Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possibly a false positive? Wanna make sure.


  • Please log in to reply
1 reply to this topic

#1 Heekzg

Heekzg

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:40 PM

Posted 24 April 2018 - 09:17 AM

Hello there.
 
After speaking with a friend yesterday, we started talking about antiviruses. I ended up installing Dr. Web on his recommendation, after the scan was done, I saw that it had found 4 trojans.
The trojan in this matter is DLOADER.Trojan. However, what I find funny is that the trojan resided in my onedrive folders. I have never used used onedrive nor have I ever been logged into it.
 
I scanned the folder with both MalwareBytes / Windows Defender and put the folder into VirusTotal with Dr. Web being the only form of antivirus being able to find the so called virus.
 
Does anyone have any thoughts about this? I have added a screenshot of the scan.

 

https://imgur.com/a/0YaiSVF


Edited by Heekzg, 24 April 2018 - 09:20 AM.


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:40 PM

Posted 24 April 2018 - 06:28 PM

After using any security tools you should always be cautious of scanning results before taking action. Why? If you recognize any of the detections as legitimate programs, it's possible they are "false positives" and you can ignore them or get a second opinion if you're not sure. Some security programs have high detection rates especially if the scanner uses heuristic analysis technology. Heuristics is the ability of a scanning program to detect possible new variants of malware before the vendor can get samples and update the program's definitions for detection. Heuristics uses non-specific detection methods to find new or unknown malware which allows the anti-virus to detect and stop if before doing any harm to your system. The disadvantage to using heuristics is that it is not as reliable as signature-based detection (blacklisting) and can potentially increase the chances that a non-malicious program is flagged as suspicious or infected. If that is the case, then you can restore the file and add it to the exclusion or ignore list if you were not too quick to delete it from quarantine.

If you don't recognize the detection or suspect it is a false positives, submit it to one of the online services that analyzes suspicious files.--In the "File to Scan" (Upload or Submit) box, click the "browse" button, navigate to the location of the suspicious file(s) and submit it for analysis. If you get a message saying "File has already been analyzed", click Reanalyze or Scan again.

If the results are indicative of malware, then its safe to remove the detection. The consensus among most experts is that if 90% of the results indicate a file submission is clean, then you can disregard the other detection(s) as false.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users