Over 1 million tech questions and answers.

False Positive Scan Result?

Q: False Positive Scan Result?

I just ran a full system scan with Avast 5.0. I got the result "Threat Detected". Avast found the following:

NPSExec.exe.

The file was moved to the Avast Virus Chest (quarantine) with the following information:

Threat: Win32: Malware-Gen Location: C:\Windows

I ran a general web search and also searched several Virus Libraries with no results found. Since it's in quarantine I can restore it if needed. Has anyone heard of this file or infection?

Thanks for your help and input.

Read other answers
RELEVANCY SCORE 200
Preferred Solution: False Positive Scan Result?

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

RELEVANCY SCORE 86.8

My friend has a Toshiba NB-500 netbook:

CPU: x86_64 Intel(R) Atom(TM) CPU N455   @ 1.66GHz
RAM: 1GB 
HDD: 5400rpm - 320 GB
OS: Windows 10 (upgraded from pre-installed windows 7 starter)

The problem is the slowness: the system is really not usable.
 
So after cleaning auto run boot applications, and services from msconfig, I've tried to scan it with various adware scanners (RKill, TDSSkiller, adwcleaner, malware bytes am, and so on...) nothing found.
I've also performed a scan with the installed antivirus, Avast: nothing found. Then I removed it and activate the default MS Win Defender, launched a scan, but nothing found that time too.
Finally, I scanned it with ClamAV working form a USB booted Linux live system and obtained the following results:

/mnt/sda2/Program Files/Adobe/Reader 9.0/Reader/reader_sl.exe: Win.Trojan.Decay-453 FOUND
/mnt/sda2/Program Files/Mobile Partner/AutoRun/AutoRunSetup.exe: Win.Trojan.Katusha-600 FOUND
/mnt/sda2/Program Files/Mobile Partner/SkinMagicU.dll: Win.Trojan.Ramnit-7199 FOUND
/mnt/sda2/ProgramData/DatacardService/DCService.exe: Win.Trojan.Katusha-600 FOUND
 
----------- SCAN SUMMARY -----------
Known viruses: 4824952
Engine version: 0.99.2
Scanned directories: 26173
Scanned files: 147551
Infected files: 4
Total errors: 8
Data scanned: 22485.68 MB
Data read: 27043.46 MB (ratio 0.83:1)
Time: 14972.820 sec (249 m 32 s)

I doubt that they are false positives. How can I verify it?
May be by md5sum? could you ... Read more

Read other answers
RELEVANCY SCORE 86.8

My email program is Thunderbird, and it's fully up to date. OS is XP

A day or two ago, AVG Free started reporting I-worm/Netsky.Q in C:\Documents and Settings\[userid]\Local Settings\temp\newmsg (and newmsg-1, -2, etc). I did some research on this virus/worm, looked for the files and the registry entries it's supposed to create (I searched both i-worm and netsky separate as well) and came up empty. I used Eraser to delete everything in the temp folder, and the file comes back and gets reported as infected, apparently whenever I receive new email, even from this forum.

I'm told by a Mozilla forum moderator that T-bird does not use this folder path.

I ran a full scan using Malwarebytes and that came up clean. Symantec's netsky fix tool is still running, but I expect that'll come up empty too. I'm running an AVG scan, but can't really trust what it comes up with, I think.

I'm wondering if this snuck in from an email from my mom - her spouse reported that Mom'd had a virus infection, and he had cleaned it. She hadn't sent me any attachments, but just to be safe I deleted all emails from Mom and her spouse to the beginning of the year. That didn't work though, about 5 minutes later the AVG message popped up again.

I don't know what to do now, aside from uninstall AVG and install a better antivirus app.

Appreciate any assistance!

