FALSE POSITIVEs

File “C:\Documents and Settings\username\Local Settings\Temp\RRMedic-download.exe{userdesktop}\RoadRunnerMedic.exe{app}\radF6254.tmp.msi\Feature19.cab\FILE_00108” is infected by “Win32:Trojan-gen {Other}” virus.

File “C:\Program Files\Common Files\supportsoft\bin\ssmail.dll” is infected by “Win32:Trojan-gen {Other}” virus.

both of these are installed by the factory cd that comes with roadrunner internet (timewarner cable)

i understand why avast is detecting them, because of the packager they used… but come on there’s just SO many false positives lately with avast.

is there a way i can just set our ADNM server to ignore “trojan-gen other” ?

http://www.prevx.com/filenames/X3293692941153635430-X1/SSMAIL.DLL.html Apparently this is a worm and the RoadRunnerMedic.exe please scan it on virustotal and show us what the result so i can see if its a false positive because its look strange for a .exe :slight_smile:

Mr.Agent

@ bryonTRN
Since the first one is in a temp location C:\Documents and Settings\username\Local Settings\Temp\RRMedic-download.exe\ I would probably get rid of it, presumably this was an installation file, which presumably you have already installed ?
I also presume that the application once installed doesn’t have any detections by avast ?

The second one ssmail.dll is used by more than one application and in some cases ssmail.dll is malicious but in many others a let program. So the link given by Mr.Agent shouldn’t be taken as gospel but confirm one way or the other.

You should check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here the URL in the Address bar of the VT results page. You can’t do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.

Create a folder called Suspect in the C:\ drive, e.g. C:\Suspect. Now exclude that folder in the Standard Shield, Customize, Advanced, Add, type (or copy and paste) C:\Suspect* That will stop the standard shield scanning any file you put in that folder. You should now be able to export any file in the chest to this folder and upload it to VirusTotal without avast alerting.

Virustotal can give us to know more about the files and see if its really a virus or no :slight_smile:

Thank

Mr.Agent