Tech Problem Aggregator

Solved: Avast Free edition-- False positives today 12/2/09

Q: Solved: Avast Free edition-- False positives today 12/2/09

Byteman said:


This is the result of a bad database update from Avast.....this happens to one or the other of the antivirus companies at least once a year! No joke.....

See here> http://www.dslreports.com/forum/r23428578-False-positive-in-Avast-or-is-it-real~start=220

http://forum.avast.com/index.php?topic=51609.0 <<< post about it at Avast user forums, it is operating a bit slow right now due to so many people accessing the site.

If you notice other threads at TechGuy or at any of your favorite sites, you could point them to that page.

You should turn off the Standard Shield in Avast for now, in order to have a usable computer.... depending on how your Avast settings are, you may have files going to the Virus Chest or being deleted....or ignored.

To turn off Standard Shield which unfortunately, leaves you without some protection.... right click the "A" Avast icon and select "On-Access Protection Control" and, in the list of shields on the left, go to Standard Shield and hit the Terminate button..... You will have to re-enable this Shield, when the problem has been fixed. Usually, they issue a new Update which fixes Avast's program, but of course you have to deal with any files that may have been Deleted or Moved to the Chest, etc

Click to expand...

A: Solved: Avast Free edition-- False positives today 12/2/09

15 more replies
Answer Match 126%

This is the result of a bad database update from Avast.....this happens to one or the other of the antivirus companies at least once a year! No joke.....

See here> http://www.dslreports.com/forum/r23428578-False-positive-in-Avast-or-is-it-real~start=220

http://forum.avast.com/index.php?topic=51609.0 <<< post about it at Avast user forums, it is operating a bit slow right now due to so many people accessing the site.

If you notice other threads at TechGuy or at any of your favorite sites, you could point them to that page.

You should turn off the Standard Shield in Avast for now, in order to have a usable computer.... depending on how your Avast settings are, you may have files going to the Virus Chest or being deleted....or ignored.

To turn off Standard Shield which unfortunately, leaves you without some protection.... right click the "A" Avast icon and select "On-Access Protection Control" and, in the list of shields on the left, go to Standard Shield and hit the Terminate button..... You will have to re-enable this Shield, when the problem has been fixed. Usually, they issue a new Update which fixes Avast's program, but of course you have to deal with any files that may have been Deleted or Moved to the Chest, etc
 

A:Avast Free edition-- False positives today 12/2/09

Thanks for the tip!

I didn't have any problems myself and didn't notice anything with the posters I was helping.

This will bump it up just in case.
 

2 more replies
Answer Match 100.38%

Hi,

I did post this in the Avast forum as well.

First, I keep a very clean system running multiple AV/AS protections, use a hard & soft firewall & am very careful where I go online.

Tonight, Avast picked up the following just after SuperAntiSpyware came up clean.

Infection: A0012663.exe
Location: C:\SystemVolumeInformation\_restore{.........}\RP93
Virus: Win32:Malware-gen

Infection: Inchtour.exe
Location: C:\ProgramFiles\MicrosoftWorks\
Virus: Win32:Malware-gen

I have since scanned with Avast again & MBAM & came up clean. The infections are in the chest.

I did need to download some PDF & Word email attachments today from schools. I scanned the files & they came up clean. I also ran 3 different full scans after I downloaded the docs from one school & all was clean. I then downloaded docs from the 2nd school, which is a college, & ran some scans & came up clean. Not sure if I ran Avast at that time. I did run Avast a few hours later & that's when it picked up the infections.

Any thoughts?

Thanks!

A:Avast False Positives?

Anytime you suspect a file may be a false positive, get a second opinion. Go to Jotti's virusscan or VirusTotal. In the "File to upload & scan" box, browse to the location of the suspicious file(s) and submit (upload) it for scanning/analysis.If it is a false detection, then you should contact the anti-virus tech support and advise them as you already have done so they can investigate and make corrections. Once a file is received, a technician can examine it in more detail and provide a report letting you know the results. You should also contact and advise the program vendor that one of their files is being detected as a threat. In many cases they will work with the anti-virus techs in an attempt to resolve the detection.The detected _restore{GUID}\RP***\A00*****.xxx file(s) identified by your scan are in the System Volume Information Folder (SVI) which is a part of System Restore. The *** after RP represents a sequential number automatically assigned by the operating system. The ***** after A00 represents a sequential number where the original file was backed up and renamed except for its extension. To learn more about this, refer to:Restore Point ForensicsForensic Analysis of System Restore Points in Microsoft Windows XPSystem Restore is the feature that protects your computer by monitoring a core set of system and application files and by creating backups (snapshots saved as restore points) of vital system configurations and files before change... Read more

18 more replies
Answer Match 100.38%

I downloaded an update to the latest version of the Portable Apps version Libre Office. On attempting to install the program (as far as I can tell it is a complete replacement of the earlier version) my Avast virus scanner alerted on two .dll files included in the update. The flagged files were smplmaillo.dll and wpftcalclo.dll. In both cases, the virus was identified as Win32:Evo-gen[Susp].

I had similar problems with another program downloaded from the same site (don't remember now what it was), and I believe the identified virus was the same as the current detections. At that time, Avast also gave me trouble by declaring the mirror site as dangerous, which I just don't believe is the case. At that time, none of the other maleware scanner tools that I use (MalewareBytes, AdwCleaner) found any indication of a problem, and even a dedicated scan of the "infected" file with Avast turned up clean. So I just forced Avast to restore the file and went on my merry way, with no resulting problems, as far as I can tell

I would like to believe that these were false positive detections. I have obtained quite a lot of very good software from the Portable Apps site, and have been very happy with all of it.

So, I guess my question is whether anyone else has been having similar problems, either with false positives from Avast, or real problems with software that they have obtained from the Portable Apps site?
 

A:False positives from Avast ?

6 more replies
Answer Match 99.54%

Hello
 
Today I ran a Boot-time scan with Avast.  I received multiple hits for Trojans, Malware and Dropper-gen.  The problem is that 5 out of 6 of these are trusted programs.  Wsop.com is a NJ online poker site and the other I believe is ZoneAlarm Firewall.  I did not want to delete them until I could get some professional advice.  So far I have them sitting in Avast's Virus Chest.  Thanks for your help.
These are the files that are in my Virus Chest:
 
Name-PresentationFontCache.ni.exe   LoacationC:\Windows\Assembly\NativeImages\_v2.0.50727_32\PresentationFontCac#\4ce7fd62d4107fbe996ab305eb21ee6a
Virus-Win32:Malware-gen
 
Name-WSOP.com_NJ.exe
Location-C:\ProgramFiles\NJ.WSOP.com\bin
Virus-WIN32:Dropper-gen[Drp]
 
Name-WSOP.com_NJ.exe
Location-C:\ProgramFiles\NJ.WSOP.com\bin
Virus-FileRepMalware
 

Name-WSOP.com_NJ.exe
Location-C:\ProgramFiles\NJ.WSOP.com\bin
Virus-FileRepMalware
 
Name-Zafwsetup_120_121_000.exe
Location-C:\Documentand Settings\Mom\My document\Downloads

Virus-Win32:Trojan-gen
 
Name-GLH059.TMP
Location-C:Program files\NJ.WSOP.com\bin
Virus-Virus-WIN32:Dropper-gen[Drp]
 

A:Could these Avast reports be false positives?

Hello and Welcome on board ,my Name is Machiavelli and I will assist you with your problem.If you booted into safe mode on your computer then print my instructions!I'm in the 'Malware Staff Team' and will provide you with advice:To remove Malware on a computer can be very complicated. Malware (malicious software) is able to hide and so I may not be able to find it so easily. In order to remove Malware from you Computer, you need to follow my instructions carefully. Don't be worried if you don't know what to do. just ask me! Please stay in contact with me until the problem is fixed.Below are a few tips:Removing Malware is usually very difficult.We need to search and analyse a lot of files. As this is done in our free time, please be patient especially if I don't answer every day!Please follow these instructionsIf you don't follow the instructions your computer may crash. If you fix your PC by yourself, this can be very risky!Please stay in contact with me until your problem is resolvedAs Malware may not be totally removed in one session or in one day, please stay in contact with me until the problem is resolved.Please don't run any other tools without consulting with me as this can complicate finding and removing all MalwareDon't run any tools while I'm fixing your PC. That is counter productive and again, will only complicate finding and removing all Malware!Read my post completelyIf you don't do so, you may make mistakes that could result in your System crashing by your own ... Read more

6 more replies
Answer Match 98.28%

Hello and thanks in advance for any advice.

I am using WinXP SP3.

I had the latest version of Avast! Home and was running Online Armor firewall from Tall Emu.

As everyone knows by now, Avast released a bad program update that labeled everything with a False Positive. Many systems were killed - especially when people had automatic responses to virus alerts set.

I set it to ask me about each occurrence. First thing to pop us as a FP for me were two dll files from my Online Armor. I quarantined them. Then lots of other things started popping up (Spybot stuff, Acrobat, etc). It made my computer unusable because of all the popups. I went to a second computer and searched around until I figured out what was happening. I unquarantined the files and disabled Avast! But things were still slow. Everything was creeping and if the monitor shut down in power save I couldn't wake it. Also, Firefox and IE wouldn't run for more than a few minutes without crashing.

I uninstalled Avast. No change.

I uninstalled Online Armor. No change.

I downloaded a 'clean uninstall' program from the Avast website which is run in safe mode and is supposed to get rid of any bits of the software that do not uninstall with add/remove.

I ran Malwarebytes and Spybot. They found nothing.

I decided to reinstall graphics drivers on a whim - sure enough, my computer sped up to what seems to be normal speed and I no longer have the issue of the monitor not waking up.

I reinstalled FF... Read more

A:Avast! false positives killed my Firefox

Maybe you could try uninstalling Firefox and installing it again? If a vital component has been removed that could replace it.

16 more replies
Answer Match 91.56%

First, thanks for all the good work you guys are doing.
 
Sept4 early morning, I was browsing through a Tumblr account, clicked a pic and was redirected to a tab which I couldn't close. Back button on my browser wouldn't work either. Had to Ctrl+alt+del to close my browser.
 
I ran a scan with AVG immediately after and got the ff. results:
 

Infected;"Medium";"IRP hook, \Driver\Disk IRP_MJ_SHUTDOWN -> CLASSPNP.SYS ClassIoComplete+0xEF";"C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS";"Cannot be cleaned"

Infected;"Medium";"IRP hook, \Driver\PCIIde IRP_MJ_INTERNAL_DEVICE_CONTROL -> PCIIDEX.SYS PciIdeXDebugPrint+0x2E38";"C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS";"Cannot be cleaned"

Infected;"Medium";"IRP hook, \Driver\hidusb IRP_MJ_CREATE -> HIDCLASS.SYS +0x1902";"C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS";"Cannot be cleaned"

Infected;"Medium";"IRP hook, \Driver\Disk IRP_MJ_INTERNAL_DEVICE_CONTROL -> CLASSPNP.SYS ClassInternalIoControl";"C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS";"Cannot be cleaned"

Infected;"Medium";"IRP hook, \Driver\hidusb IRP_MJ_INTERNAL_DEVICE_CONTROL -> HIDCLASS.SYS +0x1902";"C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS";"Cannot be cleaned"

Infected;"Medium";"IRP hook, \Driver\hidusb IRP_MJ_READ -> HIDCLASS.SYS +0x1902";"C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS";"Cannot be cleaned"

Infected;"Medium";"IRP hook, \Driver\PCIIde IRP_MJ_SYSTEM_CONTROL -> PCIIDEX.SYS PciIdeXDebugPrint+0x2DB4";... Read more

A:IRP Hooks detected by AVG Free - false positives, or real problems?

Hi there,my name is Marius and I will assist you with your malware related problems.Before we move on, please read the following points carefully. First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding. Perform everything in the correct order. Sometimes one step requires the previous one. If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem. Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me. Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts. If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed. Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean. My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.    Scan with aswMBRPlease download aswMBR ( 4.5MB ) to your desktop.Double click the aswMBR.exe icon, and click Run.There will be a short delay before the next dialog box comes up. Please just wait a minute or two.When asked if you'd like to "download the latest Avast! virus d... Read more

21 more replies
Answer Match 90.3%

Hi, first time poster. Hope I'm following all protocols. Firstly, thanks for existing. A bit of an odd one here. In Windows XP home was running internet explorer, iTunes, Outlook, Windows Media Player and latter was showing a DVD. Shut this down and not sure if coincidental or if this caused it, but computer did hard boot. So screen blank, went into start up. When everything came back, I got to my normal log in window so thought all fine. thought it odd though that the computer didn't seem to be warning of incorrect shutdown. A window came up saying that I didn't have the administration rights to make changes in the ATI Catalyst panel (this is linked to my image drivers or something I think). So I pressed OK. Then realised that I couldn't press my start button. I could right click on desktop and bring up those menus, but every time the cursor went into the task bar area just showed the eggtimer. So tried to shut down and start again by using ctrl-alt-del. When shutting down though, it said it couldn't stop the following processes, which then needed to be shut down manually: Elbytray window ; Ad-aware tray application ; Explorer.exe. Then once that done it never shut down anyway, so had to do forced shut down. Booting up again, same thing happened. Sooooo. I booted into safe mode and did a system restore to a couple of days before. Restarted and this time the log in time was longer. When I got to my desktop, I could see my desktop image, but no icons, no task bar at all, no st... Read more

A:Problems after crash incl disappearing task bar, unable to press start button, coinciding w/ false positives in avast in last 2...

hey, just in case anyone was looking at this, wanted to update. decided to do the virus udpate from a standalone exe in safe mode in any case to see what happened. this stopped all the false positives, so was able to run full scan. then ran adaware in safe which found a couple of things. now seems to be fine, so fingers crossed. thanks for anyone who was going to get around to this in any case. great you guys are there.

