Possible False Positive??

[burrellbuzzman]

Not sure if this is the place to post this because the IObit 360 forum has a dedicated false positive thread.

 

Just upgraded Foxit pdf reader, happened to run advanced system care and the spyware removal function claims to have found Adware, with the:

 

Description: 180Solutions.Zango

Risk Level: High

Entry:C:\Users\Rob\local settings\temp\upgrade.exe

 

When looking in "C:\Users\Rob\local settings\temp\" the only application that matches this is "Upgrade" and it has the foxit symbol.

 

I uploaded the file to virus total, and here is the analysis

 

http://www.virustotal.com/reanalisis.html?e4e5d82028bffd9b653c89f6ddde7d11d18c8a71c29d44cfe92d1773954b9d8f-1269102937

 

also, ran scans with malwarebytes and spybot search and detroy, which found nothing. and also ran a scan with iobit 360 which again found nothing, so i am not sure how to upload logfiles for advanced care and just wondering if this is indeed a false positive.

 

Thanks, Rob

[burrellbuzzman]

I have enclosed a picture with the scan and the location folder, this is on my vista 32 bit machine but i have experienced the same problem on my windows 7 64bit machine too.

[enoskype]

Hi burrellbuzzman,

 

First of all, you have not given the link to analysis report of VirusTotal, you should have reanalized the file and give the link to that reanalyze report. That report should have included the names of all 41 AV software and the results they have found.

 

Secondly, you have not given the password for the zip file which is password protected, so we can not extract it without the password. Certainly the password is not "infected" or "Infected".

 

Thirdly, 180solutions.xxx.. has variants of trojan, malware, spyware, hijacker, and tracking cookie.

 

Cheers.

[burrellbuzzman]

Sorry, i believed that i had given the correct information...

 

here is the virus total link:

http://www.virustotal.com/analisis/e4e5d82028bffd9b653c89f6ddde7d11d18c8a71c29d44cfe92d1773954b9d8f-1268364516

 

Attached is the .zip file which i have double checked that the password is "infected", i hope this version works now.

 

Thanks, Rob

Upgrade.zip

[enoskype]

Thanks burrellbuzzman,

 

I have downloaded the file, extracted it and made all the scans with security programs, includind ASC 3.5 Scan, non of them has shown that there exist "180Solutions.Zango" in upgrade.exe.

 

Can you check it by ASC again please.

 

Cheers.

[burrellbuzzman]

yea, i've scanned with ASC and again it flags the same file up "upgrade.exe" in the same folder that i have said in previous posts. again in that folder there is only "upgrade.exe" no other files match what is shown in ASC.

 

I'm not quite sure what i can send you? obviously with IObit 360 there are log files, and i'm not quite sure how to access ASC log files. Equally this is why i was confused... if ASC picks this file up as adware, surely 360 would have as well, being that it is the same company and a dedicated malware scanner.

 

one possibility i can think of, and this is coming from a bit of a novice so might be totally nothing to do with anything! when i first started using this program (ASC) i would be able to check for updates and their would be new virus definitions. since i think it was version, 3.4.2 i would never see any viruses definitions equally when 3.5 came out it didn't tell me or have anything to update. so i wonder perhaps it is a false positive that has already been fixed and perhaps i have an outdated definition? is there a way i can check my definition?

 

Thanks, Rob

[wozofoz]

Update check

 

.....so i wonder perhaps it is a false positive that has already been fixed and perhaps i have an outdated definition? is there a way i can check my definition?

 

Thanks, Rob

 

• Launch Advanced System Care

• Right click the SysTray icon (bottom right near time)

• Select Check Update

 

All the best, woz of oz

[burrellbuzzman]

Thanks, i had already tried that but it never finds any definitions. plus clicked on check update history and nothing happened...

 

Thanks again

[burrellbuzzman]

Hello, it is me again... obviously ASC is now on version 3.51, and i am still experiencing the same problem listed above.

 

before the ASC update, foxit pdf reader needed to be updated and left the same file in my temp folder as i have already posted to you. the spyware test on asc (3.5), again found this to be the 180solutions.Zango adware as previously stated in my earlier posts... i just decided to delete it with asc and it had no adverse side effects on foxit pdf reader.

 

I thought that i would retrieve the original file (update.exe) that i sent to you from my previous post and see if the new version of 3.51 version of ASC would detect it as adware, to put my mind at rest... considering that you said that you had ran tests on it and it was clean. so i downloaded it and dropped it into the temp folder and ASC 3.51 again detected "update.exe" as the same 180solutions.Zango adware