OTL - False positive

Hello,

False positive about OTL.exe (scanning tool) from OldTimer

http://oldtimer.geekstogo.com/OTL.exe

Cheers.

Where are you getting this alert as I don’t when it is downloaded ?

I suspect it might be the AutoSandbox and essentially that isn’t an FP as such ?
The autosandbox process is controlled in the first instance by the file system shield (FSS), the suspect.exe file is scanned before it is allowed to run. If it were infected, it could/should be detected by the FSS, so one reasonable thing in its favour is it hasn’t had a definitive detection.

However, the FSS checks other things amongst those a) is the file digitally signed, b) its location and what it does (this is done in the emulation check). these can trigger a suspicion and it is this suspicion that results in the recommendation to use the autosandbox.

Now the user can accept this decision and run it in the autosandbox or have it run normally and to Remember the answer for this program. Provided of course you are familiar with the program and that it is clean and of course that you intentionally initiated the program.[

Why is it that you need to download and or run OTL ?

I uploaded a FP this morning from the chest

Strange as my VPS was 120429-0 so any subsequent correction would be in the next VPS ?

That said I have lots of streaming updates from this afternoon and two from just before my post, so perhaps it was quickly corrected in one of those.

  1. I’m already on 120429-1.
  2. Most likely. :wink:

As I said, my VPS was 120429-0, 120429-1 wasn’t released or on my system at the time I posted. I have literally only just got it as I have been off-line for a few hours.

Once you get the latest VPS any stream update before that is removed (so wouldn’t be able to post an image of them) as part of the post VPS update housekeeping.

I see.
Anyway, it’s fixed. :slight_smile:

Yes, quite quick considering when the OP reported this (19:41 UK local) in the forum, yet less than an hour later (20:32 UK local) I didn’t get an alert.

Nice that it has been fixed, but we are still stuck with this various blacklisting: https://www.virustotal.com/url/a2170f9dbfafd4cf9a2c986601b9165a08f999ac618928978581d2ca01d8d09b/analysis/1335742975/

polonus