Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

False Positives in antivirus-programs


  • Please log in to reply
98 replies to this topic

#61 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,106 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:15 PM

Posted 08 May 2014 - 06:57 AM

...this thread is for reporting False Positives. It is not for assisting how to explain them or why they happen. Just a repository for reported false positives.

As Grinler stated in post #1

This topic will be used to post false positives in Anti-virus/Anti-malware programs so that end-users know not to fix the particular entries that may be shown


.
.
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Microsoft MVP Reconnect 2016
Windows Insider MVP 2017
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

BC AdBot (Login to Remove)

 


m

#62 zod999

zod999

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:15 PM

Posted 29 May 2014 - 11:13 AM

This looks like a false positive for Adwcleaner 3.211: 

 

# AdwCleaner v3.211 - Report created 28/05/2014 at 14:05:09

# Updated 26/05/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : miker - MIKER-PC
# Running from : C:\Users\miker\Downloads\adwcleaner_3.211.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\AppDataLow\Software
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
 
I can't find anything malicious about this registry key anywhere. I've deleted the key a number of times and it keeps getting recreated. 


#63 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,106 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:15 PM

Posted 29 May 2014 - 11:34 AM

Since you posted the possible FP at Xplode's home site...he will be will able to check into it from there.
.
.
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Microsoft MVP Reconnect 2016
Windows Insider MVP 2017
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#64 msi4mahesh

msi4mahesh

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:45 AM

Posted 20 December 2014 - 12:56 AM

False positives are the most annoying thing. I have been submitting to Drweb our program many times now in a row and still they do not white list it, even their moderators seem to be unable to help in my case. Our program is not detected by any other antivirus program whatsoever. 

 

https://www.virustotal.com/en/file/913ab78776ae304d9a964b44c6e2c821abe92e3e9051a7ffe4d4a4ff321c293a/analysis/1419052587/



#65 cat1092

cat1092

    Bleeping Cat


  • BC Advisor
  • 6,715 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:05:15 PM

Posted 20 December 2014 - 01:34 AM

msi4mahesh, I agree fully that FP's are a pain in the backside that we all can live w/out, but we really need to ensure that is a FP & not a real threat. 

 

I highly recommend you download & run the Emsisoft Emergency Kit & run the Deep Scan. It may look hard to find, but mess with the settings & you'll see it. There will be four blocks displayed, be sure to choose Deep Scan. While there's no such thing as a 100% guarantee of FP's, Emsisoft has won award after award for having a top AV+AM software in Emsisoft Anti Malware, along with having the least FP's. 

 

Here's the 100% Free, no obligation Emsisoft Emergency Kit. It uses no resources unless used, so it's best to keep it installed & when you run it, all it needs is updating to the latest definitions & program, if applicable. Just so happens, we have it on our site.  :)

 

http://www.bleepingcomputer.com/download/emsisoft-emergency-kit/

 

And in the event it finds & quarantines anything, you may wish to take the 30 day, no obligation, no hassle test drive of Emsisoft Anti Malware to keep your computer clean. It's compatible with most security software & uses little resources to pack such a huge punch. I'm on my 3rd year of running EAM. Just select EAM from under the Home Products column. I included a link below to show you a video what we're all up against today. This is not a sales pitch, it's for real & I'm not an agent for Emsisoft. 

 

Just into my 3rd year of being a happy customer. 

 

http://www.emsisoft.com/en/

 

Good Luck! :)

 

Cat


Performing full disc images weekly and keeping important data off of the 'C' drive as generated can be the best defence against Malware/Ransomware attacks, as well as a wide range of other issues. 


#66 msi4mahesh

msi4mahesh

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:45 AM

Posted 20 December 2014 - 02:24 AM

If you can see the virustotal analysis report then you could see that they have scanned our program using Emsisoft as well, therefore this indeed is a false positive. 



#67 cat1092

cat1092

    Bleeping Cat


  • BC Advisor
  • 6,715 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:05:15 PM

Posted 20 December 2014 - 03:48 AM

Yes, I seen the results, the reason why I suggested their Emergency Kit scanner was for a 2nd opinion scan of your entire drive. I've cleaned lots of computers with it on a Flash drive. 

 

If you feel for certain that it's an FP, then submitting it as such to DrWeb is the thing to do, as I've seen that you already have. From that point, all you can do is wait it out. 

 

Good Luck! :)

 

Cat


Performing full disc images weekly and keeping important data off of the 'C' drive as generated can be the best defence against Malware/Ransomware attacks, as well as a wide range of other issues. 


#68 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,106 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:15 PM

Posted 20 December 2014 - 07:59 AM

Since you say this is your program (GamesBotSetup.exe) and you have already submited it to Dr.Web...then it is up to them to investigate and make a decision as to whether or not to remove it from detection.

I am not sure how you made that submission so you may want to resubmit following the instructions provided in How to Report Malware or False Positives to Multiple Antivirus Vendors.
 

Dr. Web
Online False Positive Submission
Report False Positive via Email: vms@drweb.com


.
.
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Microsoft MVP Reconnect 2016
Windows Insider MVP 2017
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#69 msi4mahesh

msi4mahesh

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:45 AM

Posted 20 December 2014 - 11:12 AM

 

Since you say this is your program (GamesBotSetup.exe) and you have already submited it to Dr.Web...then it is up to them to investigate and make a decision as to whether or not to remove it from detection.

I am not sure how you made that submission so you may want to resubmit following the instructions provided in How to Report Malware or False Positives to Multiple Antivirus Vendors.
 

Dr. Web
Online False Positive Submission
Report False Positive via Email: vms@drweb.com

 

 

Yeah I have submitted to them exactly according to their submissions guide. Not once but several times. I will just have to wait 


Edited by msi4mahesh, 20 December 2014 - 11:40 AM.


#70 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,106 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:15 PM

Posted 20 December 2014 - 11:17 AM

Most vendors are diligent with investigating and resolving this types of issues but it can take some time.
.
.
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Microsoft MVP Reconnect 2016
Windows Insider MVP 2017
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#71 msi4mahesh

msi4mahesh

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:45 AM

Posted 21 December 2014 - 11:11 PM

Yeah i believe that it does take time, hope they will fix it sooner 



#72 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,106 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:15 PM

Posted 22 December 2014 - 05:50 AM

BTW...the detection appears to be a variant of Clicker Trojan aka clickbot.
.
.
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Microsoft MVP Reconnect 2016
Windows Insider MVP 2017
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#73 msi4mahesh

msi4mahesh

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:45 AM

Posted 23 December 2014 - 12:10 AM

Yeah I was instructed to write to them an official letter regarding the detection, therefore I will either get it white listed or answer to why it's being detected 



#74 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,106 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:15 PM

Posted 23 December 2014 - 07:04 AM

Good luck.
.
.
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Microsoft MVP Reconnect 2016
Windows Insider MVP 2017
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#75 Slipoch

Slipoch

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:09:15 AM

Posted 15 July 2015 - 11:52 PM

Kapersky constantly removing program from whitelist. We have been making software for longer than Kapersky has ever been around, every time we send them our files they agree to list them on their whitelist and for that month we are ok, then they do an update and remove us from the list even though some of these files have not changed in 5 years.

 

The big problem is that Kapersky is currently (as at 1/7/15) ignoring the exception list when it does this, we have many customers in over 30 countries and this is the only AV company to consistently do this.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users