2 more replies
Answer Match 82.74%

routine a/v scan last Sat turned up 2 "viruses/trojans" according to avira, & it disabled them then deleted them & the files turned out to be files for PowerDVD & Dell Media Experience. So, had to reinstall both of those & log the files into avira as not dangerous etc. Just now, running MBAM scan & avira popped up again saying have several .dll files in system vol that are malware/trojan, same as the prev scan, so am thinking another false pos. Can someone take a look at the avguard log & give me some advice?? Thx
 

A:Solved: Avira false positives

switched back 2 avast. 2 many fp's...
 

1 more replies
Answer Match 81.9%

Specs: Windows Server 2003 R2 and Windows XP Pro, single domain
I work in the IT department of a casino, and Federal regulations require me to analyze each week reports of failed Windows logins. Each week, I see a very bizarre pattern. Several domain PCs show failed login attempts from local accounts on PCs not joined to the domain. It may be targeted at any machine, but it always comes from a local account on a non-domain PC. When I see blocks of these failures, they may be targeted at different machines as little as 5 seconds apart.

The non-domain PCs sometimes show failed attempts from domain accounts. These accounts are from users all over active directory and the source can be any machine.

I am sure that these audit failures are not what they appear. Some of the users it reports lack the skills to log into a PC remotely. Do you know of anything that might throw false positives, like DameWare or GFI EventsManager?
Event IDs: 529 and 534
Login Type: Network
Description: LF: Bad user name/password. Or -- LF: Logon Type Rejected
 

A:Solved: Failed Logins - False Positives?

6 more replies
Answer Match 79.38%

This happened a few weeks ago on my Sony-Vaio laptop. Norton Internet Security 2007 updated itself as usual and a few minutes later, it identified the following files as hacktools.

c:\program files\intervideo\dvd8\gpiproxy.dll
c:\program files\intervideo\common\bin\gpiproxy.dll

They are obviously dll files belonging to the program Intervideo WinDVD. This is a new laptop (May 2008), and I have not played ANYTHING downloaded from the web - because I never download video material. I have read about dubious files which may be riddled with malware and, of course, legal (copyright) issues. I have only played standard movie DVDs on it - which I have also played on my other desktop computer and on another DVD player without problems. The story is not yet over. Convinced that these were false positives, I used the Symantec chatting service - and the guy told me that they ARE hacktools. I do not agree with him and think he was trying to hide the fact that the software he works for made a mess. I also had my HJT log checked out. Clean. Anyway, these files are still in the quarantine folder. Am I right in that they are harmless? Can I restore them? Intervideo doesn't work without them. And: if they are harmless, how do I prevent NIS from nagging at them again? Thanks a lot in advance for your time.
 

A:Solved: NIS 2007 identifies hacktools in Intervideo folder: false positives?

7 more replies
Answer Match 78.12%

Paragon Backup and Recovery Compact Edition Features:
Complete set of features for entire disk imaging and file Backup.
Backup to any destination: including local mounted/un-mounted partitions, external storage locations, CD/DVD/Blu-ray discs, network shares, FTP as well as a secured hidden partition on your local drive (Paragon Backup Capsule).
Smart Backup options for headache-free security: So you can backup exactly what you need and with the best backup method, chosen automatically depending on the data to protect.
Professional Recovery tools.
Useful extras: boot corrector, simple partitioning and more.
Create bootable USB Flash drive, CD or DVD to recover your PC on demand.
Partitioning tools.

More information and free download: Giveaway of the Day

As usual with Giweaway Of The Day, this offer is valid until midnight today March 17th 2010 (PDT), 3AM tomorrow (EDT), 7AM tomorrow (UTC) or 5PM tomorrow (AEDT).

Kari

A:Free today: Paragon Backup and Recovery Compact Edition

Great software for free today.

Features list here:

br_comp-vs-br_suite
Download Paragon Backup and Recovery Compact Edition 32 bit now

Download Paragon Backup and Recovery Compact Edition 64 bit now

Free Registration Link

9 more replies
Answer Match 78.12%

September 14, 2009 - Just today

Easeus Partition Master Professional Edition is comprehensive hard disk partition management tool and system partition optimization software, Professional Edition can let you enjoy all the powerful basic and advanced partition functions.

It is especially for business users who run Windows XP or Vista 64 bit and want to optimize the disk usage and better manage disk space. More advanced than Home Edition, it can help you create bootable CD/DVD in case of system boot failure.

Key features:

-Extend system partition to maximize computer performance.
-Copy wizard to backup all data or copy entire hard disk to another without Windows reinstallation.
-Basic partition features for better managing hard disk and maximizing computer performance.
-Advanced partition features to maximize computer performance and minimize computer downtime.
-Usability features allow you to operate directly on the disk map with the drag-and-drop and preview the changes.

A:EASEUS Partition Master Professional Edition - Free Today

12 HOURS LEFT .

EaseusPMPro.zip

Works on 7 32 and 64 bit. Does not include partition undelete feature - they do a separate partition table doctor program.

Will copy partition into smaller target ( must be larger than the used space on source, obviously).

Disk Management and The Reference Paragon PM Pro accept the changes made by Easeus.

Tested this out briefly - and have used their earlier versions - so far found them to be completely reliable.

1 more replies
Answer Match 76.86%

which one should i go for?
 

A:AVG (free edition) or AVAST (free edition)

Both are good freeware programs and you're probably end up hearing a 50/50 response from all that post. AVG seems to be slightly more popular though.
 

1 more replies
Answer Match 76.86%

Whats the difference between avast home edition and avast free anti virus besides the color of the little circle globe
 

A:Avast Free and Home Edition

8 more replies
Answer Match 76.86%

right i a have been using avast for a year now and see in the options on the last page it says enable/disable rootkit scanner on start ....is the rootkit scanner got anything to do with that memory thing when you start avast lol coz i aint got a clue and thats the only thing i can think of
i downloaded a program sophos rootkit today is that any good or if there is one on avast is it suitable
thanks

A:is there a rootkit on avast free edition

Features overviewAnti-spyware built-in Web ShieldAnti-rootkit built-in Automatic updatesStrong self-protection Virus ChestAntivirus kernel System integrationSimple User Interface Integrated Virus CleanerResident protection Support for 64-bit WindowsP2P and IM Shields InternationalizationNetwork Shield

1 more replies
Answer Match 76.02%

My previous avast was expiring, so I installed the newer version 6.0.1000 free Home Edition.

One minor issue :

How do I disable the " voice " announcement that avast has been updated ?
I did that in the old version, but I have trouble in this new version.
What I did was to right click at the avast icon at system tray > click Silent/gaming mode.
Trouble is, even if it works, it does not stay this way on next reboot.
I'd like to disable the " voice " permanently.

Thank you.

A:avast 6.0.1000 free home edition

Right-click the icon in the notification area and click on Open avast! user interface. Next, click on SETTINGS and then Sounds. Click on Enable avast! sounds to remove the tick to disable the sounds and then click OK and then close the interface dialogue. To reenable the sounds, repeat, but thius time make sure that the option has a tick.

If you have used a password to prevent unauthorised access to the interface, provide the required password when prompted.

4 more replies
Answer Match 76.02%

This is my first real post so please go easy on me..........Ive had the same problem with avg 8.5 where after several tries it will not update (windows xp) so i was thinking of downloading Avast home edition free, would i need to go to "Add and remove programmes " and remove avg from there before downloading Avast home edition........Phew....Thanks

A:Installing Avast home edition free

Hi novice21 welcome to Bleeping Computer, You should remove the AVG first running two will cause them to slow your system down, here is a tutorial on how to install Avast to help you get the best use out of it.http://www.bleepingcomputer.com/tutorials/how-to-use-avast-antivirus/

1 more replies
Answer Match 76.02%

this one keeps coming back even after moving to The Chest

C:\Windows\System32\gaopdxnojfjbxwewqqpcpxifocmrymxnfixeqv.dll

can't find it with a google search

any suggestions please
 

More replies
Answer Match 73.92%

I just pulled out and old computer & installed Avira Antivirus. It has popped up a couple of warnings in regards to TR/spy.43391 & TR/Agent.duu. I was previously running NOD32 on the system without any notifications. I haven't had any performance issues, or pop-ups. I looked at the HJT log myself, and didn't see anything, but I am not overly experienced with malware/trojans. I thought I would pass it by expert eyes to see if I have anything about which to be concerned. Your input is appreciated.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:04:28 PM, on 7/20/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16674)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Programs\Avira\AntiVir PersonalEdition Classic\sched.exeC:\Programs\Avira\AntiVir PersonalEdition Classic\avguard.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\nvsvc32.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\Programs\PerfectDisk\PDSched.exeC:\WINDOWS�... Read more

A:Are These False Positives?

Hello jyxavier,Welcome to Bleeping Computer I don't see anything dire there, but let's do a couple of things to be sure. Your Java is way out of date, which leaves your computer vulnerable.Updating JavaDownload the latest version of Java Runtime Environment (JRE) 6_U7.Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".Click the "Download" button to the right.Check the box that says: "Accept License Agreement".The page will refresh.Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.Close any programs you may have running - especially your web browser.Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.Check any item with Java Runtime Environment (JRE or J2SE) in the name.Click the Remove or Change/Remove button.Repeat as many times as necessary to remove each Java versions.Reboot your computer once all Java components are removed.Then from your desktop double-click on jre-6-windows-i586.exe to install the newest version.Please download Malwarebytes' Anti-Malware from one of these places:http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.htmlhttp://www.besttechie.net/tools/mbam-setup.exeDouble Click mbam-setup.exe to install the application. * Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Fi... Read more

6 more replies
Answer Match 73.92%

Here are five line items out of recent MBAM logs and one line item from an SAS log. I shut down system restore just prior to running all of these except the scan that found Trojan.Banker. After creating a new restore point the "Trojan.Banker" was found, but i don't know if a new restore point had anything to do with it. I am stumped because I have been surfing with Mozilla in Sandboxie, thus I don't see how I could have been infected. Please help me to figure out if they are false positives. ***Note: 123zap.exe is what I named combofix when I ran it about 10 days ago.Files Infected:C:\RECYCLER\S-1-5-21-1214440339-1085031214-1801674531-1003\Dc261.exe (Trojan.Banker) -> Quarantined and deleted successfully.C:\System Volume Information\_restore{9F625216-922B-4B93-96D3-BF83D7CA5179}\RP2\A0000077.exe (Trojan.Banker) -> Quarantined and deleted successfully.C:\123zap191491\PV.cfxxe (Trojan.Agent) -> Quarantined and deleted successfully.C:\123zap191491\pv.com (Trojan.Agent) -> Quarantined and deleted successfully.C:\123zap191491\Combo-Fix.sys (Malware.Trace) -> Quarantined and deleted successfully[/b]The following is one that SAS found:Trojan.Agent/Gen-Zbot C:\RECYCLER\S-1-5-21-1214440339-1085031214-1801674531-1003\DC239\BIN\DWTF.EXE

A:Please Tell Me if These are False Positives

Is this your thread at MBAM's forum under the name Diocletian?ComboFix.sys is a dummy file written by GMER; incapable of doing anything malicious.reply by sUBs' in Post #6Note that PV.cfxxe and pv.com are in the same folder.Combofix is not malware. However, certain embedded files that are part of legitimate programs or specialized fix tools such as Combofix may at times be detected by some anti-virus and anti-malware scanners as a "Risk Tool", "Hacking Tool", "Potentially Unwanted Program", or even "Malware" (virus/trojan) when that is not the case. This occurs for a variety of reasons to include the tool's compiler, the files it uses, registry fixes, malware strings it contains and the type of security engine that was used during the scan.Such programs have legitimate uses in contexts where a Malware Removal Expert asked you to use the tool or when an authorized user/administrator has knowingly installed it. When flagged by an anti-virus or security scanner, it's because the program includes features, behavior or files that appear suspicious or which can potentially be used for malicious purposes. These detections do not necessarily mean the file is malware or a bad program. It means it has the potential for being misused by others or that it was simply detected as suspicious due to the security program's heuristic analysis engine which provides the ability to detect possible new variants of malware. Anti-virus scan... Read more

7 more replies
Answer Match 73.92%

Operating system: Windows XP Home SP2
Security programs, besides those listed in my sig., MalwareBytes, NoScript extension for Firefox.

Having learned that MalwareBytes is intended for general security use and not as a specialized fix tool, I installed the program, updated, and ran a complete scan to see what it might find.

It flagged two files and nothing else:

C:\WINDOWS\SYSTEM32\lsprst7.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\SYSTEM32\ssprs.dll (Trojan.Agent) -> No action taken.

I navigated to the files in question and scanned them on VirusTotal. No programs there flagged them.

I also checked properties. Both files are identified as Application Extensions. Modification date for both files is July 16, 2006 1:52 p.m. Under each file in the list is a .tgz file with the same letters before: lsprt7.tgz and ssprs.tgz These files were NOT flagged and have the same modification date and time. These files are associated with AlZip, my file compression program. My suspicion is that the .dll files in question are also associated with the AlZip program though nothing in properties indicates that.

Note: No other programs I have tried as yet have flagged these two files.

My suspicion is that these are false positives. Any other steps I should take?

Orange Blossom

A:False Positives?

under more tools you could email them to tim with a link to your post

when the program was first released there was another false positive I investigate that the well know super video conversion program put into your system files, google showed some very advanced malware experts removing it from peoples computers

MBAM always gives you the option to restore

some other methods don't

reinstalling the programs fixes it tho

5 more replies
Answer Match 73.92%

i have used the following internet secuirty suites for finding viruses,malware,adware and all that stuff.
(bitdefender,kaspersky,eset,norton,2013)
after some scans that i 've made i realised that for example if i have a virus and put it into my computer some of the antivirus take it as a virus and delete it and others say that the file is clean.
i'm confused here cause i cant know for sure which one of them says the truth and which reads false positives.
is there a possible way to find for sure if a file is dangerous?
some programs or good internet pages for testing files?
i'm expecting your precious help.
thanks a lot......

A:false positives

Submit your samples to https://www.virustotal.com/en/ and http://virusscan.jotti.org/en  they both use multiple scanning engines.

1 more replies
Answer Match 73.92%

We are running ATA 1.7, and are seeing a few Pass-the-Ticket alerts that all come from our internal VPN subnet (which does not group machines behind NAT, but where IP assignments are recycled frequently).  
The circumstance seems very similar to this earlier discussion, where false-positive PtT alerts were caused by short-term leases: https://social.technet.microsoft.com/Forums/security/en-US/df3a2c7e-131d-49a5-9912-8a00675eaa81/
So my questions:

Are there any known issues in 1.7 with Pass-the-Ticket false positives, possibly involving short term leases?If short-term leases are still a problem, what is the work-around now that "Short term lease subnets" setting has been removed configuration?

More replies
Answer Match 73.92%

I have a VMWare environment (WinXP client) where I "test" suspicious programs. I've used XPLite to strip it down to basics and so it does not have DirectX, or sound adapter, USB or anything similar, just a NIC and a virtual HDD.Aside from Windows, I have Chrome, FireFox, Safari Browsers, VirusTotal Uploader, CCleaner, Auto-It (old legacy version), Sandboxie, Spybot S&D, Malwarebytes Anti-Malware, Avira (free) AV, JRE & UTorrent installed, along with some older database products.I periodically update & scan with ComboFix the other Anti-Malware stuff just to be sure of the clean nature of the environment. Despite all the other scanners coming up clean, Combofix is reporting (at or after Stage 50) that dsound.dll in C:\Windows\System32\ is infected and is attempting to restore it.I have tried completely uninstalling Combofix and re-running a newly installed copy in case it was caching old data but the same issue remains.It is also telling me that two other DirectX sound related dll files files (d3d8.dll & d3d9.dll) are missing (which is what I expect).The dsound.dll file definately does not exist (not even hidden or archived off somewhere). I believe that Combofix may be mis-flagging the absence of dsound.dll as an infection of the the file blocking access to it. Can somone please confirm if this may be the case.Thank you,Dave.

A:False Positives

Just scanned with DrWeb CureIT & SUPERAntispyware for completeness. Both say clean (except for tracking cookies).

1 more replies
Answer Match 73.92%

I love what combofix does along with some of the other programs used to remove malware. I don't know where else to post this, but here are some items that wrongly get removed by combofix during it's cleaning process:startup.exeThis is a great little utility that gives you control over what starts automatically on your computer.It can be found here: http://www.mlin.net/StartupCPL.shtmldisktective.exeThis is an excellent utility that show you via pie charts where your disk space is used. It can be found here: http://www.disktective.com/ipscan.exeThis is a nice ip scanner for scanning subnets for active computers.It can be found here: http://www.radmin.com/download/install.batThis is the installer for xxcopy.exeIt can be found here: http://www.xxcopy.comoffbyone.exeThis is a very lightweight web browserIt can be found here: http://offbyone.com/offbyone/suspend.exeThis is a process suspenderIt can be found here: http://technet.microsoft.com/en-us/sysinte...s/bb897540.aspxThese are all part of a utilities package I load on all the computers I work on and are placed in the c:\windows\system32 directory.Additionally, I just ran rkill.exe on my computer and it wrongly killed two processes:C:\Program Files\No-IP\DUC20.exe (this is no-ip.com's dynamic dns updater)C:\Program Files\VMware\VMware Server\tomcat\bin\Tomcat6.exe (this is the web server for VMWare server 2.0)Please let me know if I have posted this in the wrong place.T... Read more

A:False positives

Hi,

could you please provide a log from ComboFix where those files were deleted? Would it also be possible to get a sample of the package of files you unload on the PCs?

regards myrti

4 more replies
Answer Match 73.92%

Running Win 7/64 Pro SP1 with AVG 2012 Free & IE9.Don't know what the name of the scam is but usually comes from an email with a message heading such as "2 incredible photos"We ran Malwarebytes first which picked up nothing - we then ran Combofix.Behaviour was absolutely normal initially reporting the 5 files below as infected, however in the log report it did not identify them as deleted.fxsst.dllslwga.dll*systemcpl.dll*termsrv.dllsrrstr.dllWe ran Combofix again with the same result.We sent a couple of files to Virus Total (those identified with an * above)- reported as clean by all 43 entities.False Positines?As a precaution we have replaced the 5 files from another Win 7 PC. Renaming the original files for the time being. Attaching the following - zipped - dds.log, attach.log. combofix.log, & the five files referred to above but with extensions renamed as *.dllold - I have not sent the gmer log but have it if required.For some reason the system is restricting me to zipped file size of 236 bytes. Following restriction "Used 511.77K of your 512K global upload quota (Max. single file size: 236bytes) "???dds log.DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421Run by user at 13:36:07 on 2012-02-21Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.4013.2434 [GMT 0:00].AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E... Read more

A:False Positives??

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.===Your logs are clean.In the C:\Users\user\AppData\Local\ folderYou will find may sub folders with this format {CLSID NO.} IN BOLD.Some examples.C:\Users\user\AppData\Local\{7325043E-B036-48B6-8952-E4B1BBBAB4A7}C:\Users\user\AppData\Local\{17375563-308B-46D3-A00F-8928DF15B05B}C:\Users\user\AppData\Local\{36FAC30D-C338-4703-9A84-816FE5F4B5E7}C:\Users\user\AppData\Local\{4075A940-FC31-414E-9197-9CD0DFBEB6C7}C:\Users\user\AppData\Local\{EA76A89B-27FC-497D-8C67-6A0A207C22F8}You can delete them all. (DO NOT DELETE THE C:\Users\user\AppData\Local\ FOLDER.These are created randomly and we do not know why.Read about it.http://www.sevenforums.com/general-discussion/139873-appdata-local-folders-random-characters.htmlI know I clean them every week.===Third party programs if not up to date can be an open door for an infectionPlease run this security check for my review.Download Security Check by screen317 from here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the co... Read more

4 more replies
Answer Match 73.92%

Hi guys,

Would like to know if anyone here has dealt with drweb when it comes to false positives. I have been submitting one of our application to them countless times and still unable to get it white listed. I wouldn't worry this much if this application is detected by other virus guards, but it is not and only drweb flags it malicious
 

A:Dr web and false positives

have you tried the submission form here
https://vms.drweb.com/sendvirus/?lng=en
I have always found them very helpful at removing FP
 

2 more replies
Answer Match 73.92%

Anyone seen any false positives with the latest AVG update?
I sure have!

I have a driver library on my system that I use all the time, and on cd.
AVG detected the HP Deskjet 3820 printer drivers as infected.
That file has not changed in well over two years. Its the same driver in the library.
It nailed Smitfraud fix as a virus too

Anyone else having false positives?

A:Avg False Positives

I haven't seen any yet. I have 6 computers at home using it and many people I know are using it. But thanks I will keep an eye out.

3 more replies
Answer Match 73.92%

Malwarebytes Detected these on my annual scan so I was wondering if they are false positives or real.
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 1/5/2015
Scan Time: 11:39:13 PM
Logfile: 
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2015.01.06.01
Rootkit Database: v2014.12.30.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: monko_000
 
Scan Type: Custom Scan
Result: Completed
Objects Scanned: 837642
Time Elapsed: 1 hr, 28 min, 19 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 2
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CHROME.EXE, Quarantined, [778a462316663303cac238f5f410a858], 
Security.Hijack, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CHROME.EXE, Quarantined, [df22f376afcd3402eca072bb8d778779], 
 
Registry Values: 2
Security.Hijack, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\CHROME.EXE|Debugger, "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe", Quarantined, [778a462316663303cac238f5f410a858]
Security.Hijack, HKLM\SO... Read more

A:Are these serious or false positives?

Uninstall AVG PC TuneUp. If you have a problem uninstalling use the Free Revo Uninstaller. Run it in Advanced mode.
Download Revo Uninstaller Freeware - Free and Full Download - Uninstall software, remove programs, solve uninstall problems
 
 
Use CCleaner to remove Temporary files, program caches, cookies, logs, etc. Use the Default settings. No need to use the
Registry Cleaning Tool...risky. Pay close attention while installing and UNcheck offers of toolbars....especially Google.
After install, open CCleaner and run by clicking on the Run Cleaner button in the bottom right corner.
CCleaner - PC Optimization and Cleaning - Free Download
 
Hold down Control and click on this link to open ESET OnlineScan in a new window. (Eset can take more than an hour to run so plan accordingly)
Click the button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
Double click on the icon on your desktop.
Check "YES, I accept the Terms of Use."
Click the Start button.
Accept any security warnings from your browser.
Under scan settings, check "Scan Archives" and "Remove found threats"
Click Advanced settings and select the following:
Scan potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth technology
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be... Read more

2 more replies
Answer Match 73.92%

HiI downloaded Smitfraudfix.exe and now my AV is picking it up as a Virus, namely Trojan Horse Constructor.BRV. Is this a "False Positive" or should it be taken more seriously??Kind RegardsLogfile of Trend Micro HijackThis v2.0.2Scan saved at 13:19:41, on 15/05/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16640)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\ZONELABS\vsmon.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\PROGRA~1\Grisoft\AVG7\avgamsvr.exeC:\PROGRA~1\Grisoft\AVG7\avgupsvc.exeC:\Acer\Empowering Technology\admServ.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\WINDOWS\system32\svchost.exeC:\Acer\Empowering Technology\eDataSecurity\eDSloader.exeC:\WINDOWS\system32\rundll32.exeC:\Acer\Empowerin... Read more

A:False Positives

Hello LaurenCP and welcome to BleepingComputer,

Some components of SmitfraudFix can be detected as malware by some AV.
Nothing to worry about, although detection can lead to damaging or deleting the SmitfraudFix installer !!

Any reason why you would consider running SmitfraudFix though ?

Greetings,
Thunder

6 more replies
Answer Match 73.92%

Hi everyone, I recently installed AVG 8.0. After the scan completes it shows no infections, but does show 216 in "warnings count". All of my other scans show clear, so I'm assuming this is a false positive? I think I read on this board awhile back that some anti virus scanners can actually read another programs virus database if it's not encrypted, but I'm not sure. I just thought I'd get a second opinion. I'm using Vista home professional. I've included the partial text file of the scan. Thanks for any help.

SWAS
"Scan ""Scan whole computer"" was finished."
"Infections found:";"0"
"Infected objects removed or healed";"0"
"Not removed or healed.";"0"
"Spyware found:";"0"
"Spyware removed:";"0"
"Not removed:";"0"
"Warnings count:";"216"
"Information count:";"0"
"Scan started:";"Friday, May 09, 2008, 12:54:36 PM"
"Total object scanned:";"1570771"
"Time needed:";"2 hour(s) 20 minute(s) 41 second(s) "
"Errors encountered:";"0"

"Warnings"
"File";"Infection";"Result"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{00000001-C003-4A2F-9142-7CB1D78DE6C1}";"Found Adware.InternetOptimizer";"Potentiall... Read more

A:Avg 8.0 False Positives?

There's already been a lot of discussion about this - see here:http://www.bleepingcomputer.com/forums/t/143321/avg-8-and-spywareblaster-conflicts-are-occuring/I presume you have either Spywareblaster installed, or are using Spybot's immunisation protection? AVG say they will fix these false positives when they issue a service pack for AVG8 sometime in the next few weeks.

34 more replies
Answer Match 73.92%

Hello,
 
had an introduction to my post earlier, but had to edit it to replace emoticons, and managed to replace my intro.
 
Anyway, I ran a scan using Emsisoft anti-malware, which supposedly picked up 4 "threats." Looking these up online, I think they're quite safe, and removing them would possibly render my device unstable? For instance, bthudtask (the first "threat"), has to do with the bluetooth on my laptop I believe. 
 
 
Emsisoft Anti-Malware - Version 11.0.0.6054
Last update: 9/4/2016 4:32:20 PM
Initiated by: MSI\wel come
 
Scan settings:
 
Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files
 
Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off
 
Scan start: 9/4/2016 4:39:00 PM
C:\WINDOWS\SysWoW64\bthudtask.exe Gen:Variant.Strictor.58214 ( B)
C:\WINDOWS\SysWoW64\GamePanelExternalHook.dll Gen:Variant.Symmi.58329 ( B)
C:\WINDOWS\SysWoW64\pla.dll Gen:Variant.Graftor.7549 ( B)
C:\WINDOWS\SysWoW64\Windows.UI.CredDialogController.dll Gen:Variant.Graftor.12239 ( B)
 
Scanned 81767
Found 4
 
Scan end: 9/4/2016 4:45:46 PM
Scan time: 0:06:46

More replies
Answer Match 73.92%

Hello, my first post. Nice forum!

AVG is spoken about in the WEB as giving lots of false positives.
There are sites in the WEB that provide a scan service with about one dz of anti-virus programs, so one can take an educated decision concerning a suspicious file.

But, once AVG decides a file is malware it won't let one upload it!

Any way out of it?

Thanks for your help.