Here's my HijackThis scan:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at... Read more

Read other answers
RELEVANCY SCORE 86

Hello
My name is Michal and I’m a data administrator, London UK.
I have a problem with the scan results using RogueKiller, it shows this hook and directs me to the website that says only " check on the internet whether your machine is infected or not".
Problem is that at work I deal with a lot of sensitive data and I need to know for sure.
My request is can someone please help me identify if this is a virus or just as suggested it is one of the actual genuine software's doings?
Based on this thread ( http://www.bleepingcomputer.com/forums/t/601924/rootkit-ssdtinl-zwdeleteatom/ )I could assume that it is only a false positive but I can’t be sure as to whether my case is exactly the same. I would supply the logs requested there but I don’t want to use those tools without someone telling me to do so.
There is so little on the internet about this issue that I have no way to find out for myself even by comparison. I understand that I could simply format everything but it is the data licks that I’m worrying about.
This is what I know:
Malwarebytes AntiRootkit didn’t find anything
Microsoft Security Essentials found nothing
Also I would like to ask if someone could advise me as to what software specialises in stopping the rootkits from being installed or even better is there a software that would let me know each time an IRP Hook is trying to be established?
Please get back to me and thanks to anyone who would show the interest in assisting me with this... Read more

A:ZwDeleteAtom[99] RogueKiller scan, false positive?

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/615169 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of t... Read more

Read other 0 answers
RELEVANCY SCORE 86

Having read at another forums about the fact that "Stopsign" was able to detect a virus which no other application was able to, I thought of giving it a try. I therefore started the scan.

2. Within the first 2 seconds, the scan showed that there was a trojan in my Documents and setting\Log-in name\ Application Data\Temp. I opened the folder and it was empty, no hidden file even.

3. Then it showed a trojan in Firefox Cache. I deleted the file it had indicated.

4. Now see what happened.

5. When I wanted the scan to go on now, I get a message that "stopsign\...blah blah...\...exe cannot be found. If you know the location ............" and words to that effect.

6. I rebooted the machine and the exact sequence of para 2, 3, 4, 5 repeated.

7. What is happening ??
 

A:Online scan giving false positive ??

Hi techno12

Do you mean eAcceleration Stop-Sign?

That program is well known for occasional problems with false positives.

Have a look here: http://www.spywarewarrior.com/rogue_anti-spyware.htm#ss_note
 

Read other 3 answers
RELEVANCY SCORE 85.2

Hello,

In running my AVG Anti-Rootkit Scan today, it gave me a list of files, but did not register them as "infected." It reported that the items were "white-listed" and should not be removed or were "hidden" files. As I've said, AVG didn't list them as "infected," but as "0/28 files infected." My computer has not been running irregularly, so this strikes me as very peculiar. I run scans religiously (weekly) and back them up with a good sweep of Advanced System Care, which have not reported anything up until now.

I called Best Buy and asked what their opinion was, and they reported it could be a false positive. They recommended that I download and run TDSS Killer to see if the results would be mirrored, but they were not.

So, would it be safe to say that I'm clean? What else could I do to make sure?

A:AVG false positive? TDSS Killer scan picks up nothing?

Generally the term "white-list" is used to describe item that are considered safe.

Read other 4 answers
RELEVANCY SCORE 69.6

Win 10 Home 10586.164

Did a Sfc /scannow.
Result : found corrupted files but unable to repair some of them.

Did a dism..../restorehealth.
Result : Restore operation successful.

Did a sfc /scannow right after dism.
Result : found corrupted files but unable to repair some of them.

I tried to do a chkdsk /f/r, but scanning and repair stayed at 10% for over 45 minutes.
I aborted it. No patience for that.

Do I have a false negative from sfc, or false positive from dism ?

A:False negative or false positive ?

Update :
Did another sfc, same negative result.

Read other 1 answers
RELEVANCY SCORE 65.2

This morning, two computers in house suddenly decided that the wkcalrem.exe file in Microsoft Works 2000 was infected. I can think of no way that particular file is likely to be infected and it's too much coincidence that two un-networked computers just happened to pick it up at the same time. Anybody else got it?

A:Avg False Positive?

I have always known the file that you mention to be part of works, the startup database here lists it as clean, however I always like to scan files like that at Jotti or virustotal before I tell the Antivirus to ignore it. I think that you have a false positive, I just like to be safe.

