Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

False positive with adwcleaner ?


  • Please log in to reply
5 replies to this topic

#1 shadowk8

shadowk8

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:04:18 PM

Posted 02 September 2013 - 08:30 PM

Hey guys got a prompt when running adwcleaner to update from 3.0.0.1 to 3.0.0.2 and i downloaded from you guys an noticed that after running it was being detected through hitman pro 3.7.7. build 205 as a gen.trojan. So i uploaded the file to virustotal and it came back with 2/46 with i believe from antivir dont remember what it was detected as and symantec saw it as WS.reputation.1. I dont have a link to the original scan and rescan and upload in a second.

 

 

EDIT: moved to appropriate forum

~boopme


Edited by boopme, 02 September 2013 - 08:51 PM.


BC AdBot (Login to Remove)

 


#2 shadowk8

shadowk8
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:04:18 PM

Posted 02 September 2013 - 08:33 PM

Update looks like Antivir update there definition with virustotal recently and it isnt being detected by them anymore, but still by symantec as WS.reputation.1. Basically i couldn't find a way to report it along as a fp to symantec so i figured i would just post it here to see if you could pass it to them :P

 

Link: https://www.virustotal.com/en/file/58230ce9f7f65653dea42cced4565b52c1604cf2cddf4cdd29f25f4b88629eb6/analysis/1378171357/



#3 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,079 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:10:18 PM

Posted 03 September 2013 - 02:19 AM

I can report it to Symantec, and will do so.

Might want to report it to hitman pro too, if you can do that.

xXToffeeXx~

~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#4 shadowk8

shadowk8
  • Topic Starter

  • Members
  • 70 posts
  • OFFLINE
  •  
  • Local time:04:18 PM

Posted 03 September 2013 - 07:35 AM

Thanks, Toffee appreciate it! Ya ill try to get in touch with there support side and let em know, seems like build 205 of there definition have been riddled with fp's.



#5 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,079 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:10:18 PM

Posted 03 September 2013 - 08:18 AM

Symantec are going to remove the detection in the next virus definitions update.

 

Okay, and that's interesting to note about hitman pro.

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:18 PM

Posted 03 September 2013 - 01:50 PM

False detections like this are not uncommon.

Certain embedded files that are part of legitimate programs or specialized fix tools, may at times be detected by some anti-virus and anti-malware scanners as suspicious, a Risk Tool, Hacking Tool, Potentially Unwanted Program, a possible threat or even Malware (virus/trojan) when that is not the case. This occurs for a variety of reasons to include the tool's compiler, the files it uses, whether files are compressed or packed, what behavior it performs, any registry strings it may contain and the type of security engine that was used during the scan. Other legitimate files which may be obfuscated, encrypted or password protected in order to conceal itself so they do not allow access for scanning but often trigger alerts by anti-virus software.

When flagged by an anti-virus or security scanner, it's because the program includes features, behavior or files that appear suspicious or which can potentially be used for malicious purposes. Compressed and packed files in particular are often flagged as suspicious by security software because they have difficulty reading what is inside them. These detections do not necessarily mean the file is malware or a bad program. It means it has the potential for being misused by others or that it was simply detected as suspicious or a threat due to the security program's heuristic analysis engine which provides the ability to detect possible new variants of malware. Anti-virus scanners cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert you or even automatically remove them. In these cases the detection is a "false positive".
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users