False positive list

Is there a list of recent false positives?

Hi Skip H,

Not that I know of, but you can search this forum for FP or False Positives. Normally they are rather short lived issues, they seldom outlive the next virus definition update, so notifying FP’s is far more important than searching lists,

polonus

Aside from what Polonus said - Why would you need to ask such a question ?
If you have a detection that you consider might be a false positive, then what is it ?
e.g. malware name, file name, location (C:\windows\system32\infected-file-name.xxx) and why you think it is a false positive.

Then we can help you confirm/deny the detection and what actions to take, etc.

Yes, I fully agree here with DavidR, that it is important to know why you asked this question. Be more specific to reveal your reasons for asking this. With such a kind of cryptic question, you will only get likewise answers,

polonus

I got what I think is a false positive.
hxxp://www.google-analytics.com/ga.js|>{gzip}

infection HTML:Iframe-INF
It even pops up for the avast forum.

Kindly update your virus defs.

My virus data is up to date :frowning:

What is the version of definitions you have?

110325-0

Cannot reproduce your problem at all.

ga.js
http://www.virustotal.com/file-scan/report.html?id=716d388a41888b9f461d2afa9f40a87b7aa6c7409e7ccdcf233f5be1135aef97-1301076408

I have avast 6.
Could there be a problem on my end?

Can you show us a screenshot, we are all using avast 6 and can’t see the problem you are having…

http://i55.tinypic.com/2ns84dl.png

Eh… What does

nslookup www.google-analytics.com

produce on your box? (Run that in command prompt.)

http://i.imgur.com/5pSwa.png

I meant

nslookup www.google-analytics.com

Also, please use the additional options - attach feature here for screenshots.

85.10.195.196 - Geo Information
IP Address	85.10.195.196
Host	static.85-10-195-196.clients.your-server.de
Location	 DE, Germany
City	Nürnberg, 02 -
Organization	Hetzner Online AG
ISP	Hetzner Online AG
AS Number	AS24940 Hetzner Online AG RZ

You clearly are infected by something and your DNS is hijacked.

Here

Yeah, as said - your DNS is not sane. Set it to 8.8.8.8 and 8.8.4.4 (Google public DNS) so that you stop this temporarily and try the nslookup again. Anyway, we will need MBAM and OTS logs (see the stickies here).


IP Address	173.193.227.124
Host	173.193.227.124-static.reverse.softlayer.com
Location	 US, United States
City	Dallas, TX 75207
Organization	Hosting Services
ISP	SoftLayer Technologies
AS Number	AS36351 SoftLayer Technologies Inc.