Read other 2 answers
RELEVANCY SCORE 65.2

Hi, i just recently scanned my computer with AVG Free 8.0 and it found a trojan horse generic10.BHES. But it was listed as a C:\documents and settings\vincent lee\application data\adobe\acrobat\7.0\updater\adberdr709_en_US.exe. I think it may be a false positive? can a normal file be infected? it was cleaned and quarantined but should i post a hijack log as well? I am using windows xp. thanks

if i were to upload it to a website that checks files, do i restore the file from my virus vault? would it be safe? how do i go about restoring it and sending it? thanks!

A:Is This A False Positive?

It probably is a false positive. If you still have access to the file you can upload it at Jotti for analysis.

Read other 4 answers
RELEVANCY SCORE 65.2

I started down this road with a friends computer known to have malware on it.
That had also had major software stuffup with updating.
(it attempts to contact a known malware indicative Domain name.)
personal firewall blocked it, but only because Im paranoid enough to make iexplore
ask everytime it wants to use the net.

Thats not the problem.

Ok I started at major Geeks, using a procedure they outlined.
To initially verify that my system is still clean, as I rebuilt friends computer here.
part of that major Geeks procedure was to tun combofix.
up to that point nothing had found any malware, or any left over bits, nor anything suspicious.
(I run a very tight ship, (real FWs, openBSD, the whole nine yards) no viruses, trojans, etal 10+ yrs and counting)

However:
Combofix, found two files in my system32 directory. named tmp67.tmp and tmp68.tmp
FileAlyser identifies them as identical (MD5), I dont like them because a hex dump shows
they have a standard looking DLL front end. makes me suspicious as they have .tmp fiel extensions.

FileAlyser further identifies them as claiming to be
Company name CreativeLabs Inc. version 2,0,6,0 Product name OpenAL installer.

That would be fine. (I dont like that I cant find any way they could have got them selves run.)
but My system works fine with them removed.
(paranoid mode on) hmmm thinks I perhaps the damngerous bit is still there hiding and so I looks.

My system works fine with them removed because something else put them back!... Read more

A:Is this a false positive?

The silence prompted yet mnore reading and i found.

"The use of Combofix or any other high level removal tool is not for this area. If your log shows indications of the use of these tools,
there is a high probability your post will be ignored. "

If this is the problem where ought I post my problem. The guide does not say.

If there is no where, am I forever condemed not to get help identifying the file tmp67.tmp, because I once ran combofix?

Read other 4 answers
RELEVANCY SCORE 65.2

How do I add a exception in norton 2011 Internet security?

A:False positive

You can configure exclusions in NIS to ignore certain files and/or directories. From the NIS main window, click on Settings, then under Computer Settings you will find a section for AntiVirus and SONAR exclusions. Add your exclusions to both the Items to Exclude from Scans and Items to Exclude from Auto-Protect and SONAR Detection.

If you want to exclude everything in a directory, be sure to have the "Include subfolders" box checked.

If its false positives thats troubling you, submit them to Symantec.

https://submit.symantec.com/dispute/false_positive/

Read other 2 answers
RELEVANCY SCORE 65.2

Hi all,

I scanned my system yesterday with Superantispyware. It came up with 44 security issues called: 'Security.HiJack[ImageFileExecutionOptions]'.

I've done a bit of searching, and some people have said that this is a false positive. However, I want to make sure that this is the case.

I sent off a 'false positive' report to Superantispyware, and as yet I have not received feedback. I have also done a scan with Bullgaurd's scanner, and it reported nothing. I am also currently running scans with Malwarebytes and Windows Defender, and I will let you all know when the scans finish.

I am slightly confused as to how a virus(s) got onto my system in the first place, if they are not false positives. I use Sandboxie which seems to have helped in the past with any potential threats. My only other concern is that a few days ago, I accidentally went on a site which left a virus on my parents laptop. Unfortunately at the time I hadn't got Sandboxie installed, and the system was infected. I did however manage to remove everything via safe mode and using Superantispyware. Later on I looked at the log, and it seems that there was indeed a 'real' virus, however, the same 'Security.HiJack[ImageFileExecutionOptions]' 'virus' was also there, but at the time I thought nothing of it, as I believed it to be part of the 'real' virus (which if I remember rightly was a trojan). Hence, I am slightly confused as to whether or not this in... Read more

A:False positive?

