False positive: ImageShrink.exe

Hi anybody. I renamed .exe into .log and attached it. This simple utility has no rootkits; I’ve used it on my site and visitors reporting that it contains a rootkit (when file checking by Avast! web shield).

The log is giving me a popup when i try to look at it… an avast popup (see pic)

There is no rootkit in this file - I’ve told that it’s a false positive. :wink:

i have sent the sample as a FP to avast virus lab…lets see :wink:

Thanks, I just did it too. ;D

can u upload the file here:

www.virustotal.com

and post the link to results here please.

I have downloaded the file… I uploaded it.
http://www.virustotal.com/file-scan/report.html?id=81ae16f063cedad86fe2f63732dbd29e7764a58a6b4ba5d8fe523c9bb9124e1b-1325135834

the MD5 for virus total is: 65bf5ca5d39fbf509139cbd529644c8e (Just incase the link doesn’t work)

Also the file is detected by 13/ 43 antiviruses.

interesting results…lets see what the avast virus lab has to say about this.

Here the results:

http://www.virustotal.com/file-scan/report.html?id=81ae16f063cedad86fe2f63732dbd29e7764a58a6b4ba5d8fe523c9bb9124e1b-1280262252

It’s strange that Avast! didn’t mark file as a suspicious. What “another” Avast! they have? :slight_smile:

this seems to be a different file…did u upload the file that u gave us??

Well, it’s more and more interesting in comparing with Coolmario88cp results…

No, the file is the same - md5 signature shows it. Just renamed extension.

can u attach the file in log format which u uploaded at VT

In that case avast catches it when it is in log format and not in exe format??

Strange… I didn’t rename the file at all.

there seems to be something fishy… ::slight_smile:

On my machine, Avast! catches file with any extension.

I’ve renamed it for uploading there. :slight_smile:

Can anybody upload the file here:

http://www.threatexpert.com/submit.aspx

and give me the link to the results.

when i uploaded the file in comodo it says unclassifiedmalware ::slight_smile: :stuck_out_tongue:

I tried to upload it but windows gave me a error saying operation can’t be done file contains a virus.

how can windows give u a error??

or u mean to say avast! stopped the upload…

try disabling avast and upload it.