Intel Bluetooth false positives

devmonsrv.exe: http://www.virustotal.com/file-scan/report.html?id=a7c574a97f436fdfc84390f13697c48e61d280422946e158e533be8427d49f88-1300815116
obexsrv.exe: http://www.virustotal.com/file-scan/report.html?id=dc583f29bd4d1ae4a01340890c4d218bf29fbc4245de0a5b9598134e4ce43b32-1300815027
mediasrv.exe: http://www.virustotal.com/file-scan/report.html?id=7a213a65e45e410fe4b5ff4dce3fc9216dcebd7466eb06e3dcde7aa9bf3cb0a7-1300814779

Seems packers detections.
The original setups could be found here:
hxxp://downloadmirror.intel.com/19889/eng/ICS_vs32.exe
hxxp://downloadmirror.intel.com/19855/eng/ICS_Ds32.exe

Maybe a False Positive, but look likes it is Intel’s Fault too!

Exactly how’s this Intel fault? ???

I’ve not checked the file yet as I’m busy, but usually a bad packing/compile or not signing the file result in such problems. (or even uncommon setup script which could be the problem as what I see in detection names)

hmmm… I came to this forum looking for info and this is the closest thing I found. I have a brand-new Dell XPS just out of the box today. I installed Avast, did a scan, and got this report:

btplayerctrl.exe is infected by win32:Malware-gen

This is in the Intel\Bluetooth directory. Should I assume this is a false positive?

Most Likely yes :slight_smile:

Has these been checked for instance?
Product: Intel PROSet\Wireless Bluetooth
Company: Intel Corporation
Description: Bluetooth Media Service
Version: 1.0.0.40
MD5: 03A7341E94ACD92E0831336D4F3ACE92
SHA1: B79EE6B0F81533962635CDCDA6765897A941D087
SHA256: B7BF8B549F2E1508E13568A735C20E799751143DE7D58728100E0EB527D39AC6
Size: 1298496
Directory: %PROGRAMFILES%\Intel\Bluetooth\mediasrv.exe
Operating System: Windows 7

There were bugs in the software way back in 2007, something could have happened again, or just a FP,
there is malware like this:
http://www.prevx.com/filenames/1433731098718421003-X1/OBEXSRV.EXE.html
and
http://www.prevx.com/filenames/2537676002901419612-X1/MEDIASRV.EXE.html

polonus

Anyone submitted this via http://www.avast.com/contact-form.php?loadStyles yet?

I’ve submitted all files from Chest. avast team has them. I wish they could say something about.

Wow! Wow!
You’re brave. Even against a “problematic” virustotal results you’ve added them as false positives.
Congratulations! Shows your good work and how virustotal aggressive behavior is not an indication (always) of a better product.

devmonsrv.exe: http://www.virustotal.com/file-scan/report.html?id=a7c574a97f436fdfc84390f13697c48e61d280422946e158e533be8427d49f88-1301010246
obexsrv.exe: http://www.virustotal.com/file-scan/report.html?id=dc583f29bd4d1ae4a01340890c4d218bf29fbc4245de0a5b9598134e4ce43b32-1301010319
mediasrv.exe: http://www.virustotal.com/file-scan/report.html?id=7a213a65e45e410fe4b5ff4dce3fc9216dcebd7466eb06e3dcde7aa9bf3cb0a7-1301010321

And the eternal champions of false positives: Avira, Emsisoft, F-Secure and Prevx. ;D

The Avira stuff is probably caused by High heuristics (didn’t check, no machine w/ Avira at hand ATM). PrevX/Emsisoft - yeah, highly annoying, happens all the time. No experience with F-Secure. Whatever, thanks to Avast for fixing this. 8)

It’s always the same…
People applaud it when it detects and forgot to mention when it messes.

F-Secure is using Bitdefender engine…but are not on same update…yet

This detection name is not related to High or Low heuristics.
anyway, I could not find any malware detectd by avira in installed setups (Links in first post)

The links on the first post aren’t the setup but the installed files.
Avira (Antivir) detects them as TR/Dropper.Gen2 ???

I did contact Avira Malware Analyze internally, sent this topic to them and they could not find any any false-positive neither, Are you sure those VT links are for the files inside those setup files (after installation)?

Completely sure. I’ll send you the samples to help Avira to correct the detection.

Thanks, I forwarded files to them. (Scanned your files and yes, they are detected as Trojan Dropper)

Ok. Let’s wait for the next Avira update :slight_smile: