G’day Avast,
False Positive when downloading the latest AdwCleaner v3.100 when detect as a virus see screenshot
From the original website:- h**p://general-changelog-team.fr/en/downloads/viewdownload/20-outils-de-xplode/2-adwcleaner
G’day Avast,
False Positive when downloading the latest AdwCleaner v3.100 when detect as a virus see screenshot
From the original website:- h**p://general-changelog-team.fr/en/downloads/viewdownload/20-outils-de-xplode/2-adwcleaner
Contact Form
Zoek.exe is also getting a FP detection.
Is this FP fixed ?
download and find out…
now i have done it for you
https://www.virustotal.com/en/file/f605d75e2584a46e134b7793fd1ce3e1f8ec941996c5835e6faa0e059deadc4b/analysis/1397984876/
https://www.virustotal.com/en/file/766fb59fbdbba35a122ed7d3696069740e6cacda548369357e4d4ae156f2f020/analysis/1397985024/
Hi Pondus,
What if the very tool that is recommended for removal is being flagged. Read: http://www.malwareremovalguides.info/win32dropper-gen-drp-removal-instructions/ The trojan requires other components in order to run properly and may may arrive as a file that exports functions used by other malware.
I think it is a FP,
pol
Hi Pondus,
Even ComboFix is marked as malware in VirusTotal scan. See here.
This is one of reasons why helpers asks the victims to temporary disable the anti-virus shield before proceeding with the shield.
One of the reasons can be the following –
During the process of removing malware from your computer, there are times you may need to use specialized fix tools. This is especially true if you are receiving help from a member of the HJT Team. Certain embedded files that are part of these specialized fix tools may at times be detected by your anti-virus or anti-malware scanner as a "RiskTool", "Hacking tool", "Potentially unwanted tool", a virus or a "Trojan" when that is not the case.These tools have been carefully created and tested by security experts so if your anti-virus or anti-malware program flags them as malware, the detection is what’s known as a “False Positive”. Anti-virus scanners cannot distinguish between “good” and “malicious” use of such programs, therefore they may alert you or even automatically remove them. In these cases, the removal of these files can have “unpredictable results” and unintentional results.
Hi Valinorum,
I guess that it is a false heuristic packer detection on UPX, AutoIt, UPX.
Compiled AutoIt scripts can optionally be compressed with UPX. UPX is an open source software compression packer. It is used with many viruses (to make them smaller).quote info source: http://www.autoitscript.com/wiki/AutoIt_and_Malware
Would not be surprised at all when again this would be the case for the ComboFix FP.
also possible it is in the AutoIt bin file where the detection is being flagged ;D
Also see: http://anubis.iseclab.org/?action=result&task_id=16d9e74075c2d7574516ab635ed197560&format=html
Source code should be forwarded in a report to avast! to independently verify the generic dropper find is indeed based upon a false positive detection!
greets and a happy Easter to you and yours,
polonus
P.S. avast! no longer flags it? → https://www.virustotal.com/nl/file/7926e3e0e44d02df8740471cd0ad4bd8ba74af8363e7f9682d75b1163345c45e/analysis/
zoek.exe confirmed False Positive by Norman lab
zoek.exe confirmed False Positive by Sophos lab
combofix.exe confirmed False Positive by Sophos lab
Thank you polonus for the information. Happy Easter to all.
AdwCleaner 3.100 FP is fixed.