A:Avg False Positives

Welcome to BC JorgeO.555In case AVG Free detects some file on your PC as infected, this file was moved to AVG Virus Vault, and you are sure that this file is correct and clean, it is possible that the detected file is a false alarm. If so, we shall prepare the correction as soon as possible. Unfortunately, false alarms do appear from time to time in every Anti-Virus software.To solve the problem, please send us this file for analysis directly from the AVG Free program...AVG FAQ 1320: AVG detects infection on file that I suppose to be clean

1 more replies
Answer Match 73.92%

I am primarily worried about what I believe to be false positives that I have received from Tenebril Spycatcher Express and Advanced Spyware Remover 1.86. Both programs seemed cheap and as if they were not working. I have the paid version of Spyware Doctor 4, windows defender, spyware blaster, and avast antivirus installed and routinely run spybot s&d and ad aware SE. I am new to this hijackthis thing so I was just wondering if someone could tell me if anything in my log looks suspicious. Thanks in advance:


Logfile of HijackThis v1.99.1
Scan saved at 4:43:50 AM, on 5/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Dell\QuickSet\Quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program ... Read more

A:False Positives

Hello Goodguy12 and welcome to TSF,

Quote:




I am primarily worried about what I believe to be false positives that I have received from Tenebril Spycatcher Express and Advanced Spyware Remover 1.86




Can you give me a bit more detail? What is it finding?

Download Deckard's System Scanner (DSS) to your Desktop.

What DSS will do:create a new System Restore point in Windows XP and Vista.
clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
check some important areas of your system and produce a report for your analyst to review.
DSS automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.

Note: You must be logged onto an account with administrator privileges.Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt in your next reply.
Please attach extra.txt to your post.
To attach a file to a new post, simplyClick the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
copy and paste the following into the "Upload File from your Co... Read more

1 more replies
Answer Match 73.08%

Hello everyone!

I just got done running a Emsisoft Anti-Malware free on quick scan and it picked up a lot of stuff. Some stuff, I know about as being detected and listed as malware, but I have not had any problems with, in that area that I know of. There are others that have been detected that I am not sure about whether they are malware or are legit or have had high instances of being used by malware or is a false positive?

I am including the report from the scan I ran and also could someone please explain to me what the report says.
Emsisoft Anti-Malware - Version 5.0
Last update: 11/6/2010 9:44:57 PM

Scan settings:

Scan type: Quick Scan
Objects: Memory, Traces, Cookies
Scan archives: Off
Heuristics: Off
ADS Scan: On

Scan start: 11/6/2010 9:45:52 PM

c:\programdata\microsoft\windows\start menu\programs\The Weather Channel detected: Trace.Directory.Desktop Weather!A2
c:\program files\The Weather Channel FW detected: Trace.Directory.Desktop Weather!A2
c:\program files\search toolbar detected: Trace.Directory.HuntBar.Stoolbar!A2
c:\programdata\microsoft\windows\start menu\programs\imesh detected: Trace.Directory.IMesh!A2
c:\program files\iMesh Applications\iMesh detected: Trace.Directory.iMesh!A2
c:\program files\iMesh Applications\iMesh\HTML detected: Trace.Directory.iMesh!A2
c:\program files\iMesh Applicati... Read more

A:Not sure if I have malware or false positives?

Hello I am not sure of which you refer ,but all there are spyware and adware ,some in the form of tool bars and some the result of file sharing. I remove all those myself if I found them in my scans.Let's look at another log.Next run MBAM (MalwareBytes):Please download Malwarebytes Anti-Malware and save it to your desktop.Download Link 1Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.
For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner ta... Read more

7 more replies
Answer Match 73.08%

here's a screenshot of avg free scan.

and i've only been on the virgin cable for 1 week! Not sure but they seem to come back after deleting em.

Here's Zonealarm activity:


My hijack post:
Logfile of HijackThis v1.99.1
Scan saved at 12:55:11, on 27/11/2007
Platform: Windows XP SP2, v.2149 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2149)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Contour Shuttle\ShuttleEngine.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe... Read more

A:I got 4 trojans. R they False positives?

Hi, i know everyone is very busy sorting out other ppl's more serious issues, therefore...i was wondering, would it be safe to assume that if my zonealarm has never reported more than 4 high-rated inbound blocked attacks since i first installed it that i may have deleted those 4 trojans? It does now report 600 inbound attacks, but they are not high-rated. Is that normal? Does everyone get 50 inbound attacks everyday? Or should it read
"0" if i dont have a virus? Thanks again!

7 more replies
Answer Match 73.08%

This is becoming pretty annoying.

As of late WD is reporting a lot of apps I have laying around as some virus.

Anyone?

If WD keeps reporting false positives I may consider swapping my AV for another one, even if I hate AVAST, AVG and the such with passion.

A:Lots of false positives with WD lately

Originally Posted by eLPuSHeR


This is becoming pretty annoying.

As of late WD is reporting a lot of apps I have laying around as some virus.

Anyone?

If WD keeps reporting false positives I may consider swapping my AV for another one, even if I hate AVAST, AVG and the such with passion.



What Apps?

What Definition version are you on?

0 more replies
Answer Match 73.08%

just ran the latest adwcleaner and it found a bunch of folders in c:\programdata.  can not determine what they are and if they are safe to delete.  thanks
 
# AdwCleaner v5.008 - Logfile created 18/09/2015 at 07:14:16
# Updated 18/09/2015 by Xplode
# Database : 2015-09-17.3 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : xxxxx
# Running from : C:\Users\Guru\Desktop\adwcleaner_5.008.exe
# Option : Scan
# Support : http://toolslib.net/forum
***** [ Services ] *****
***** [ Folders ] *****
Folder Found : C:\ProgramData\{003FC4B1-B5E2-4EF0-A9B3-CCEB0DDC2E93}
Folder Found : C:\ProgramData\{0DEDF45C-1DEC-4670-AACA-9EC906125BFB}
Folder Found : C:\ProgramData\{34007C15-AD5B-4CB2-A047-04AB415A841A}
Folder Found : C:\ProgramData\{3C2CC1BA-EC03-48E5-A0EF-A0B455E1343F}
Folder Found : C:\ProgramData\{52D09854-2F4F-4842-8F87-5574CD6A7EE6}
Folder Found : C:\ProgramData\{54B6D04D-4477-4BDA-9A8C-DEB315E0282D}
Folder Found : C:\ProgramData\{7D1F40B1-FDA9-48B3-9A00-C43B98B6061B}
Folder Found : C:\ProgramData\{AA5C05EA-7FB9-4519-BBE2-03ADD8EF0E5D}
Folder Found : C:\ProgramData\{E314972B-E8D6-465D-AE74-6CC08535701F}
Folder Found : C:\ProgramData\{EC2F7042-ADE8-4F04-9A7E-2316AD6311E2}
Folder Found : C:\ProgramData\{ECC7C149-0591-48b1-A207-38A9B40B25C3}

A:adwcleaner false positives?

Hi onehurst Do you have a program called "Topaz Detail 2" installed on your system? Basically, do you have any "Topaz" programs installed?

14 more replies
Answer Match 73.08%

i am using windows xp and firefox browser. i have avira free antivirus and malwarebytes antimalware. noticed my browser was super slow, and earlier today avira informed me that it found 4 trojans.updated malwarebytes and did a scan, it did not detect anything. (it seems that the trojan is in the mbam.exe itself?!) next i scanned using avira, it detected the malware but was unable to remove them.any help appreciated, thanks!

A:avira gives false positives?

It looks like false positive to me.Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to Show hidden files, and folders, UN-check Hide protected operating system files.NOTE. Make sure to reverse the above changes, when done with this step.Upload following files to http://www.virustotal.com/ for security check:- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exeIMPORTANT! If the file is listed as already analyzed, click on Reanalyse file now button.Post scan results.

6 more replies
Answer Match 73.08%

So I ran AdwCleaner and it detected these two files:
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Even after getting rid of them, they always come back upon start up. The Windows Installer box appears and automatically installs/uploads files, which I presume to be these. Clicking cancel doesn't work, since it'll just repeatedly do it again.
 
Are these harmless files, or is there something more sinister preventing me from getting rid of them? I ran Farbar and did notice some strange files in the logs, but I can't tell if they're legitimate Windows files or the trojans/worms/backdoors, etc. For example: wuauclt.exe, conime.exe, dllhost.exe...
I'm on XP, and running RKill, TDSSKiller, Malwarebytes, Avira, JRT didn't come up with anything for the last few days. I did install something that I regretted - WinCDEmu - but it was directly from the site and came up with nothing from scans. I got rid of it I believe, although I had to do a system restore to be thorough.
Thanks for any insight.

A:False Positives or Legitimate?

You can submit the files at VirusTotal - Free Online Virus and Malware Scan  to be scanned by numerous security programs.
 
BC has this to say about one file...conime.exe...<not used> - conime.exe - Program Information but if you can, submit the file to Virus Total before deleting.
 
Use the programs below to scan for malware and adware. From web searches...those two items in AdwCleaner log should be removed...
 
Download Malwarebytes' Anti-Malware from Here
Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
The scan may take some time to finish,so please be patient.
If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
While still on the Scan tab, click the link for View detailed log, and in the ... Read more

11 more replies
Answer Match 73.08%

I have XP Home Edition on a Dell Dimensions 4400. I use Avast AV and also scan with Malwarebytes and Superantispyware weekly. Last week all my contacts in my Yahoo account started getting emails that I didn't send. I scanned with the three programs mentioned above along with Panda online scan and nothing was found except for some minor spyware. I had to delete that Yahoo account and open a new one.

Lately, pages laod slower then usual and when they are loaded it takes maybe 30 seconds before they're functional jump around a little, scroll bar won't work right away, etc.]

I scanned with something called RemoveIT Pro and it says I have 19 infected files. I uploaded three of them to VirusTotal and they all came up clean so I stopped. Some of the files it claims are infected are sys32.arf [VirusTotal-clean] sys32.ssupdate [clean]. Do I have issues or is this a ploy to get me to upgrade to the paid version since the trial won't fix anything? Heres's my HJT log if needed. Thank you in advance.

ogfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:12:01 PM, on 8/11/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\AvastSvc.e... Read more

More replies
Answer Match 73.08%

after an update on february the 9th, antivir started flagging some of gunbound's files as trojan.Downloader with its heuristics. I am pretty sure that this is a false positive so can some1 inform the createors of AntiVir?

A:Antivir More False Positives

Hi IHateAbnormalitiesIf you are sure that these are false positives, there is a help forum for the program. I know you don't need any help but you can post a topic there and someone will be able to stop those files being flagged, or will be able to put you in the right direction.http://www.free-av.de/cgi-bin/ubb/ultimate...i?ubb=forum&f=1David

1 more replies
Answer Match 73.08%

I purchased a new windows ten acer tablet/surface tablet , and I noticed there was some bad ratings online postings for the checkups on their database on emsisoft hijack free , when it directs you online. The deal is brand new right out of the box...and also they sound similar to what I noticed on my pc.
The listed ones were smss.exe process i.d. 360 /crss.exe pr. id 588 /crss.exe pr id 676 / services pr. id 792 /svchost exe pr. id 6784. Just took it out of the box. If they are false positives, how would you address this or diagnose this for your machine? Thanks.
 

A:False positives on EMS HIjackfree?

Well as long the locations are valid from Windows Directory then the process shown to HijackFree are FP.

You may refer to post a problem on their forum page under Other Emsisoft Products . They will check that as possible and update HijackFree to clean possible misflagged threats.
 

6 more replies
Answer Match 73.08%

Website blocked by Trend Micro Internet Security Opening this website may put your security at risk Trend Micro has not yet evaluated this website -------------------------------------------------------------------------------- The website you wanted to see might transmit malicious software to your computer, or has done that before to someone else. It may also show signs of involvement in online scams or fraud.Because you have set your Protection Against Web Threats to "High," all websites not yet checked by Trend Micro have been blocked for your protection. Address: http://download.bleepingcomputer.com/sUBs/ComboFix.exe Rating: Dangerous What you can do: Try visiting another site to find the information you want. Notify Trend Micro to review this page if you consider it safe. If you still want to see this blocked page: 1.Open the Trend Micro Internet Security console.2.Click Internet & Email Controls. 3.Click the Settings... button under Protection Against Web Threats. 4.Click the Approved websites link in the next window that opens. 5.Copy and paste the address of the blocked website into the list.

A:Talking about false positives.

Certain embedded files that are part of legitimate programs or specialized fix tools such as Combofix may at times be detected by some anti-virus and anti-malware scanners as a "Risk Tool", "Hacking Tool", "Potentially Unwanted Program", or even "Malware" (virus/trojan) when that is not the case. This occurs for a variety of reasons to include the tool's compiler, the files it uses, registry fixes, malware strings it contains and the type of security engine that was used during the scan.Such programs have legitimate uses in contexts where a Malware Removal Expert asked you to use the tool or when an authorized user/administrator has knowingly installed it. When flagged by an anti-virus or security scanner, it's because the program includes features, behavior or files that appear suspicious or which can potentially be used for malicious purposes. These detections do not necessarily mean the file is malware or a bad program. It means it has the potential for being misused by others or that it was simply detected as suspicious due to the security program's heuristic analysis engine which provides the ability to detect possible new variants of malware. Anti-virus scanners cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert you or even automatically remove them. In these cases the detection is a "False Positive".

1 more replies
Answer Match 73.08%

Filename: C:\System Volume Information\_restore {88A9728D-068D-4BE5-99BD-49CC3FD4BC94}\RP334\A0036436.exe
Detection: Is the Trojan horse TR/Agent.1402880

Filename: C:\hp\recovery\wizard\SWR_Wizard.exe
Detection: Is the Trojan horse TR/Agent.1402880

Are these couple of files viruses or false positives?
 

More replies
Answer Match 73.08%

Malware is bad, but false positives are almost as bad, in my experience.

