Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AVG8.5 Free - Is this a False Positive?


  • Please log in to reply
8 replies to this topic

#1 Katrex

Katrex

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:11:44 PM

Posted 17 December 2009 - 08:15 PM

Hi everyone.

I think I have a false positive on my hands, but I'd like a second opinion.

A few minutes ago, I got the following two detections:
C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
C:\Users\Reeve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GBGBTROF\mbam-setup[1].exe

AVG8.5 Free detected them as: "Trojan horse Dropper.Agent.PKF" They came up as Malwarebytes Anti-Malware (which was scanning at the time) went over them, thus the process in my Resident Shield entry is - naturally - mbam.exe. I'd like to note that MABM did -not- detect these.

I added the ProgramData location to my Resident Shield exceptions (for the time being), and uploaded the file both to virustotal.com and virusscan.jotti.org. Both sites only had a single hit (AVG), and all 40 other programs on Virustotal and 20-ish some other programs on Jotti said it was clean. Although I added the temporary internet files version to the exceptions too, I cannot upload this one for some reason. When I browse to it on virustotal/jotti and hit "Open" after selecting the file, nothing happens.

My AVG8.5 definitions version is 270.14.112/2571. It was loaded today at 5:00 PM.
I'd like to note that I have done 2 full scans with AVG recently (16/12/2009 2:55 AM; 15/12/2009 9:51 AM) prior to this, neither of which detected this.
My OS is 64-bit Windows Vista Home Premium.

Thoughts?
Also, can anyone suggest how I can get the Temporary Internet Files one to actually upload - just in case?

BC AdBot (Login to Remove)

 


#2 Guest_Abacus 7_*

Guest_Abacus 7_*

  • Guests
  • OFFLINE
  •  

Posted 18 December 2009 - 06:45 AM

:flowers:

False Positive, Mate

You will get worse if you ever run two Anti Virus programs on the same machine.

You are better to run Malwarebytes in Safe Mode anyway.

The scan from Malwarebytes and other Anti Virus Programs, to AVG, looks like a Virus because it uses Code to detect them that is similar to what the Viruses and Malware uses.

:thumbsup:

#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,945 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA

Posted 18 December 2009 - 08:37 AM

AVG FAQ 2343: AVG detects infection on file that I suppose to be clean
How To Handle Suspicious False Positive Detection?

You should also contact and advise the vendor that their program is being detected as a threat. In many cases they will work with the anti-virus techs in an attempt to resolve the detection.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 Katrex

Katrex
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:12:44 AM

Posted 19 December 2009 - 12:19 AM

I'll remember not to have 2 AV realtime protections active, then. xD. Not that I plan on it.
Thanks for the confirmation.
Hrm... I have been told (from members of this site, too) that Malwarebytes is better off/stronger in normal mode, though. ;/

Thanks for the links, quietman7. I'll bookmark them for future use.
I updated to 270.14.114/2574 after I got on today, and it no longer flags either file so I guess someone reported it or they otherwise caught it already.

#5 ThunderZ

ThunderZ

  • Deactivated
  • 4,454 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:44 PM

Posted 19 December 2009 - 12:41 AM

Hrm... I have been told (from members of this site, too) that Malwarebytes is better off/stronger in normal mode, though. ;/



That is correct.

#6 ThunderZ

ThunderZ

  • Deactivated
  • 4,454 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:44 PM

Posted 19 December 2009 - 12:46 AM

You will get worse if you ever run two Anti Virus programs on the same machine.



MBAM is not an AV per-say. It is an anti-malware. Having said that. Most AVs running real time will basically scan right behind MBAM and other malware scanners as well. It is almost like getting two scans for one. Malware and AV. Rarely will this cause conflicts.

#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,945 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:44 PM

Posted 19 December 2009 - 07:30 AM

Scanning with Malwarebytes Anti-Malware in safe or normal mode will work but removal functions are not as powerful in safe mode. Why? MBAM is designed to be at full power when malware is running so safe mode is not necessary when using it. In fact, MBAM loses some effectiveness for detection & removal when used in safe mode because the program includes a special driver which does not work in safe mode. Further, scanning in safe mode prevents some types of malware from running so it may be missed during the detection process. Additionally, there are various types of malware infections which target the safeboot keyset so booting into safe mode is not always possible. For optimal removal, normal mode is recommended so it does not limit the abilities of MBAM. Doing a safe mode scan should only be done when a regular mode scan fails or you cannot boot up normally. If that is the case, after completing a safe mode scan, reboot normally and try rescanning again.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 Katrex

Katrex
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:12:44 AM

Posted 21 December 2009 - 12:43 AM

Thanks much for the information, especially that thorough explanation - quietman7. I never knew the exact reason before (like the driver thing).

#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,945 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:44 PM

Posted 21 December 2009 - 12:09 PM

You're welcome.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users