Jump to content
IObit Forum
Top Free Driver Updater Tools Best 25 PC Optimization Software Best 22 Antimalware Best 22 Uninstaller Software IObit Coupons & Discount Offers PC Optimizer Mac Boost Advice IObit Coupons A Good Utility Program From IObit IObit Promo Codes IObit Coupon Codes IObit Coupons and Deals FAQs Driver Booster Pro Review

I think I have some false positives [SOLVED by db 1049]


Recommended Posts

Hello. I think these are false positives. This is my report of a deep scan with IObit Malware Fighter v1.11:

 

IObit Malware Fighter

 

OS: Windows XP

Versión: 1.1.1.2

Definir Versión: 1046

Tiempo: 00:20:06

Objectos Escaneados: 76389

Amenaza(s) Hallada(s): 12

Ahorre Tiempo: 24/7/2011 10:00:08 a.m.

 

|Nombre|Tipo|Descripción|ID|

Trojan.Generic, FILE, C:\WINDOWS\notepad.exe, 4061631

Trojan.Agent, FILE, C:\WINDOWS\system32\hostname.exe, 4046036

Trojan.Generic, FILE, C:\WINDOWS\system32\winlogon.exe, 4061533

Trojan.Agent, FILE, C:\WINDOWS\system32\dllcache\hostname.exe, 4046036

Trojan.Generic, FILE, C:\WINDOWS\SoftwareDistribution\Download\4fcdf3a74fe834ce16dc12a720df5cc7\notepad.exe, 4061631

Trojan.Generic, FILE, C:\WINDOWS\SoftwareDistribution\Download\4fcdf3a74fe834ce16dc12a720df5cc7\winlogon.exe, 4061533

Trojan.Generic, FILE, C:\WINDOWS\ServicePackFiles\i386\notepad.exe, 4061631

Trojan.Generic, FILE, C:\WINDOWS\ServicePackFiles\i386\winlogon.exe, 4061533

Trojan.Dropper, FILE, C:\Archivos de programa\Nero\Nero8\Nero WaveEditor\Controls.dll, 4071403

Trojan.Crypt, FILE, C:\Archivos de programa\Adobe\Reader 9.0\Reader\reader_sl.exe, 4067296

Trojan.Dropper, FILE, F:\Felipe\Software\aresregular217_installer.exe, 4049467

Trojan.Generic, FILE, C:\WINDOWS\system32\winlogon.exe, 4061533

 

I didn´t click the repair button, I just saved the report and closed the window. Then I scan the first one (notepad.exe) manually and click repair. It deleted the file and the notepad won´t open again.

 

Glad if you can readme. Thanks

Link to comment
Share on other sites

Hi lfra63, welcome to IObit Forum!

 

Please update to the most recent definition of today which is 1048 (although it may be shown as 1047 on the Scan section of the GUI, it will change to 1048 when you exit and re-run IMF) and scan again to see if they are still found as trojans.

 

Did you upload the files to IObit Cloud?

 

I would also check them uploading all of them to VirusTotal.

 

Although they may probably be FPs, I have doubts that your files may have been effected by malware.

 

BTW, why are you using 2 aliases in the forum? It is a banning offence...

Please choose one of them and inform any Administrator about your choice.

 

Cheers.

Link to comment
Share on other sites

Thanks enoskype.

 

OK, first I upload manually each file to IObit cloud and all of them were safe files. The only one file that didn´t scan was this one:

 

Trojan.Agent, FILE, C:\WINDOWS\system32\hostname.exe, 4046036

 

It said TIMEOUT at step four (Analyse).

 

Also, there was one dllcache folder I couldn´t find:

 

Trojan.Agent, FILE, C:\WINDOWS\system32\dllcache\hostname.exe, 4046036

 

After this, I Update IObit definition to 1048 and ran a deep scan. Now they are 17 threads. This is the report:

 

IObit Malware Fighter

 

OS: Windows XP

Versión: 1.1.1.2

Definir Versión: 1048

Tiempo: 00:22:51

Objectos Escaneados: 76356

Amenaza(s) Hallada(s): 17

Ahorre Tiempo: 30/7/2011 12:57:19 p.m.

 

|Nombre|Tipo|Descripción|ID|

Trojan.Generic, FILE, C:\WINDOWS\notepad.exe, 4061631

Trojan.Generic, FILE, C:\WINDOWS\system32\winlogon.exe, 4061533

Trojan.Generic, FILE, C:\WINDOWS\system32\dllcache\notepad.exe, 4061631

Trojan.Generic, FILE, C:\WINDOWS\SoftwareDistribution\Download\4fcdf3a74fe834ce16dc12a720df5cc7\notepad.exe, 4061631

Trojan.Generic, FILE, C:\WINDOWS\SoftwareDistribution\Download\4fcdf3a74fe834ce16dc12a720df5cc7\winlogon.exe, 4061533

Trojan.Generic, FILE, C:\WINDOWS\ServicePackFiles\i386\notepad.exe, 4061631

Trojan.Generic, FILE, C:\WINDOWS\ServicePackFiles\i386\winlogon.exe, 4061533

Trojan.Generic, FILE, C:\System Volume Information\_restore{F232DF57-751E-4ADC-9AD2-D0C13369B2ED}\RP15\A0008898.exe, 4061631

Trojan.Generic, FILE, C:\System Volume Information\_restore{F232DF57-751E-4ADC-9AD2-D0C13369B2ED}\RP15\A0008901.exe, 4061631

Trojan.Generic, FILE, C:\System Volume Information\_restore{F232DF57-751E-4ADC-9AD2-D0C13369B2ED}\RP15\A0008902.exe, 4061631