I know no single antimalware is perfect, and free programs aren't near the quality of pay programs, and you often have to run 2 or more to find everything. MSE is.... well, it's free and part of Window sand while it offers live protection and is okay at catching a lot of bad stuff, I've had a few false positives with it, generally jpeg files and it only happens on occasion. I think it's an instance of the new definitions set having a bug that flags an image file the second it's created on the hard drive. It's happened... maybe 3 times for me and I know the files were safe otherwise.

I haven't had a malware infection for months. I was clean as of March, at the very least. I run MSE, Malwarebytes and SAS, with TDSSkiller on hand. I run a scan once a week and, at most, I find the same few tracking cookies. Between Adblock Plus, NoScript and Spybot's immunizations, I'm dodging the stuff the infects through browsers.

This morning I was playing freeware game Gungirl 2 on my secondary Dell XP computer, and on exiting the game I get a popup that says "stdst.exe has stopped working". A program not quitting right on exit isn't a big deal in itself, I've gotten somewhat used to it for certain games, especially freeware titles... Google that up and find lots of mentions of malware. So I have to run scans on both PCs and files on the Dell were taken off the Gateway.

EXCEPT I'm not infected as it seems s... Read more

A:I hate false positives

I agree false positives are a problem.
When you find a questionable file, you can upload it to VirusTotal.
That will scan it with a LOT of scanners.
If only 1 or 2 show an issue while 40+ say it's ok, it's probably an FP.
https://www.virustotal.com/en/

Upload your stdst.exe and see what VT reports...

9 more replies
Answer Match 73.08%

I did a full scan with TSE and TS, both up-to-date with Avira/Bitdefender NOT enabled. The results for both of them were different. TSE showed about 7 false positives for malware (sorry no pic) and auto checked them for removal. TS showed 0. Both scans were performed back to back with no change in software.

Windows 10 Pro

Why is detection more accurate on TS compared to TSE in this simple test I did?
 

More replies
Answer Match 73.08%

I scanned my system using Malwarebytes flash scan and here is the Log Files:
1/3/2012 3:24:19 PM
mbam-log-2012-01-03 (15-24-19).txt

Scan type: Flash scan
Scan options enabled: Memory | Startup | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: Registry | File System | P2P
Objects scanned: 139684
Time elapsed: 1 minute(s), 21 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 10
e:\users\public\documents\my pictures\aweks.pikz (Backdoor.Bot) -> Delete on reboot.
e:\users\public\documents\my pictures\my pictures.exe (Worm.AutoRun) -> Delete on reboot.
e:\users\public\documents\my pictures\my pictures.url (Trojan.Zlob) -> Delete on reboot.
e:\users\public\documents\my pictures\sample pictures\blue hills.exe (Trojan.Xanib) -> Delete on reboot.
e:\users\public\documents\my pictures\sample pictures\cakep.exe (Worm.Xanib) -> Delete on reboot.
e:\users\public\documents\my pictures\sample pictures\cuakep.exe (Worm.Xanib) -> Delete on reboot.
e:\users\public\documents\my pictures\sample pictures\sunset.exe (Trojan.Xanib) -> Delete on reboot.
e:\users\public\documents\my pictures\sample pictures\water lilies.exe (Trojan.... Read more

A:Malwarebytes false positives?

Necro,

No, it may not be getting all of it. What antivirus do you have in addition to Malwarebytes, and why isn't it picking anything up?

:It isn't a false positive if it deletes it, and then it reappears. Its a false positive if it deletes something that isn't a virus.

7 more replies
Answer Match 73.08%

I am wondering about some of a-squares findings on my latest scan. Things like winamp and win7codecs muc surely be clean:






Quote:
a-squared Free - Version 4.5
Last update: 27/01/2010 12:24:14

Scan settings:

Scan type: Smart Scan
Objects: Memory, Traces, Cookies, C:\Windows\, C:\Program Files (x86)
Scan archives: On
Heuristics: Off
ADS Scan: On

Scan start: 27/01/2010 12:27:47

Value: HKEY_CLASSES_ROOT\CLSID\{44EEAD9B-4EB1-4236-83BC-1273BB4B01EF} --> AppID detected: Trace.Registry.PC Doc Pro!A2
Value: HKEY_CLASSES_ROOT\CLSID\{44EEAD9B-4EB1-4236-83BC-1273BB4B01EF}\InprocServer32 --> ThreadingModel detected: Trace.Registry.PC Doc Pro!A2
Value: HKEY_CLASSES_ROOT\CLSID\{6C9CA10D-E604-47FB-A2F9-C9A013193609}\InProcServer32 --> ThreadingModel detected: Trace.Registry.PC Doc Pro!A2
Value: HKEY_CLASSES_ROOT\CLSID\{892F787F-B650-4A3E-AA5B-2B8021CE4D0A} --> AppID detected: Trace.Registry.PC Doc Pro!A2
Value: HKEY_CLASSES_ROOT\CLSID\{892F787F-B650-4A3E-AA5B-2B8021CE4D0A}\InprocServer32 --> ThreadingModel detected: Trace.Registry.PC Doc Pro!A2
Value: HKEY_CLASSES_ROOT\CLSID\{A0B0E5AB-617C-4A7D-8A94-9937D24B6670} --> AppID detected: Trace.Registry.PC Doc Pro!A2
Value: HKEY_CLASSES_ROOT\CLSID\{A0B0E5AB-617C-4A7D-8A94-9937D24B6670}\InprocServer32 --> ThreadingModel detected: Trace.Registry.PC Doc Pro!A2
Value: HKEY_CLASSES_ROOT\CLSID\{B34CCD89-D1CD-4F9A-BA6C-936BA7F7A239} --> AppID detected: Trace.Registry.PC D... Read more

A:a-square false positives?

no opinions?

4 more replies
Answer Match 73.08%

Need help with possible false positives found by Trend Micro Anti-Spyware 3.0 (with up-to-date definitions). See bottom of first log. Plus I added a HiJackThis Log. I've run all my other AS apps and none of found these.

--------------------------------- Anti-Spyware session started ---------------------------------
Machine=MAIN
Time=Sun Mar 12 08:22:02 2006
Product Version=3, 0, 1, 25
OS Version=Microsoft Windows XP Home Edition Service Pack 2 (Build 2600)

Started Scanning
Programs in Memory
Finished Scanning
Started Scanning
Internet Cookies
CoolWebSearch Variants (CWShredder)
Programs in Memory
Windows Registry
--------------------------------- Anti-Spyware session started ---------------------------------
Machine=MAIN
Time=Sun Mar 12 20:18:54 2006
Product Version=3, 0, 1, 25
OS Version=Microsoft Windows XP Home Edition Service Pack 2 (Build 2600)

Started Scanning
Programs in Memory
Finished Scanning
Web Browser Security Settings: Found '*' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\10sek.com\www'
Web Browser Security Settings: Found '*' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\2006ooo.com\www'
Web Browser Security Settings: Found '*' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\6sek.com\www'
Web Browser Security Settings: Found '*' in 'Software\Microsoft\Windows\CurrentVersion\Inte... Read more

A:Possible False Positives - HiJackThis Log

hi there,

those entries are ok and are placed there by spybot and possibly other security programmes. Basically these entries are there to block those sites so maybe include host entries to, is nothing to worry about!
You should remove most of those trusted as you have now given all those sites the power to download stuff to your computer when they want to!

Update your java to the latest version.
have hijack this fix these entries!
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {B06300D0-CCDE-11d2-92D3-0000F87A4A55} - (no file)
O9 - Extra button: (no name) - {BF80219A-CCDD-11d2-92D3-0000F87A4A55} - (no file)
 

3 more replies
Answer Match 73.08%

Hi,

Was working a bit w/ Lawrence and he suggested that my problems may be FP's but said I could post here. I spent last Sat in the HJT forum to get cleaned from some other issues. Yesterday, however, my Avast detected the following & called them Rootkits...

A0001119.dll C://System Volume Information\_restore...
swg.dll C://Program Files\Google\GoogleToolbarNotifier\5.1.1309.3...

It reports that they were used last a week prior to my HJT clean up so I am not sure if they have been there, are new or are False P's. I am unable to copy all the info from the Virus Chest. Please let me know what else you need. I did notice something new that appeared in my Sch. Tasks, which is where my other infections were appearing. It is a Google Updater that is suppose to update but says it never does????

I would appreciate any assistance..Thanks!

Alan

A:Rootkits or False Positives?

Hello.That is a restore point. I'm not exactly sure on that google thing however. If you could give me a complete log via AVG's Computer scanner page and export to .xls file that would be helpful.Please run MBAM first.Download and run MalwareBytes Anti-MalwarePlease download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on Download_mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finishe... Read more

22 more replies
Answer Match 72.24%

My MBAM detected 65 infected Trojan Downloaders on the 1 hour old Clean re-install of Win 7!!!

Anybody who had the same detection, dont get scared it is False positive:
For confirmation look here:
Trojan.Downloader detected in 65 system files - Malwarebytes Forum

Hope you guys haven't caught heart attack

A:malwarebytes DB error false positives

That's what I like about Norton AV--it doesn't scare me to death.

9 more replies
Answer Match 72.24%

AMD users should be aware that some AMD graphics driver installers, and drivers themselves, are being detected as malware.

Oh boy, this can be real problem...

I noticed this after scanning a test system with Bitdefender. Bitdefender returned a file detection for atiode.exe and vcredist.exe_x86 2012.exe. atiode.exe is a part of AMD\ATI Catalyst Control Center.

NOTE: These files are installed by the more recent AMD\ATI graphics and chipset\RAID installers - available for direct download at the AMD Driver Support webpage - as well as OEM supplied install package.

This Herd Protect link is from 02/17/2016:

http://www.herdprotect.com/atiode.exe-6dfde22ae8f1f2e7a896ea83416db1906317f6ff.aspx



Upon further examination, I performed a Virus Total query. Security soft vendors such as Avast and Bitdefender - among others - are currently detecting a few of the AMD\ATI executables as malicious.

COMODO Valkyrie detects some as malware, but others as safe. A file not detected by Bitdefender was rated by Vakyrie as a backdoor - pending manual analysis by a COMODO technician. A final verdict will not be made until manual analysis is performed.

It appears that one vendor's scan engine made a malicious file verdict via heuristics, uploaded it to Virus Total, and other vendors are just copying that file verdict.

AMD users need to be aware of this fact !

Your security suite will detect - and delete\quarantine these objects - dependent upon settings ! atiode.exe is inst... Read more

More replies
Answer Match 72.24%

Hello Bleepingcomputer forum,
 
I noticed in the download section the good review about Emisoft Antimalware, and in the Best Practices by Quietman7 the same antimalware product was added to the list, as a good candidate for malware protection. I remember using the trial version a few years ago, maybe two or three, and what made me decide not to choose it was the high number of false potitives the program had. Is it still like that, or have Emisoft come up with a more intelligent engine, if you may? I am not a computer expert by any means, that implies I do not have the knowledge to tell whether a process or program should execute or be quarantined. I know Emisoft has a trial version, but before I install it and try it out again, I would like a feedback and an opinion from you. Maybe it is a very good product, if you know how to deal with it, but it is not for the masses...thanks for any imput and suggestion you will give me,
 
regards,
 
Enrico

A:Emisoft Antimalware and false positives

Emsisoft products, like any other security scanning software, can occassionally detect a legitimate file as being malicious (a "false positive."). Emsisoft acknowledges this possibility in support articles like the following.
 

...Sometimes security software falsely identifies important crucial system components as a threat (hence the term False Positives - FP)....

Using Security Software To Scan Data
I have been using Emsisoft Anti-Malware (EAM) for a while now and thus far, have not encountered a false detection. If you encounter such detections, they can be reported to the Emsisoft False positives forum.
Alternatively, you can Contact Emsisoft Support: False alerts directly and send an email to: fp@emsisoft.com
If a file appears to be suspicious you can Submit a suspicious file sample to Emsisoft's research lab so they can investigate.
 

BTW, you should always get a second opinion on suspicious or questionable file detections by submitting them to one of the following online services that analyzes suspicious files:
Jotti's virusscan
VirusTotal
VirSCAN
Camas Comodo
--In the "File to Scan" (Upload or Submit) box, browse to the location of the file(s) in question and submit (upload) it for scanning/analysis. If you get a message saying "File has already been analyzed", click Reanalyze or Scan again.

1 more replies
Answer Match 72.24%

Whilst browsing the Internet, I got an alert from Bitdefender that an obscure file on my PC had been declared malicious and was asking me to confirm whether to block it or not. No sooner had that happened than another message appeared concerning another file, and then another and another, and I kept blocking them until I realised that these were flagging trusted programs I have had installed for years. I ran a deep scan straightaway and located a single trojan which was apparently deleted without any fuss (I don't know when precisely I may have picked this up). However I am still getting alerts whenever I try to open an .exe file, saying that Bitdefender considers it a malicious program and advises blocking it. Beyond the alerts, though, there doesn't seem to be any problem - nothing has appeared on scans, even when scanning an individual file that Bitdefender has specifically warned against, and I don't appear to be suffering from any traditional symptoms of viruses (slowdowns, pop-ups, re-directions etc).
Is it possible that Bitdefender itself is at fault here, and is trying to block perfectly clean files (could this be related to the recent mess over their update?), or is it possible than my PC is genuinely infected? I would appreciate any help or advice on this matter; I find it hard to believe that Bitdefender would warn against opening dangerous files and then show no sign of recognition when they are scanned with the same program...

A:False positives or a genuine threat?

