Another IMAGE FILE (ebay_88_31[1].jpg) False Positive ? [SOLVED by db 1415]

[Footloose]

Hi Guys,

 

Have just run an IS 360 smart scan. This time - it's come up with the "eBay.com.au" logo JPG as Worm.Packed.Generic in the Temporary Internet Files folder. When running a scan on that file (from the context menu) - it finds nothing. No other security software detects anything, anywhere.

 

I've uploaded the "infected" file to - http://wikisend.com/download/212064/ebay_88_31[1].zip

 

Here is a copy of the detection report :

 

IObit Security 360

 

OS:Windows XP

Version:1.4.1.11

Define Version:1407

Time Elapsed:00:00:44

Objects Scanned:53441

Threats Found:5

 

|Name|Type|Description|ID|

Tracking Cookies, Cookies, Cookie:footy@quantserve.com/, 7-2075

Tracking Cookies, Cookies, Cookie:footy@content.yieldmanager.com/ak/, 7-1540

Tracking Cookies, Cookies, Cookie:footy@ad.yieldmanager.com/, 7-1540

Tracking Cookies, Cookies, Cookie:footy@content.yieldmanager.com/, 7-1540

Worm.Packed.Generic, File, C:\Documents and Settings\Footy\Local Settings\Temporary Internet Files\Content.IE5\GZ9G81NH\ebay_88_31[1].jpg, 9-87623

 

I will ignore this detection, until it has been reported as having been repaired.

 

ADVICE : To those people who've upgraded to a purchased version - my advice is :

Please make sure that you have ruled out any detection by IS 360 as being a F/P before you go out & spend unnecassarily. That is - if your other security software detects nothing, and only IS 360 detects something - do some research, upload your "infected" file to VirusTotal (or similar). If it is only IS 360 finding an infection : then it's most likely a false-positive. In this case - IObit needs to know, so they can rectify the problem. Don't become angry. Become inquisitive & positively helpful. You might help someone else to "not become scared", and/or to "not spend needlessly".

 

Off my soapbox now :lol:. Thanks for any help with this present F/P IObit.

Cheers for now - Robert

[Footloose]

Another FP Detected in Def. DB 1413

 

Hi All,

 

I have another seemingly FP detected, when scanning with Def. DB 1413. That's in addition to the image file FP. No other security software finds anything. Here is the updated Detection Log :

 

IObit Security 360

 

OS:Windows XP

Version:1.4.1.11

Define Version:1413

Time Elapsed:00:05:15

Objects Scanned:52142

Threats Found:3

 

|Name|Type|Description|ID|

 

Trojan.Bagle, File, C:\WINDOWS\system32\WgaLogon.dll, 12-1299

Worm.Packed.Generic, File, C:\Documents and Settings\Footy\Desktop\ebay_88_31[1].jpg, 9-87623

 

Thanks for any help.

Cheers - Footloose

[hxin]

Hi Guys,

 

Have just run an IS 360 smart scan. This time - it's come up with the "eBay.com.au" logo JPG as Worm.Packed.Generic in the Temporary Internet Files folder. When running a scan on that file (from the context menu) - it finds nothing. No other security software detects anything, anywhere.

 

I've uploaded the "infected" file to - http://wikisend.com/download/212064/ebay_88_31[1].zip

 

Here is a copy of the detection report :

 

IObit Security 360

 

OS:Windows XP

Version:1.4.1.11

Define Version:1407

Time Elapsed:00:00:44

Objects Scanned:53441

Threats Found:5

 

|Name|Type|Description|ID|

Tracking Cookies, Cookies, Cookie:footy@quantserve.com/, 7-2075

Tracking Cookies, Cookies, Cookie:footy@content.yieldmanager.com/ak/, 7-1540

Tracking Cookies, Cookies, Cookie:footy@ad.yieldmanager.com/, 7-1540

Tracking Cookies, Cookies, Cookie:footy@content.yieldmanager.com/, 7-1540

Worm.Packed.Generic, File, C:\Documents and Settings\Footy\Local Settings\Temporary Internet Files\Content.IE5\GZ9G81NH\ebay_88_31[1].jpg, 9-87623

 

I will ignore this detection, until it has been reported as having been repaired.

 

ADVICE : To those people who've upgraded to a purchased version - my advice is :

Please make sure that you have ruled out any detection by IS 360 as being a F/P before you go out & spend unnecassarily. That is - if your other security software detects nothing, and only IS 360 detects something - do some research, upload your "infected" file to VirusTotal (or similar). If it is only IS 360 finding an infection : then it's most likely a false-positive. In this case - IObit needs to know, so they can rectify the problem. Don't become angry. Become inquisitive & positively helpful. You might help someone else to "not become scared", and/or to "not spend needlessly".

 

Off my soapbox now :lol:. Thanks for any help with this present F/P IObit.

Cheers for now - Robert

Hi Footloose

You upload the file to www.wikisend.com that is't " ebay_88_31[1].jpg ".

PLS upload again.

[Footloose]

Wikisend Upload

 

Hi Hxin,

 

Thanks for getting back to me. I've uploaded the original zipped file, available at ebay_88_31[1].zip and the new detection, WgaLogon.dll, available at WgaLogon.zip Both are password protected with the usual password, all in upper case. Hope they worked this time.

 

To Melvin Deal - Thanks for your compliment my friend. We're all here to help. That's all I want to do.

 

Cheers for now - Footloose

[Footloose]

Haste - No Problems now (with WgaLogon.dll)

 

Hi All,

 

The ebay.com.au logo JPG is still being detected as Worm.Packed.Generic

 

What's happening ??

 

Cheers - Footloose

 

Hi All,

 

I don't know what happened last night. After IS 360 having found the 2 versions of WgaLogon.dll still - I started a full system scan; running while I slept. This morning - it found only the ebay.com.au logo JPG. A subsequent quick scan found only this JPG file again.

 

Cheers to all - Footloose

[hxin]

Hi all

 

The "WAG" have solved on 1414 . The "ebay_88_31[1].jpg" will be solved in our later update definition 1415.

 

Cheers!

[Footloose]

Hi All,

 

Thanks Hxin & IObit. DB# 1415 has solved the JPG F/P issue.

 

Until next time :-)

Cheers - Footloose