IFEOs can be used for both legitimate and nefarious purposes.

Usually you won't have IFEOs on common apps such as iTunes though unless you've messed with them yourself. Not an absolute. . . just a generality.

Since you mention being infected before I'd go ahead and have SAS remove those.

Hope that helps.

~Blade

Read other 5 answers
RELEVANCY SCORE 65.2

Hi Folks,

Just wondering if anyone else has had this particular situation....I ve attached two "bad boys" MSE detected...so here's the interesting scenario (at least for me!)...it was caught by MSE while or just after (literally mintues after) I did a full scan using Malwarebytes....and the Mbytes scan came all clear!!....I mist say I don't have much experience dealing with bad boys (which is a good thing I like to think) but is this what you call false positive? (must confess reading up on the two named rascals they seem to be anything but false!). Just wanna get some feed back,in the least to improve my knowledge.

Many thanks for stopping by

A:Is this a false positive?

I wouldnt call it a false positive. Read about your issue here.

MSE alert on Java

Read other 3 answers
RELEVANCY SCORE 65.2

I have been using AVG for some time. Recently, I have been getting a notification that I have the RORON i-net worm in one of my temporary internet files. It usuallly occurs when browsing this or some other forum. However, a scan with AVG, with Housecall, with Antivir, and with EZ Etrust does not show any infection. I can only conclude that this is a false positive. I just wondered if anyone else has experienced this.
 

A:False positive in AVG?

Read other 6 answers
RELEVANCY SCORE 65.2

I'm pretty sure my computer is clean (but one never knows); however, Malwarebytes found a PUP today.  Centureylink is my internet provider (PUP has centurylink in it).  I'm running windows 10 64-bit on a desktop.
 
So is this a false positive or do I need to post to the removal area?
 
I tried to copy and paste but it's not showing up on the post, is there a way to attach the picture of the log from Malwarebytes?
 
 
 
 

A:Is this a false positive?

Hi Tierra93 Are you able to upload the file Malwarebytes detected on VirusTotal.com, and copy/paste the report URL here? It'll be easier that way What was the detection name? PUP.CenturyLink?

Read other 1 answers
RELEVANCY SCORE 65.2

 After reformatting both computers that had same exact ransom ware.  Microsoft Security Essentials was installed.  After an  AVG scan it detected MSE as having the Small Trojan. 
   I know this topic was previously done before and closed and I read it thoroughly, but after the pain of having to wipe drives clean, reinstall programs (some I paid a lot of money for and might have to repurchase possibly) just want to be sure, cautious and informed fully.
 How common is this issue of possible false positives? Best ways of dealing with them?And is it simply just not using the programs that causes the conflict? For example if I unistall MSE ( a program never used before nor really feel like need or want)  should AVG then not detect anything?
   Any informed opinion or further information on topic is greatly appreciated.

A:AVG false positive?

Hello SonyStereo,
 
You should choose only one antivirus program to use. You can uninstall MSE and use AVG. My personal recommendation is vice versa, but that is your choice.
If you uninstall MSE, AVG will not detect it.
 
Please read this quote from quietman7, if you have not already:
 

 
IMPORTANT NOTE: Using more than one anti-virus program is not advisable. Why? The primary concern with doing so is due to Windows resource management and significant conflicts that can arise especially when they are running in real-time protection mode simultaneously. Even if one of them is disabled for use as a stand-alone on demand scanner, it can affect the other and cause conflicts. Anti-virus software components insert themselves deep into the operating systems core where they install kernel mode drivers that load at boot-up regardless of whether real-time protection is enabled or not. Thus, using multiple anti-virus solutions can result in kernel mode conflicts causing system instability, catastrophic crashes, slow performance and waste vital system resources. When actively running in the background while connected to the Internet, each anti-virus may try to update their definition databases at the same time. As the programs compete for resources required to download the necessary files this often can result in sluggish system performance or unresponsive behavior.