Trojan.Generic, FILE, C:\System Volume Information\_restore{F232DF57-751E-4ADC-9AD2-D0C13369B2ED}\RP15\A0008907.exe, 4061631

Trojan.Generic, FILE, C:\System Volume Information\_restore{F232DF57-751E-4ADC-9AD2-D0C13369B2ED}\RP15\A0008908.exe, 4061533

Trojan.Dropper, FILE, C:\System Volume Information\_restore{F232DF57-751E-4ADC-9AD2-D0C13369B2ED}\RP15\A0008909.dll, 4071403

Trojan.Crypt, FILE, C:\System Volume Information\_restore{F232DF57-751E-4ADC-9AD2-D0C13369B2ED}\RP15\A0008910.exe, 4067296

Trojan.Dropper, FILE, C:\Archivos de programa\Nero\Nero8\Nero WaveEditor\Controls.dll, 4071403

Trojan.Crypt, FILE, C:\Archivos de programa\Adobe\Reader 9.0\Reader\reader_sl.exe, 4067296

Trojan.Generic, FILE, C:\WINDOWS\system32\winlogon.exe, 4061533

 

Again, I uploaded each file to IObit cloud and they were safe. Should I put them in ignore list?

 

Nice writting with you

Link to comment
Share on other sites

WARING: false postive

 

OS: Windows XP

Versión: 1.1.1.2

Definir Versión: 1048

 

Hi

 

I got the same result like you but I had mine as auto repair.

So what happen?

Yes, I had to reinstall windows AND still have the same result

but this time I wasn´t stupid to have it on auto repair.

 

For me, this is definitely a false positive

 

Cheers

Erik

Link to comment
Share on other sites

Thanks enoskype.

 

OK, first I upload manually each file to IObit cloud and all of them were safe files. The only one file that didn´t scan was this one:

 

Trojan.Agent, FILE, C:\WINDOWS\system32\hostname.exe, 4046036

 

It said TIMEOUT at step four (Analyse).

 

Also, there was one dllcache folder I couldn´t find:

 

Trojan.Agent, FILE, C:\WINDOWS\system32\dllcache\hostname.exe, 4046036

 

After this, I Update IObit definition to 1048 and ran a deep scan. Now they are 17 threads. This is the report:

 

IObit Malware Fighter

 

OS: Windows XP

Versión: 1.1.1.2

Definir Versión: 1048

Tiempo: 00:22:51

Objectos Escaneados: 76356

Amenaza(s) Hallada(s): 17

Ahorre Tiempo: 30/7/2011 12:57:19 p.m.

 

|Nombre|Tipo|Descripción|ID|

Trojan.Generic, FILE, C:\WINDOWS\notepad.exe, 4061631

Trojan.Generic, FILE, C:\WINDOWS\system32\winlogon.exe, 4061533

Trojan.Generic, FILE, C:\WINDOWS\system32\dllcache\notepad.exe, 4061631

Trojan.Generic, FILE, C:\WINDOWS\SoftwareDistribution\Download\4fcdf3a74fe834ce16dc12a720df5cc7\notepad.exe, 4061631

Trojan.Generic, FILE, C:\WINDOWS\SoftwareDistribution\Download\4fcdf3a74fe834ce16dc12a720df5cc7\winlogon.exe, 4061533

Trojan.Generic, FILE, C:\WINDOWS\ServicePackFiles\i386\notepad.exe, 4061631

Trojan.Generic, FILE, C:\WINDOWS\ServicePackFiles\i386\winlogon.exe, 4061533

Trojan.Generic, FILE, C:\System Volume Information\_restore{F232DF57-751E-4ADC-9AD2-D0C13369B2ED}\RP15\A0008898.exe, 4061631

Trojan.Generic, FILE, C:\System Volume Information\_restore{F232DF57-751E-4ADC-9AD2-D0C13369B2ED}\RP15\A0008901.exe, 4061631

Trojan.Generic, FILE, C:\System Volume Information\_restore{F232DF57-751E-4ADC-9AD2-D0C13369B2ED}\RP15\A0008902.exe, 4061631

Trojan.Generic, FILE, C:\System Volume Information\_restore{F232DF57-751E-4ADC-9AD2-D0C13369B2ED}\RP15\A0008907.exe, 4061631

Trojan.Generic, FILE, C:\System Volume Information\_restore{F232DF57-751E-4ADC-9AD2-D0C13369B2ED}\RP15\A0008908.exe, 4061533

Trojan.Dropper, FILE, C:\System Volume Information\_restore{F232DF57-751E-4ADC-9AD2-D0C13369B2ED}\RP15\A0008909.dll, 4071403

Trojan.Crypt, FILE, C:\System Volume Information\_restore{F232DF57-751E-4ADC-9AD2-D0C13369B2ED}\RP15\A0008910.exe, 4067296

Trojan.Dropper, FILE, C:\Archivos de programa\Nero\Nero8\Nero WaveEditor\Controls.dll, 4071403

Trojan.Crypt, FILE, C:\Archivos de programa\Adobe\Reader 9.0\Reader\reader_sl.exe, 4067296

Trojan.Generic, FILE, C:\WINDOWS\system32\winlogon.exe, 4061533

 

Again, I uploaded each file to IObit cloud and they were safe. Should I put them in ignore list?

 

Nice writting with you

 

Dear lfra63

 

After investigation, we have assured that it's a false positive. Sorry for the trouble we have caused to you.

 

We will solve this issue in our later update definition 1049.

 

Thanks for your support.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...