Honestly, I would ask one of the responders to take a look at your logs. While the files themselves might not be infected, it's quite possible you have an active infection that is being detected when those trusted programs are run, thus setting off a false positive on the file, when the infection is already in memory. Perhaps a bad winlogon notifier dll entry or similar. Just an example, of course - I would pursue more active detection, though.Remove unnecessary quote. ~ OB

5 more replies
Answer Match 72.24%

Recently I ran a scan with spysweeper and it showed coolweb search and CWS variants.Deleted and still had after reboot.Freaked and ran free scan by NoAdware.net.It found numerous "Dangerous" infections.Mainly referring to WebPi applications,I believe.(key loggers,screen shots,whole nine yards)Really freaked.I was running ghost surf 2005,spysweeper,mcafee antivirous suite-although last one was expired a couple weeks.Anyway somehow I came across files that were password protected supposedly.I deleted manually.Then wiped drive.Relegated computer to games only since it was time to upgrade anyway.My question is:Has anyone heard of the WebPi false positive with NoAdware.net?>I did a little research on them and they are questionable at best.Also ,can WebPi be installed without physical access to computer?Can it be installed through a backdoor remotely?Thanks

More replies
Answer Match 72.24%

This topic will be used to post false positives in Anti-virus/Anti-malware programs so that end-users know not to fix the particular entries that may be shown.Note: A separate reporting area specifically dedicated for AdwCleaner can be found in this topic...AdwCleaner False Positive Reporting Topic

A:False Positives in antivirus-programs

Week of 11/16 MalwareBytes' Anti-malware had the following false positives:C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll (Virus.Mariofev)C:\WINDOWS\$NtServicePackUninstall$\user32.dll (Virus.Mariofev)C:\WINDOWS\ServicePackFiles\i386\user32.dll (Virus.Mariofev)These false positives have already been resolved in a past definitions update. Please make sure you update your MBAM definitions.

89 more replies
Answer Match 72.24%

A couple of weeks ago, one of my thumb drives was infected by the Taquito worm on another PC - I plugged the drive into my home PC before I realised what had happened, and AVG popped up shortly after to tell me about it. Following various advice, I ran a few things including ComboFix and Flash Disinfector... After some fiddling, my HijackThis and RSIT logs seemed to be pretty clean, and an AVG scan turned up fine.I thought I was clear and left it at that, but after helping a relative with their own virus problem, I decided to run the Kaspersky online scan on my own PC just to be sure... 5 and a half hours later (Half Life 2 really seems to slow it down - must be the large archive files...), it found 4 threats in 5 objects.Here are the details of them - apologies for the formatting:Tuesday, November 18, 2008Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)Kaspersky Online Scanner 7 version: 7.0.25.0Program database last update: Monday, November 17, 2008 22:51:02Records in database: 1390362Scan settingsScan using the following database extendedScan archives yesScan mail databases yesFile name Threat name Threats countC:\Documents and Settings\Kefka\Application Data\Sun\Java\Deployment\cache\6.0\59\303ac5bb-48778c41 Infected: Exploit.Java.ByteVerify 2 C:\Documents and Settings\Kefka\Desktop\Installs\RSIT.exe Infected: Trojan.Win32.Autoit.gs 1 C:\Documents and Setti... Read more

A:Kaspersky false positives or infections?

Hi Kefka,Running MalwareBytes would be a good idea, and it would also be good to download and install Spybot S&D if you don't have it. Update them both and run them and have them fix anything they find. Then be sure to use the Immunize feature of Spybot. Do not allow it to install TeaTimer and if it does, be sure it is disabled when you run any scans, as it will prevent changes. For insructions for which settings to use for MalwareBytes, please see post two of this thread: http://www.bleepingcomputer.com/forums/t/180567/win32trojanagent-help-please/Zllio

3 more replies
Answer Match 72.24%

I would like to use baidu antivirus but it always flags inlight radio player as infected when it is not is it possible to run inlight radio player sand box in baidu antvirus if anyone could help I would be most thankful best wishes paul
 

A:Baidu antivirus false positives

Does the antivirus have the option to set exceptions? If so you can add the executable to the exceptions list.
 

3 more replies
Answer Match 72.24%

Hello,

I have a peculiar situation with an XP SP3 computer, and it is difficult to ascertain the true status of the machine.

The customer claims that they were greeted with a notification about a virus, so they promptly ran a full scan with Lavasoft Adaware. After this was completed, numerous seemingly valid EXE files were relocated to quarantine.

Most of them were tagged with - LooksLike.Win32.InfectedFile!A (v)

Many of them were EXEs from commercial/vertical software programs that had been installed for years. Since it seemed highly unlikely that all these objects were truly infected, I restored them all.

The machine is running OK. There are some quirks and performance issues, but nothing very ominous.

I have since installed and run MalwareBytes, and it found a couple of believable threats that were removed.

I then ran a Kaspersky and AVIRA scan on the machine. Both of these found multiple infected EXE files again. So I submitted a handful of these to Virustotal, and the results were all over the map. Many files were found clean, but others got several hits (New WIN32, W32/Pift, Virus.Win32.Suspic.gen). One of these hits was a component of the freshly installed Malwarebytes program (mabamgui.exe).

Not to be deterred, I just downloaded and ran the ESet online scanner. And... it found NOTHING.

What in the world am I supposed to make of this? Is there a reasonably certain way that I can confirm/deny the infection on this box?

I cannot recall when I have se... Read more

More replies
Answer Match 72.24%

I recently updated AVG Free Edition to version 2014. After the update I run a scan and AVG reported 22 IRP Hooks that it couldn't remove so I downloaded Malwarebytes' Anti-Malware and run a scan and MB Anti-Malware found nothing. A few days after I run another scan (AVG) and it reported 40 IRP Hooks. So I downloaded Malwarebytes' Anti-Rootkit and run a scan but it found nothing. Another few days after I run a scan agan with AVG and it found 22 IRP Hooks. Are that false positives, or?
(I attached the reports. The Malwarebytes' reports are on Croatian, so use Google Translate.)

A:AVG reports IRP Hooks - false positives, or?

Please download and run Belarc.
 
Scroll down to toward the bottom of the page where Software Versions and Usage is located.  
 
Please copy and past the list of software in your next post.  
 
What I'm about to post should not be taken personally, it is simply an explanation.
 
Since I do not have any idea what I'm downloading from links provided in topics I will not download these to my computer.  If you can copy and paste these logs in this topic, please do so.
 
Thank you for understanding.

2 more replies
Answer Match 72.24%

I can't seem to download these Windows Media Player skins (.wmz & .zip), I've already downloaded a few with no problems, but chrome and windows defender thinks there are malware/virus in the following skins. How do i know for sure? If i choose to keep the files on chrome, windows defender comes along and sweeps em away
 
http://customize.org/wmp/skins/45962
http://customize.org/wmp/skins/45903http://customize.org/wmp/skins/75597http://customize.org/wmp/skins/61812

More replies
Answer Match 72.24%

I ran ComboFix by myself. I know its recommended to have help, but went through it anyway.

Nothing broken, but it found two things, that I think are false positives.
Where should I submit false positives?

1) inst.exe -> From CopyToDVD and ConvertXToDVD software.

2) kernel32.dll -> This I'm not sure its a false positive but I removed ".vir" extension and sent it to VirusTotal and nothing found.

How should I send the samples? With ".vir" extension? Without ".vir" extension? Other method?

Thank you.

A:Found ComboFix false positives.

Just to let you know new malware is hardly detected by virus scanners.To fully understand Combofix it is best to have it analyzed by the MRL Team so I recommend you do the following:Please follow the instructions in ==>This Guide<==.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include the link to this topic in your new topic and a description of your computer issues and what you have done to resolve them.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Once you have created the new topic, please reply back here with a link to the new topic.

2 more replies
Answer Match 72.24%

I recently installed AVG 8.0 free prior to the 7.5 product being discontinued.

It found a false positive inside an archive and decided to delete the file.
Since the file was within an archive, AVG apparently decided to delete the archive.
And I guess the archive was too large as it has been completely deleted (not moved to the vault).

The offending (false positive) file was an OS/2 library to allow UNIX compatibility (emx: omflib.a)

I recommend when installing this software that you change the settings to disallow scanning inside archives and automatic file deletion.

A:Avg 8 Auto Delete False Positives

Thanks for telling us that trindflo.
Also Avg 8.0's warnings usually are false postitves too. AVG 8.0 has some difficulties "getting along" with Spywareblaster and Spybot's Immunize feature. Just wanted to point that out.

Extremeboy

2 more replies
Answer Match 72.24%

Hello,
Info: Windows 7 all updated
 
MalwareBytes and SUPERAntiSpyware both found Trojan.Agent/Gen-Stranform within my system; interestingly MB quarantined it, but it disappeared and SAP quarantined it and it is still in quarantine. This particular "Trojan" was associated with Chrome and a LOT of DLL files. Then SAP found Trojan.Agent/Gen-Tracur  having something to do with Windows/SYSWOW64/DISCHANDLER.EXE and just this morning SAP found Trojan.Agent/Gen-Downloader
 in D:\DOWNLOADS\SUPPORT-LOGMEINRESCUE.EXE (whatever this is associtated with is very old as I use this datafile rarely); and I do not even know what it is. What is odd is not only that these keep coming up all within the last month and also odd is that MB scans first and finds very little; late Aug found and qurantined Trojan.Dropper.SP two files and MB finds a LOT of PUPs, which generally are programs I do want ; SAP scans 2nd finds everything and quaranties. I also use Norton 360 and it finds nothing, it does block many intrustions however. All 3 scanners find cookies; no big deal.
 
I just don't know if I am infected; I looked these up and some information points to false positives. If I am infected, I worry that I have something that is just backdooring trojans in once or twice a month. I am just not sure what to think or do. Thank you for any assistance and I do hope I communicated the issue well.
 
Also, other than Hardware issues; I have had no real issues with software.

A:Infected? Or False Positives for Trojans?

Hello, this, DOWNLOADS\SUPPORT-LOGMEINRESCUE.EXE is usually Remote Support & Mgmt. Software like Go To Assist.Tracur is bad.Lets scan the machine.Please download MiniToolBox, save it to your desktop and run it.Checkmark the following checkboxes:Flush DNSReport IE Proxy SettingsReset IE Proxy SettingsReport FF Proxy SettingsReset FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory size.Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.Note: When using "Reset FF Proxy Settings" option Firefox should be closed.Download TDSSKiller and save it to your desktop.Extract (unzip) its contents to your desktop.Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.If an infected file is detected, the default action will be Cure, click on Continue.If a suspicious file is detected, the default action will be Skip, click on Continue.It may ask you to reboot the computer to complete the process. Click on Reboot Now.If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here....ADW CleanerPlease download AdwCleaner b... Read more

7 more replies
Answer Match 71.4%

Hello,

So lately I've been using an anti-virus program called G-data TotalCare 2012. I really like it better than the AV programs I've used before, like Norton, PC-Tools, AVG etc.

However there is a slight problem I REALLY need help with. It detected a false positive not too long ago and I noticed that it doesn't give me any option to allow it or just log it, I HAVE to block access or delete it in some way. And I can't find any list to add the file to.

I've already contacted the support for this, but they seem to take their time, so I thought I'd make a thread here, hoping for the best, seeing as G-data doesn't have their own forum.
So if anyone have any idea what to do, other than changing/removing the anti-virus, please tell me. ♥

Thank you,
A*nonymous

A:Gdata Antivirus allowing false-positives

Hi,

False positives do occur in any malware suite. The safest thing to do is to ensure that it is indeed a false positive (you never said what made you sure it was a false positive) and do a scan with another malware suite.

Try the free version of Malwarebytes and lets make 100% sure it is a false positive.

Regards,
Golden

4 more replies
Answer Match 71.4%

After Googling the "Infection Warnings" (In Bold) I'm beginning to wonder if these are legit...please advise/info...thanks

"Silent Runners.vbs", revision 43, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"SpySweeper" = ""C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray" ["Webroot Software, Inc."]
"BDMCon" = ""C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg" ["SOFTWIN S.R.L."]
"BDAgent" = ""C:\Program Files\Softwin\BitDefender10\bdagent.exe"" ["SOFTWIN S.R.L."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {CLSID}\InProcServer32\(Default) = "blank" [file not found]
"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}&quo... Read more

More replies
Answer Match 71.4%

A definition update for Malwarebytes causes Trojan.Donloader.ED false positive on a massive amount of files that it can disable your system. It was corrected with new update. It hit me this afternoon and sure glad I had a recent Macrium Refresh image.

***False positive Trojan.Downloader.ED*** - Malwarebytes Forum

Jim

A:Malwarebytes Update causes Massive false positives.

Oh my! I hate to see such a mistake sully such a good program. Nice post Jim

A Guy

13 more replies
Answer Match 71.4%

Windows xp pro sp3
Pentium 4 1.9Ghz
1 GB ram
First I had a blank welcome screen...no names to click. In safe mode, I could click a name, but it logged off without getting to desktop. I tried knoppix to get some info off the drives, but it wouldn't load. I then reinstalled the os. I got avira, spybot, superantispyware, & malwarebytes from another pc to install with thumb drive before I connected to network. Once I got up & running, I got avira telling me cmd.exe, svchost, iexplore, tablet (my tablet driver), and a host of other crap was messed up. I clicked repair and when I restarted, couldn't see a taskbar, icons, tablet use...after messing with it, I got into safe mode and scanned with everything I had and each one got rid of lotsa stuff. upon restart, the same problems were back.Once again, I reinstalled the os and tried avast vs avira, and am still having problems-->invisible ie pop ups, cant access microsoft.com or various anti virus sites with any browser (I also have hosts file backup on thumb drive, which I used). Chrome wont even start. Avast is constantly finding viruses with letters and numbers for names and occasionally telling me normal stuff is bad. Whatever it is also deleted system restore. I hope this is the proper forum and appropriate information.