When scanning engines are init... Read more

Read other 3 answers
RELEVANCY SCORE 65.2

I have ZAM installed for on demand scans and it's within it's 15 days trial license.
It keeps detecting Amazon Spain as an infection in my search bar. I have added it there with "Add to search bar" on Firefox.

Is there a real problem or is it a false positive?
Thanks!
 

A:False Positive or not?

Can you link the search engine add-on? The only Amazon search engine add-on that I can find on Firefox is "Amazon.com Quick Search with Suggestions" made by "Justin". This is not an official Amazon search.

Alternatively, there is an official extension called Amazon Assistant for Firefox that does not get flagged by ZAM.
 

Read other 5 answers
RELEVANCY SCORE 65.2

Hi all,

I just run the Sophos antivirus package and it decteted a "Virus fragment 'Micro-12' in C:\WINDOWS\system32\ActiveScan\pskavs.dll".
In http://forum.avast.com/index.php?topic=18413.msg156599 , this issue is already known to avast and it looks like a false positive since pskavs.dll belongs to Panda Active scan and the virus signature may not be encriped.
In http://virusscan.jotti.org/ Avast dectects it as Win32:CTX and ClamV as Sirius.Annihilator.272.
Can you confirm that this is a false positive?

cheers,

JL
 

A:False positive?

Yes, your ok!
 

Read other 1 answers
RELEVANCY SCORE 65.2

Hi,
I scanned an infected computer with MBAM MSE and Kaspersky. All found trojans and removed them.
Then ran scan with Superantispyware and it found new trojans:

Trojan.Agent/Gen-IExplorer[Fake](2 items)
Trojen.Agent/Gen-PEC (2 items)

I then scanned the folders where the files were kept with Kaspersky and MBAM and they came up clear.
Are these real trojans or are they false positives?

Thanks!

A:SAS False Positive?

Anytime you suspect a file detection may be a false positive, get a second opinion by submitting it to one of the following online services that analyzes suspicious files:Jotti's virusscanVirusTotalVirSCANIn the "File to upload & scan" box, browse to the location of the suspicious file and submit (upload) it for scanning/analysis.You can submit the file(s) directly to SUPERAntispyware downloading and using the SUPERSampleSubmit Utility. The direct download link for this utility can also be found here.Alternatively you can report the results at the False Positives Forum but they will probably ask you to submit a sample. Once a file is received, a technician can examine it in more detail and provide a report letting you know the results.

Read other 1 answers
RELEVANCY SCORE 65.2

Prevx v3.0.5.220 on my unit shows ADWcleaner as malware. Infected with Community.OuterEdge.ADWcleaner.exe. Downloded it 3 times. Same each time. Anyone had this to happen to them? ThnxsEdit: Moved topic from Windows 8 to the more appropriate forum. ~ Animal

A:false/positive?

Hi,
 
you can try uploading the file to VirusTotal.com for scanning, if the file is being detected by most of the antivirus vendors, then it probably contains malware.

Read other 5 answers
RELEVANCY SCORE 65.2

Hi, yesterday i downloaded a virus. Antivirus popped up but i couldnt do anything because my PC started running really slow. But thats not my point. When i start my PC in normal mode mouse is moving and everything seems to be working  but when i click on something Windows force stops or whatever so i cant run antivirus there. I booted it into safe mode and downloaded like every antivirus. Superantispyware showed about 400 tracking cookies- deleted them , other antiviruses found viruses - deleted them but that didnt solved the problem. Roguekiller is showing this: 
 
BTW I already deleted the "terra.im" one but right after i deleted it it showed that it have been already replaced. THE MAIN QUESTION IS  am I supposed to delete the HKEY... files ? I have a feeling that it might be "zeroaccess virus" hidden in there. PLEASE HELP ME 

A:False or positive

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Download Malwarebytes' Anti-Malware from HereDouble-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).The scan may take some time to finish,so please be patient.If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Log... Read more

Read other 2 answers
RELEVANCY SCORE 65.2

All season long I've gone to hdstreams.net to watch the Seahawks games online & no problem. Today I go there & suddenly Avast says threat has been detected & this pop up

 

A:Is this a false/positive?

