-2705

Rogue.DriverChecker, File, C:\Program Files\Driver Checker\gdiplus.dll, 3-2705

Rogue.DriverChecker, File, C:\Program Files\Driver Checker\install.log, 3-2705

Rogue.DriverChecker, File, C:\Program Files\Driver Checker\link.dll, 3-2705

Rogue.DriverChecker, Folder, C:\Program Files\Driver Checker\LiveUpdate, 3-2705

Rogue.DriverChecker, File, C:\Program Files\Driver Checker\ScanResult.ini, 3-2705

Rogue.DriverChecker, File, C:\Program Files\Driver Checker\unins000.exe, 3-2705

Rogue.DriverChecker, File, C:\Program Files\Driver Checker\unins001.dat, 3-2705

Rogue.DriverChecker, File, C:\Program Files\Driver Checker\unins001.exe, 3-2705

Rogue.DriverChecker, Folder, C:\Program Files\Driver Checker\download\Acer_PG4600_Chipset1_4u For WinXP, 3-2705

Rogue.DriverChecker, File, C:\Program Files\Driver Checker\download\Acer_PG4600_Chipset1_4u For WinXP.zip, 3-2705

Rogue.DriverChecker, Folder, C:\Program Files\Driver Checker\download\HP_Pavilion_g3238cx_g3237d_Keyboard For WinXP_XP64, 3-2705

Rogue.DriverChecker, File, C:\Program Files\Driver Checker\download\HP_Pavilion_g3238cx_g3237d_Keyboard For WinXP_XP64.zip, 3-2705

Rogue.DriverChecker, Folder, C:\Program Files\Driver Checker\download\Realtek_ALC100_Alcxau0_WDM_406 For Win2K_XP, 3-2705

Rogue.DriverChecker, File, C:\Program Files\Driver Checker\download\Realtek_ALC100_Alcxau0_WDM_406 For Win2K_XP.zip, 3-2705

Rogue.DriverChecker, File, C:\Program Files\Driver Checker\download\Acer_PG4600_Chipset1_4u For WinXP\ich4usb.cat, 3-2705

Rogue.DriverChecker, File, C:\Program Files\Driver Checker\download\Acer_PG4600_Chipset1_4u For WinXP\ich4usb.inf, 3-2705

Rogue.DriverChecker, File, C:\Program Files\Driver Checker\download\Acer_PG4600_Chipset1_4u For WinXP\Readme.xml, 3-2705

Rogue.DriverChecker, File, C:\Program Files\Driver Checker\download\HP_Pavilion_g3238cx_g3237d_Keyboard For WinXP_XP64\hpqps2kb.cat, 3-2705

Rogue.DriverChecker, File, C:\Program Files\Driver Checker\download\HP_Pavilion_g3238cx_g3237d_Keyboard For WinXP_XP64\hpqps2kb.inf, 3-2705

Rogue.DriverChecker, File, C:\Program Files\Driver Checker\download\HP_Pavilion_g3238cx_g3237d_Keyboard For WinXP_XP64\PS2.sys, 3-2705

Rogue.DriverChecker, File, C:\Program Files\Driver Checker\download\HP_Pavilion_g3238cx_g3237d_Keyboard For WinXP_XP64\Readme.xml, 3-2705

Rogue.DriverChecker, File, C:\Program Files\Driver Checker\download\Realtek_ALC100_Alcxau0_WDM_406 For Win2K_XP\Alcrmv.exe, 3-2705

Rogue.DriverChecker, File, C:\Program Files\Driver Checker\download\Realtek_ALC100_Alcxau0_WDM_406 For Win2K_XP\Alcxau0.inf, 3-2705

Rogue.DriverChecker, File, C:\Program Files\Driver Checker\download\Realtek_ALC100_Alcxau0_WDM_406 For Win2K_XP\alcxwdm.cat, 3-2705

Rogue.DriverChecker, File, C:\Program Files\Driver Checker\download\Realtek_ALC100_Alcxau0_WDM_406 For Win2K_XP\ALCXWDM.SYS, 3-2705

Rogue.DriverChecker, File, C:\Program Files\Driver Checker\download\Realtek_ALC100_Alcxau0_WDM_406 For Win2K_XP\ALSNDMGR.CPL, 3-2705

Rogue.DriverChecker, File, C:\Program Files\Driver Checker\download\Realtek_ALC100_Alcxau0_WDM_406 For Win2K_XP\ALSNDMGR.WAV, 3-2705

Rogue.DriverChecker, File, C:\Program Files\Driver Checker\download\Realtek_ALC100_Alcxau0_WDM_406 For Win2K_XP\Readme.xml, 3-2705

Rogue.DriverChecker, File, C:\Program Files\Driver Checker\download\Realtek_ALC100_Alcxau0_WDM_406 For Win2K_XP\RtlCPAPI.dll, 3-2705

Rogue.DriverChecker, File, C:\Program Files\Driver Checker\download\Realtek_ALC100_Alcxau0_WDM_406 For Win2K_XP\RTLCPL.EXE, 3-2705

Rogue.DriverChecker, File, C:\Program Files\Driver Checker\download\Realtek_ALC100_Alcxau0_WDM_406 For Win2K_XP\SOUNDMAN.EXE, 3-2705

Unwanted.RegistryPC, Folder, C:\Documents and Settings\HP_Owner.YOUR-86339EB2BF\Application Data\RegistryPC, 3-2876

Unwanted.RegistryPC, Folder, C:\Documents and Settings\HP_Owner.YOUR-86339EB2BF\Application Data\RegistryPC\Logs, 3-2876

Unwanted.RegistryPC, File, C:\Documents and Settings\HP_Owner.YOUR-86339EB2BF\Application Data\RegistryPC\spy_ignore.db, 3-2876

Unwanted.RegistryPC, File, C:\Documents and Settings\HP_Owner.YOUR-86339EB2BF\Application Data\RegistryPC\Logs\2009-11-01 02-18-570.log, 3-2876

Unwanted.RegistryPC, File, C:\WINDOWS\Tasks\RegistryPC Scan.job, 4-18187

Unwanted.Driver Checker, File, C:\System Volume Information\_restore{02818594-CB0B-43E3-8139-587D9EF98970}\RP315\A0059606.exe, 8-375

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...