A:Lots of problems and false? positives with avira

Hello. first make sure one ONE Antivirus is active. Two active will cause a bunch of problems. Now please run these and we'll review the logs. Next run MBAM (MalwareBytes):Please download Malwarebytes Anti-Malware and save it to your desktop.Download Link 1Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.
For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on th... Read more

9 more replies
Answer Match 71.4%

The precise circumstances are unclear, but it's becoming obvious that MSE in some cases detects a DOS/Alureon.J infection where none exists
It's looking more and more likely that Microsoft Security Essentials (MSE) is warning about a TrojanOS/Alureon.J infection when none exists.

On Sept. 16, Microsoft Answers Forum poster ElBanko said that he couldn't remove an MSE-identified infection of TrojanOS/Alureon.J, in spite of repeated scans and removals from multiple packages. According to ElBanko -- who appears to be quite knowledgeable:

I have run TDSS, Combofix, JunkwareRemovalTool (JRT), MS Malicious Software Removal tool, AdwCleaner, HitManPro, Malwarebytes (MBAM) and searched the registry for any related entries in a manual attempt to delete files related to it - nothing found? MSE is the only product that even identifies it but it does not remove it!

On Sept. 23, MVP Le Boule reported:

The Microsoft team that is responsible for MSE is aware of the reports of "possible" false detections of Dos/Alureon J and are working to identify and resolve any issue involving the MSE program. Anyone seeing this issue should monitor this thread.

Two weeks ago, MVP Kosh Vorlon said:

I spoke about it twice more and escalated it further yesterday with Microsoft Management - and yet again just now; however, I have no ETA yet as to when they will respond with an explanation or fix. Please be aware that they certainly know about this thread and they or I will pos... Read more

A:MSE may be throwing false positives for Trojan:DOS/Alureon.J

I have been getting this on my new Cybertron, Windows 7 run, computer. Every time I click remove and restart my computer, it still pops up, very annoying. And it won't let me access the internet after click remove and choosing to restart later. I finally said, eff it and changed to Allow, restarted AGAIN, and it didn't pop of this time, thank the gods. I still plan to try other scanners to be sure.
 

2 more replies
Answer Match 71.4%

So, I installed the latest free version of Avast! on a XP machine I have laying around. On this machine, I've got AVG free edition, Ad-Aware, Spybot S&D, AVG anti-spyware, Windows Defender, and ZoneAlarm installed and running. This machine hardly gets used so the concern over it getting infected with something is low.

I installed Avast! to check it out. It scanned the hard drive and found a "Bookworm" file had been infected with a "Win32:Inject" trojan horse. AVG and none of the other above mentioned apps (excluding the firewall, of course) reported anything about this infected file.

So, I went to the free supoort forum for AVG free edition and read the sticky thread on what to do if you have a file you think is infected. In that thread, it says to scan the file using Jotti's malware scanner. If it's infected, e-mail the file to AVG and they will analyze it. Cool.

So, I upload the file to Jotti's scanner and it scans the file using a plethora of anti-virus scanners, a few of which are frequently mentioned and recommended here (e.g. AVG, Avast!, Kaspersky, NOD32, etc). The scan results from Jotti indicate Avast! and Sophos both detected a trojan horse while NONE of the other scanners detected anything.

When I first scanned the system using Avast! and it found the trojan horse, I thought" "cool, Avast really is as good as people say." After seeing the results above, I'm wondering if that was the case or if I�... Read more

A:Question about anti-virus false positives

9 more replies
Answer Match 71.4%

Hello
 
I've run 3 scans today (no cleanups) with adwcleaner and it came up with 3 different things everytime:
 
 
# AdwCleaner v6.010 - Logfile created 30/08/2016 at 19:26:47
***** [ Web browsers ] *****
No malicious Firefox based browser items found.
Chrome pref Found:  [C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Profile 3\Web data] - ask.com
 
# AdwCleaner v6.010 - Logfile created 30/08/2016 at 22:44:39

***** [ Files ] *****
File Found:  C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\3rbe7qh1.default\extensions\jid1-93CWPmRbVPjRQA@jetpack.xpi

 
# AdwCleaner v6.010 - Logfile created 31/08/2016 at 00:10:56
***** [ Folders ] *****
Folder Found:  C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\3rbe7qh1.default\extensions\staged\jid1-93CWPmRbVPjRQA@jetpack
 
 
Also, I cleaned something related to ask.com a few days ago:
 
 
# AdwCleaner v6.000 - Logfile created 24/08/2016 at 12:39:39
***** [ Web browsers ] *****
[-] [ask.com] [Search Provider] Deleted: ask.com
[-] [chrome-app-launcher.en.softonic.com] [Search Provider] Deleted: chrome-app-launcher.en.softonic.com
 
 
I ran full scans with Panda, MB Antimalware, Panda cloud cleaner and Eset, nothing was found.
 
Should I be worried?
 
*I use Windows 10 Home x64

More replies
Answer Match 71.4%

Hi, Without dispute to the sensitive nature of the use of Combo Fix tool and to responsibly use the tool in my own business to support client issues of repair, I have never had issues with the use of the program. I take to heart all of the guidance on the site herein without need to futher inquiring on how to use the program. I can safely state with having 15 years in business for myself and having 22 yrs of experience in a fortune 100 company doing same, the confidence factor of performing these steps for malware removal beyond the chance that utilties like Malwarebytes A/M; above and beyond the mis lead filtering that Symantec Endpoint Protection did stop a mere percentage of the actual damage, using the ComboFix tool with again the same confidence, I ran into the first instance of a false positive removal of files which have been on my system without issue for the last four years. The programs that are tethered to the removsl of certain files are not in question and are valid. The concern I have is that they were removed by ComboFix and for this instance of running the program, ComboFix performed a bit to clean. And in this instance, Combo Fix had tripped up removing files that for the last four years had never been filtered out as a potential issue. I respect the information in the disclaimer and use thereof and as well take note to the actual permission on use of the program, but in my business, I am confident and self reliant and do not hold any other parties responsib... Read more

A:Using ComboFix for first time which removed false positives

Hi hdowns, since you do not have an actual malware issue, I have moved this topic to a more appropriate forum.

As any antimalware tool, Combofix gets updated constantly. For this reason, it is possible, as you experienced, that it has not detected those files for years and now targets them. Unfortunately, as every tool, Combofix also detects the occasional false-positive (this is due advanced detection mechanisms that are refined on a regular basis). Those files are obviously legit. Combofix saves copies of any deleted item, whether it is in the registry or a file, so things can always get restored.

On the other hand, as was also mentioned in your other topic, combofix is a very powerful tool. It is recommended to use it only under guidance; if you do not do that, you risk doing damage to a system. Of course, if you feel confident you can resolve possible complications, that is quite okay.

2 more replies
Answer Match 71.4%

Hello everyone,

I have a Dell Inspiron N4110 that comes with Windows 7 Home Premium pre-installed. It was purchased only 3 months ago. I use Returnil (free virtual mode attracted me) and Microsoft Security Essentials. Everything is up to date. I just completed Returnil's Full System Scan on High Sensitivity (in hindsight, this may be my issue) and it came up with a few items:

1. Backdoor: C:\WINDOWS\WINSXS\X86_MICROSOFT-WINDOWS-FTP_31BF3856AD364E35_6.1.7601.17514_NONE_AEF2C7DBB6CC16C1\FTP.EXE
(Google did not yield any meaningful results)
2. Backdoor: C:\WINDOWS\WINSXS\X86_MICROSOFT-WINDOWS-FTP_31BF3856AD364E35_6.1.7601.17514_NONE_AEF2C7DBB6CC16C1\FTP.EXE

Attemping to repair these two resulted in errors and Returnil asking me to reboot. Upon reboot, there was no difference except that Returnil is now saying I need to do a system restore (and of course, wants me to upgrade to get additional features)

Additionally there were these:
3. CCSETUP320.exe
I'm sure many of you will recognize as CCleaner. I always download from the webpages the program sends me to and the updates are usually on filehippo
4. "Virus"
The two entries inside are Chrome extensions. I'm 99% certain these are false positives, but thought I'd mention it
5. "Archive bomb": C:\USERS\AUSTIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE\F_000610
Might be false positive?
6. Security... Read more

A:Returnil found malware, some look like false positives, others I'm not sure about

Download TDSSkillerRight Click it Run as Admin.Click on Change parameters Select TDLFS file systemClick the Scan buttonPost the LOG In your next reply

Do not change the default options on scan resultsSome types of malware will disable MBAM and other security tools. If MBAM will not install, try renaming it.Before saving any of your security programs, rename them first. For example, before you save Malwarebytes', rename it to something like MBblah.exe and then click on Save and save it to your desktop. Same thing after you install it. Before running it, rename the main executable file first

Right-click on the mbam-setup.exe file and change the .exe extension to .bat, .com, .pif, or .scr and then double-click on it to run.

If after installation, MBAM will not run, open the Malwarebytes' Anti-Malware folder in Program Files, right-click on mbam.exe and change the .exe as noted above. Then double-click on it to run..Another work around is by not using the mouse to install it, Just use the arrow keys, tab, and enter keys. Please download Malwarebytes Anti-Malware and save it to your desktop.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatical... Read more

9 more replies
Answer Match 71.4%

Microsoft will start to give some customers the benefit of the doubt with an updated version of its software antipiracy tool, Windows Genuine Advantage Notifications. The company has added a new category to the tool - ?indeterminate? - for instances where it can't be sure whether the OS running on a user's PC is legitimate or not...pcadvisor.co.ukMS finally admits The issue has arisen partly because, through no fault of the customer, the wrong product activation key can sometimes be used to unlock a legitimate copy of the OS.

More replies
Answer Match 71.4%

Hi there!I'm facing the exact same problem on two computers -- a laptop under XP and a desktop under Vista... There are no symptoms on the XP laptop, but there are strange things happening on the desktop Vista.Let's start with the laptop.I use the Bitdefender online scanner once a week and I run Spybot and Malware bytes regularly also.The new Bitdefender is so fast that I'm not sure its reliable, so I tried the Kaspersky online scan for a change.Three hours later it told me that I had 2 infections of Backdoor.Win32.SdBot.qzd in a Movie Magic Screenwriter file.I googled the Trojan, and found that quite a few people who had it also had it in this same Movie Magic Screenwriter file. (and it's in the same place on my other computer.)Movie Magic is a script formatting program that needs online validation for it's installs, so I checked on their site:It appears that a number of anti-virus programs, are flagging parts of Screenwriter as a Trojan or virus, usually "IRC/BackDoor.SdBot4.QPE", but this can vary. Please be assured that the program did not ship or download with any Trojans or viruses.It is a false positive.We received confirmation of this in a letter dated April 9, 2010 from a support representative from AVG. Please update your AVG anti-virus as soon as possible, as this problem has been fixed in the latest virus definitions update. So just to be sure, I ran AVG, Malwarebytes, Spybot in SAFE mode, with no threats detected. But then I... Read more

A:infected with SDBot trojans or just false positives?

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

32 more replies
Answer Match 71.4%

The updated NIS 22.5 gives me too many false positive...

After NIS was upated, I ran full scan.
Some of matlab files, many of anaconda python files, pot player, gom player, and irfanview were detected as a virus.

The worst thing is that the detected files were removed permanently.. , so it cannot be restored.
I think it should have been quarantined.
 

A:NIS 22.5 gives too many false positives and removed files permanently

breathejustice said:





The updated NIS 22.5 gives me too many false positive...

It is a headache to me now.

Some of matlab files, many of anaconda python files, pot player, gom player are detected as a virus.
The worst thing is that the detected files are removed permanently.. , so it cannot be restored.
I think it should have been quarantined.Click to expand...

You can restore the file from quarantine and deem it safe!
Check your quarantine!
 

13 more replies
Answer Match 70.56%

I've been using a site for a few years and everything has been fine. All the sudden a few weeks ago it's started getting flagged as a bad site. Odd thing is it only happens every once in a while. I've also whitelisted it and it still gets flagged. I've even checked the "Site Safety Center." It says it's safe. What gives?? Suggestions?

More replies
Answer Match 70.56%

So, what is the plot? In these two threads:

"Question about confirming a virus infection"
http://forums.techguy.org/general-security/838778-question-about-confirming-virus-infection.html

"False positive battle continues"
http://forums.techguy.org/general-security/970300-false-positive-battle-continues.html

I raise questions about how to best confirm whether any given infection reported by an anti-virus or anti-spyware application is really infected or not and what can we do when applications don't agree.

In this latest installment, I have yet another permutation of the above to consider. About a week-ish ago or so, I stumbled upon an installer for the VLC player (www.videolan.org) from an untrusted source. I downloaded the installer so I could scan it with various anti-virus and anti-spyware apps I have access to. I scanned it with these apps and got these results:

Spybot S&D 1.6.2: no infection
SUPERAntiSpyware 4.54.1000: no infection
Malwarebytes 1.51: infected with Fake VLC (or something like that)
AVG 2011 10.0.1382: no infection
Microsoft Security Essentials (latest version): no infection
Antivir (latest version): no infection

Ok, cool. So, I send the file for analysis to the maintainers/vendors of Spybot, SUPERAntiSpyware, AVG, Microsoft Security Essentials, Antivir. I've heard back from AVG, Microsoft, and Avira with these results:

AVG: sample sent was infected
Microsoft: sample sent was NOT infected
Avira: sample sent was NOT i... Read more

A:False positives and confirming infections, the plot thickens...

16 more replies
Answer Match 70.56%

I just updated Spybot 1.4 to the latest updates (2005-07-30) and ran a scan. It found a Registry Change in the Windows Security Center that looks like this...