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17496
Run by Thomas Paine at 17:10:19 on 2014-12-27
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8184.4882 [GMT -8:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Window... Read more

Read other 13 answers
RELEVANCY SCORE 65.2

Is it a false positive or what?

Read other answers
RELEVANCY SCORE 65.2

I ran a malwarebytes full scan, and it marked the following file as a trojan: C:/Program Files/Synaptics/SynTP/SynZMetr.exe.

Is this a false positive, or this legit malware?The file date is marked as before I even got this computer from the manufacturer.

A:Is this a false positive?

It's a false positive.. https://www.virustotal.com/en/file/c...6733/analysis/

Read other 2 answers
RELEVANCY SCORE 65.2

Okay, so ever since I put System Shock Portable (a modified version of SystemShock 1 with mouselook among other mods) I've been getting this detection message from AVG whenever it runs a scan. All it says is to report the result though. So here I am, reporting the result.
 

 
"";"Multiple runtime compression aspack,nupx, C:\Users\Shade the Wolf\Documents\My Games\SYSTEMSHOCK-Portable-v1.2.2\RES\gulikoza\3dfxSpl2.dll";"Report message"
 

 

A:False positive?

Hi -
I think the best place to report / question this would be to the AVG forum.
 
Do you get a report from any other security program ??

Read other 4 answers
RELEVANCY SCORE 65.2

During my AVG scan it shows AdbeRdr708_en_US.exe as a danger. Is this a false positive? I did a search and it shows as a valid component of the Adobe Reader.
Thanks!
 

A:AVG False Positive?

Read other 16 answers
RELEVANCY SCORE 65.2

 
Scanned with malwarebytes and avira after...system seems to be clean. I just turned on the computer and this popped up after like 5 minutes or so just browsing reddit. Didn't download or click any links or any ads. I don't know how I could've gotten this. So please someone help me determine is this is a false positive or something bigger.

A:False positive or....?

I would consider it a false positive, because it is located in the ATI Directory. Do you have any ATI Products?Please download TDSSKiller exe version to your desktop. Double-click on TDSSKiller.exe to run the tool for known TDSS variants. Vista/Windows 7 users right-click and select Run As Administrator.    Click on Change Parameters and click Detect TDLFS File System.    Click the Start Scan button.    Do not use the computer during the scan    If the scan completes with nothing found, click Close to exit.    If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.    A TDSSKiller text file would be saved in Local Disk C.    Copy and paste the contents of that file in your next reply.ADW CleanerPlease download AdwCleaner by Xplode onto your desktop.Close all open programs and internet browsers.Double click on adwcleaner.exe to run the tool.Click on Clean.Confirm each time with Ok.You will be prompted to restart your computer. A text file will open after the restart.Please post the contents of that logfile with your next reply.You can find the logfile at C:\AdwCleaner[S1].txt as well.... Read more

Read other 5 answers
RELEVANCY SCORE 65.2

Hello. To begin with, here are some details of the system that I'm working with: It's running Windows 7 Professional, Protected by NOD32 v4 antivirus, with Windows Defender running realtime. Weekly I scan with Malwarebytes Antimalware. I use Opera 10.1 for webbrowsing, and typically keep javascript off. I haven't manually downloaded or installed any software in weeks. Only automatic updates have run for various programs. One of those programs I run is Steam.Yesterday, when Steam self-updated, something very peculiar happened. While Steam was in the process of Patching itself, it spawns a process called SteamServiceTmp.exe. I've seen this happen in the past (I was watching in Process Explorer), so I didn't think much of it at all. However, a popup balloon from Windows Defender cropped up at this point, and said that it wanted to send SteamServiceTmp.exe to Microsoft. I was a little freaked out, because I didn't know what was going on. NOD didn't see anything, and Defender was acting like SteamServiceTmp was a piece of malware. I was in such a panic, I don't remember the exact message, but Defender didn't really say anything explicit. I checked the logfiles for defender, and the quarantine, but found nothing there. I only was able to find evidence that anything happened when I checked the System Event Viewer. I included the entry from that below, following by a hidden log file that I eventually uncovered from this information.I've been ab... Read more

A:Was this a false positive? Or something Serious?

