positive false?

system · January 30, 2011, 12:49pm

I downloaded a game recently (2 rar parts 1.9gb and 554mb) but when i wanted to extract the rar parts Avast shows that theres a “Win32:Genome-AEX [Trj]” virus in the iso file , and when i asked the ppl i downloaded the game from the said its a (positive false) i’ve no idea whats that mean … so what shall i do? is it safe to install the game as its a positive false or its not??? pls help me

system · January 30, 2011, 12:53pm

sorry for my bad english

nmb · January 30, 2011, 12:55pm

Hi,

Where did you download the game from?

Pondus · January 30, 2011, 12:55pm

False Positive is when a clean file is detected as Malware
False Negative is when a Malware file is detected as clean

False Positive http://antivirus.about.com/od/antivirusglossary/g/falsepositive.htm

Do you have Malwarebytes installed ?

system · January 30, 2011, 1:03pm

@nmb

i got the game from megaupload i’ll post below

@Pondus

no i don’t have the program u mentioned

thanks for the replays

system · January 30, 2011, 1:03pm

here are the links i download the game from

if someone can make sure if there is a real virus in or not i’ll appreciate it

Pondus · January 30, 2011, 1:17pm

I was thinking you could scan every file with malwarebytes for a second opinion

www.malwarebytes.org
http://filehippo.com/download_malwarebytes_anti_malware/

system · January 30, 2011, 1:26pm

Oh pardon me! i thought u meant that i have this positive false bcuz of this program

ok i’ll try this and scan the files …

thanx

system · January 30, 2011, 1:33pm

Post the logs when it’s done to confirm if that is really a false positive or a serious virus.

system · January 30, 2011, 1:41pm

ok i scanned the iso and the mds with the program not updated then after updated 0 files infected:

Malwarebytes’ Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5639

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

30/01/2011 04:39:20 م
mbam-log-2011-01-30 (16-39-20).txt

Scan type: Quick scan
Objects scanned: 0
Time elapsed: 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

but the program is not registered so i wonder if it’ll be different if i could get the register…

system · January 30, 2011, 1:44pm

why it shows (Objects scanned: 0) ???

im marking 2 files (iso and mds) and scanning them … is there something wrong?

system · January 30, 2011, 1:48pm

The problem is not related to registration…

The problem is related to scan. It didn’t scan any files at all so it didn’t find any malware.
I suppose you have had a run with the “Direct File Scan” or in another words: Select a file or folder > Click right button > Scan with Malwarebytes Anti-Malware.

Follow this instructions:
1- Open Malwarebytes
2- On Malwarebytes GUI, go to Scanner > Perform Full Scan > Select the drives and let the scan run.
It will take 1 hour ~ 2 hours depending on the number of the files you have.

Post the log when it’s done.

system · January 30, 2011, 1:57pm

I scanned the folder containing the iso,mds and it saw 2 files:

Malwarebytes’ Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5639

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

30/01/2011 04:53:44 م
mbam-log-2011-01-30 (16-53-43).txt

Scan type: Quick scan
Objects scanned: 2
Time elapsed: 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

but about scanning the partion i think it’ll take awhile to finish the scan…

nmb · January 30, 2011, 2:02pm

Are you sure that what ever game your downloading, is genuine? I would certainly not download anything from such file sharing sites unless I personally know the person who has uploaded it. And I am not surprised if avast detects something in it.

system · January 30, 2011, 2:19pm

@nmb

I don’t know if its genuine or not … but its strange that i get the same virus everytime i download the game

i first got this game from 8 parts 400mb each one and it has that virus , second one was torrent file and again it has the

same virus and the one i posted was the last one … so is that possible?? im getting the game from the same uploader everytime???

nmb · January 30, 2011, 2:25pm

The same file will be posted by many users as if it is theirs… ::)(May be not) But I am damn sure that what ever your downloading is not genuine. 99% of the files shared on the torrents are illegal (source). Torrents and free illegal downloads are one way of spreading viruses. Please stop downloading such things.

system · January 30, 2011, 2:33pm

I dont think one person can upload 3.2gb 4 times and making a torrent

ill post u all the links for this game:
plus a torrent file but i dont remember where it was from

so all files are from the same person???

nmb · January 30, 2011, 2:37pm

I don’t know whether they are from the same person or not. They may be… they may be not. And I don’t want to know. I just wanted to warn you that these might not be genuine.

That is all I have to say.

P.S I will not download any file from the links you gave.

Pondus · January 30, 2011, 2:42pm

I don`t think malwarebytes scan inside rar / zip files so you have to unpack before you can scan the file

These will scan zip rar files

Dr.Web CureIT http://www.freedrweb.com/cureit/?lng=en
how to use it http://www.freedrweb.com/cureit/how_it_works/?lng=en
Norman Malware cleaner http://www.norman.com/support/support_tools/malware_cleaner/en-us

download and save to desktop and run from there, they are fully updated when you download
they are not installed so when done just drag and dropp to recycle bin

PS: and as nmb say, we will not download and check these files so please remove the download links

system · January 30, 2011, 5:18pm

Hello again

sorry if im bothering you guys

@Pondus

I scanned and scanning the files after unpacking because even avast couldn’t discover a virus when its a rar file but after unpacking it discovered that virus…

i scanned with Dr.Web CureIT though it was a little creepy of its starting but when scanning the iso,mds it shows no virus

and this is the log for Norman Malware cleaner

Norman Scanner Engine Version: 6.06.12
Nvcbin.def Version: 6.06.00, Date: 2011/01/30 05:16:51, Variants: 9648006

Switches: /nobs /nounpack /nops

Scan started: 2011/01/30 20:06:10

Running pre-scan cleanup routine:
Operating System: Microsoft Windows 7 6.1.7600
Logged on user: Rami-PC\Rami

Scanning kernel…

Kernel scan complete

Scanning file system…

Scanning: prescan

Scanning: C:\New folder (4)*.*

Scanning: postscan

Running post-scan cleanup routine:

Number of files found: 2
Number of archives unpacked: 0
Number of files scanned: 0
Number of files not scanned: 2
Number of files skipped due to exclude list: 0
Number of infected files found: 0
Number of infected files repaired/deleted: 0
Number of infections removed: 0
Total scanning time: 0s 94ms

positive false?

Announcements