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusOverride!=dword:0

I did some research and found this post on another forum

http://forums.maddoktor2.com/index.php?showtopic=5446

Anyone else finding similar results pertaining to Window Security Center after updating Spybot 1.4?
 

A:Latest Spybot Updates Finding False Positives?

It's not really a false positive. It's detecting the fact that the security alerts have been turned off that would normally advise you if your firewall and anti-virus programs weren't working. This could have been done intentionally by yourself or by some malicious program. I'm sure you can tell Spybot to ignore it if you set it up this was intentionally in the Security Centre.
 

1 more replies
Answer Match 70.56%

I haven't seen this posted at TechGuy forums so here you are>

http://kb.eset.com/esetkb/index?page=content&id=SOLN2181&actp=LIST_RECENT

ESET Smart Security / ESET NOD32 Antivirus detected some Windows files as Win32/Kryptik.JX and quarantined themClick to expand...

http://kb.eset.com/esetkb/index?page=content&id=SOLN2181&actp=LIST_RECENT
 

A:NOD32 Gets False Positives, Detects System Files

7 more replies
Answer Match 70.56%

Recently a trend scan internet secuirty on my mothers computer op sys xp service pack 3 produced 3 instances of TROJ.Generic.DIT locations as follows c\windowssystem32\spool\drivers\w32x86\3\ infected file CNMSR5yo.414, c\windowssystem32\spool\drivers\w32x86\canonip150039e6\ infected file CNMSR5yo.414 c\BUPprinter\CNMWINDOWS
CanonPIXMAIP1500\LanguageModules\0414 infected file CNMsr5y.dll it only allowed me to clean one as this was an old printer no longer attached I deleted the others. I did a subsequent scan after a reboot and it produced another positive the in system restore C\SystemVolume Information\_restore{46684F5B-2F2 so I quarrantined this and in a solitaire game sound file which I deleted. All subsequent scans show clear. I then not feeling safe did an online scan from Kaspersky this produced one positive result infected not a viurs DownloaderWin32ImLoader.d this was located in an incredimail file which again is an old file as increditmail has long ago been removed so I also deleted this file subsequent kapersky online scans show clear.Still not feeling safe I ran an lava soft free ad-Adware anniversary ed scan this showed 2 infected files here is the log

Logfile created: 19/02/2009 11:6:8

Lavasoft Ad-Aware version: 8.0

Extended engine version: 8.1

User performing scan:



*********************** Definitions database information ***********************

Lavasoft definition file: 146.11

Extended engine definition file: 8.1

<... Read more

A:reoccurring threats unsure if false positives are occuring

previously posted on here regarding false positives for trojans yet to receive a response so while waiting I tried yet another, suggested by this forum, online scanner this time panda. It has been sitting on 49% for over 3 hrs. It is scanning windows installer the file number right at the end changes and the first part alters but >msp[unk_ remains constant. It is currently scanning C\windows\installer\2859ff.msp[unk_ The scan produced results of 8 files infected and suspicious files 2 in the first hour of scan the number of files does keep increasing however c drive has only about 18 gig used so wondering if im wasting my time and there is a problem with this scan. Please somebody let me know if ive just wasted 4 hrs on this and should cancel.........im now on my 5th day with this trojan problem and seem to be no further advanced..any response would be appreciated
 

1 more replies
Answer Match 70.56%

Hey,

I ran a2 four days ago with non remarkable results, I just updated it and re-scanned and its coming back with over 6100 heuristic.archivebombs.

Most were within Java and a small handful came under Mozilla, RealPlayer, and SpyBot - Search and Destroy.

Can someone fill me in in whats going on with my system?

A:A2 Anti-malware - Heuristic.archivebomb False Positives

From Christian Mairoll, Admin at a-squared support forum:Heuristic.ArchiveBomb is a packed file that tries to crash malware scanners. It is usually not dangerous for your PC, but is dangerous for software like a-squared or any other antivirus scanners. If a scanner can not handle such archivebombs correctly, it may crash and leave the PC unprotected.http://forum.emsisoft.com/framehelper.aspx...osts&t=1101scroll down to the next to the last postAlso from the a-squared support forum:...Heuristic is a technique to detect Malware that ignores whether the detection can be proven to be correct, but which usually ensures a good detection rate. A heuristic detection module searches for Malware specific patterns such as Win-API calls.A file detected as Heuristic.* looks like Malware, but you should always check them if it may be a false alert. If you are not sure, please always use the quarantine and do not delete such files immediately.You can also submit such files for further analysis to the analysis team. Please see the contact page for more about this.http://forum.emsisoft.com/Default.aspx?g=posts&t=1687

3 more replies
Answer Match 70.56%

OS: Windows XP SP3
Processor: Intel Core Duo 1.67 GHZ
Memory: 2 GB

For the past few days, Symantec Endpoint Protection has given me messages saying that it has stopped a Downloader from installing to my computer. It seems to always come up as a temporary file with these kinds of names:
DWHXXXX.tmp

The XXXX represents 4 characters consisting of numbers and capital letters.

I did a full scan using Symantec Endpoint Protection. Then, I scanned the computer using Spybot and finished by generating a HiJackThis log. I can not put it in the thread because this forum is not for that purpose, but anyone who wants to look at it can PM me.

I just want to know what's wrong, because I don't see how I can have a Downloader which is constantly deleted by an Auto-Protect scan and yet seemingly have no signs of infection even when scanning in Safe Mode.

A:False Positives from Symantec Endpoint Protection 2007?

Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself.Press the OK button to close that box and continue.If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.The scan will begin and "Scan in progress" will show at the top. It may take some time to complet... Read more

7 more replies
Answer Match 70.56%

I am running Windows XP Pro edition on Service Pack 3 (less than a month installed).

I know we are only suppose to post one issue at a time. However, this is sort of all one issue - I am wondering if these are all just false positives from Comodo (as well as Spybot).

My computer has been acting a little weird, but every time I get something on a scan, or an alert from my firewall/antivirus I can't track down where it said it came from, and can find no other traces of it on my computer. It's starting to drive me nuts and I wonder if they are just false positives.

By acting weird, the main thing is upon restarting windows explorer has suddenly started taking 3+ minutes to load. I've been suffering slow reboot for a while now, however this is new. My wallpaper loads, but everything associated with explorer.exe doesn't - even though it's open and running. Sometimes I have to kill it and restart it manually (explorer.exe), and even then it takes very long to load.

I use Comodo firewall and Antivirus. Recently installed, I was using AVG and Outpost before - but Outpost would randomly lock up my computer and it would display a "recovered from serious error" message and every time I sent the report, it said it was caused by Outpost. I haven't had any issues like that since I switched.

On the 19th I had the comodo antivirus real time protection pop-up and tell me it found TrojWare.BAT.KillAll.C@9034. The file was located in Local Settings\Ap... Read more

A:Am I chasing after false positives? ctfmon.exe keylogger, bat.killall..

Use Super Antispyware to find and remove the malware. Be sure to UPDATE SAS after installing in regular mode. Then boot into safe mode to run the scan and allow it to remove whatever it finds. If it finds anything other than cookies, post the log here.http://www.bleepingcomputer.com/forums/ind...t&p=1040160Run an online scan using Kaspersky Online Scanner. Instructions in link below.http://www.bleepingcomputer.com/forums/ind...t&p=1045589Use Secunia Online scanner to scan your programs for missing security updates. IE browser, Adobe Reader, Adobe Flash, Java have all been recently exploited by malware. http://secunia.com/vulnerability_scanning/online/After updating Java, go to Add/Remove and remove ALL old Java programs. Using the Firefox browser with the NoScript addon will protect you from "driveby" installs of malware and many others.

16 more replies
Answer Match 70.56%

Warning: Multiple False/Positives have been reported with this update!Lavasoft has been notified and more will be posted here when availablehttp://www.dozleng.com/updates/index.php?a...;event_id=29566

A:Warning: Ad-aware Se1r123 Has Multiple False Positives

SE1R123 has been re-released.

This fixes a False Positive in Adware.AdMedia.
This fixes a False Positive in TrojanBackdoor.Serv-U.
This fixes a False Positive in BargainBuddy.
This fixes a False Positive in Win32.Trojan.Agent.
This fixes a False Positive in Win32.Trojan.Downloader.

Note: After you download this, close the program and reopen it and check the Internal Build number and it should be 150

3 more replies
Answer Match 70.56%

MOd Edit: Moved to Antivirus Software..~~ boopmeHi guys was just doing routine scans and noticed that adwcleaner is detecting normal google chrome extensions as adware. Seems to be the following extensions lastpass, adblock, gmail, WoT, and google drive. Only one i cant figure out is Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn. Below i linked the txt from adwcleaner if u guys could double check that there fp's that be amazing. Also i figured you guys could let the creator know of the potential fp's. Thank you, Colin # AdwCleaner v4.107 - Report created 12/01/2015 at 14:32:41# Updated 07/01/2015 by Xplode# Database : 2015-01-11.2 [Live]# Operating System : Windows 8.1 Pro  (64 bits)# Username : ColinR - COLIN# Running from : D:\AdwCleaner.exe# Option : Scan ***** [ Services ] *****  ***** [ Files / Folders ] ***** Folder Found : C:\Users\ColinR\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalfFolder Found : C:\Users\ColinR\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfnFolder Found : C:\Users\ColinR\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnpFolder Found : C:\Users\ColinR\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidomFolder Found : C:\Users\ColinR\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahdFolder Found : C:\Users\ColinR\AppD... Read more

A:AdwCleaner 4.107 Databast 2015-01.11.2[live] False positives?

I see that you ran AdwCleaner straight from the D: drive. If you move it on your Desktop, on your C: drive, is the Scan output the same?

8 more replies
Answer Match 69.72%

Has anyone run across a problem with the Outlook 2003 junk mail filter putting legitimate emails in the junk folder?

I have tried adding senders and domains to the safe senders list, but still no luck. It seems like Outlook is just ignoring these lists. I also tried lowering the filter strength, but that had no effect.

This just started happening in the past month, after an update I believe.

So I'm stuck with shutting off junk filtering, re-installing Outlook 2003, Upgrading to 2007, or rolling back the update. Each of these options have big drawbacks in my mind, so I was hoping someone would have another idea I could try.

A:Outlook 2003 Junk Mail Filter False Positives

Hi RoyX23, Welcome to BC. MS occasionally updates the junk E-mail Filter in Outlook with a more current definition of which e-mail messages should be considered junk e-mail. It is not uncommon for them to screw up your message filter. In fact, august update (kb956077) did exactly that. There was another release (kb955434) the very next day to fix it. There has not been another junk e-mail filter update since then until Nov. of last year, which "sort" of fits your timeline (kb959140).Removing a junk e-mail filter update is not a real security risk. If it's causing problems, my first choice would be to remove it to see if that is actually the issue. If it is, simply waiting for the next update isn't going to hurt.To see the list of junk e-mail filter updates for Outlook 03, go here.There is also a limit as to how many filter rules can be applied in Outlook 03. If you exceed the limit, no more rules will be added no matter how hard you try. The solution is to remove them all and start from scratch again. If Outlook seems to be ignoring any new filters you add, then that is also a possibility though somewhat unlikely.I totally gave up on e-mail filters in Outlook and have it disabled because it never ends. I use a third party tool that monitors my e-mail and allows me to view it right on server before I actually download it.I can pick and choose what gets to my machine and what gets deleted before it reaches my systems. It's 100% effective.

1 more replies
Answer Match 69.72%

Hello, I've written an article that explains How to Report Malware or False Positives to Multiple Antivirus Vendors.

It is meant to be a comprehensive list of all reputable vendors who produce products that rely on signature detection, in some way, in order to detect all manner of malware. What I have done is investigate how to submit malware, and false positives to all of them. I have then taken this information and created a mailing list that allows you, with a few clicks, to submit malware to the majority of all of the anti-malware vendors in the world. At least that is the idea. You can also submit the malware to the reset of them manually, but the idea is to make it as easy as possible to submit it to as many as possible with as little work as possible.

Please use this article to submit any malware you find to as many vendors as possible so we can help to make the online world a safer place. Also, for anyone who is able, and willing, to help I could use your help to improve this list. Please provide me with whatever feedback you have about the article and help me to make the information provided as accurate, and poignant, as possible. It would be most effective to leave the feedback in the comments section of the article so I have all of the feedback in one place. This will help me to best utilize it to improve the article.

Thank you.
 

A:How to Report Malware or False Positives to Multiple Antivirus Vendors

Very informative as ever, thankyou thankyou
 

23 more replies
Answer Match 69.72%

For the past two days I've been getting first anti-virus pop-up notices (a threat has been detected) and now malware pop-up notices from Avast AV on my Win 7 laptop. However, I've run every AV & malware/spyware program I have -- Avast, Malwarebytes, SpywareBlaster, and AdwCleaner -- and nothing suspicious has been detected, but I still continue to get problem pop-up notices from Avast which I take to be false positives. (I've also run CCleaner and I'm currently waiting on a boot time scan to finish.)

The problem started as an unending string of virus reports. Then, after running Malwarebytes and rebooting my laptop, I immediately get a warning that a malware URL has been blocked. The pop-ups are now malware, not virus.
Here is the "problem" -- the same for both virus and malware -- that's been detected:

http://sites.securepayment.net/redirect_0
Infection: URL: Mal
Process: C\ProgramFiles (x86) Google\Chrome\App....

I would greatly appreciate hearing from anyone who has an idea what's going on here. If it appears that I have a real problem, then this post probably needs to be transferred to the other security forum.

Thank you.
 

A:False Positives? Why do I keep getting apparently unfounded virus & malware notices?

6 more replies