Maybe it is something on Windows Defender's end?

Read other 2 answers
RELEVANCY SCORE 65.2

Hello!

I am just curious about this with false positives and such as that many people talk about.
Let say for example this file. (I am not gonna link to it since it can be harmful, but here is
the results from using jotti on it:

2010-02-10 Trojan.Agent.Cuff
[F-Secure Anti-Virus]
2010-02-14 Trojan.Win32.Agent.cuff
[A-Squared]
2010-02-14 Trojan.Win32.Agent!IK
[G DATA]
2010-02-14 Trojan.Generic.2716132
[Avast! antivirus]
2010-02-14 Found nothing
[Ikarus]
2010-02-14 Trojan.Win32.Agent
[Grisoft AVG Anti-Virus]
2010-02-14 Generic_c.AELX
[Kaspersky Anti-Virus]
2010-02-14 Trojan.Win32.Agent.cuff
[Avira AntiVir]
2010-02-12 TR/Spy.1458176.1
[ESET NOD32]
2010-02-13 Found nothing
[Softwin BitDefender]
2010-02-14 Trojan.Generic.2716132
[Panda Antivirus]
2010-02-12 Generic
[ClamAV]
2010-02-13 Trojan.Packed-158
[Quick Heal]
2010-02-13 Trojan.Agent.cuff
[CPsecure]
2010-02-14 BackDoor.W32.VB.bax
[Sophos]
2010-02-14 Mal/Generic-A
[Dr.Web]
2010-02-14 Trojan.Siggen.5009
[VirusBlokAda VBA32]
2010-02-13 Trojan.Win32.Agent.cuff
[Frisk F-Prot Antivirus]
2010-02-13 W32/Themida_Packed!Eldorado
[VirusBuster]
2010-02-13 Trojan.Agent.NTRQ

Read other answers
RELEVANCY SCORE 65.2

For some reasons my Kaspersky Endpoint Security 10 flagged a Bleeping Computer thread as "phishing website"... that boggles me.
Or maybe I'm just paranoid with all the security settings cranked up to High.
 

A:False positive?

Yes it appears to be a FP. The detection is on the url for this topic: Trojan dllhost.exe *32 COM virusIt is a heuristic detection. Heuristics is the ability of a scanning program to detect possible new variants of malware before the vendor can get samples and update the program's definitions for detection. Heuristics uses non-specific detection methods to find new or unknown malware which allows the anti-virus to detect and stop if before doing any harm to your system. The disadvantage to using heuristics is that it is not as reliable as signature-based detection (blacklisting) and can potentially increase the chances that a non-malicious program is flagged as suspicious or infected. If that is the case, then you can restore the file and add it to the exclusion or ignore list.

Read other 3 answers
RELEVANCY SCORE 65.2

My Nod32 Smart Security keeps finding the same thing, but it is a different driver each time. Oddly enough, a similar thing happened before I rebooted this computer 2 days ago. I don't know where this is coming from, because the software on this computer are programs such as iTunes.P.S. I'm running Windows Vista SP1

A:False Positive?

Also, my website has this on some parts of it. On where it says connected to, and transferring data from and such.
argos-co-uk.jrj.com.cn.playstation-com.simplehomelink.ru

Read other 1 answers
RELEVANCY SCORE 65.2

AVG is now reporting some versions of zip.sfx that come as part of the Winrar package as a threat.

Sewe attached for details.
 

Read other answers
RELEVANCY SCORE 65.2

A while ago, before the servers shut down, I used to play the MMO Need for Speed World. Turns out that it can still be played in singleplayer by forcing the client into an offline server.
According to my virus total scan here: https://www.virustotal.com/en/file/0dceea1fe89bb8080918df8931f1c477a081937dc82bbafc4b39aeb2392a583f/analysis/1453461307/
the modified client to force it into such server from here: http://www.elitepvpers.com/forum/need-speed-world/3767890-nfs-world-offline-server.html
is a virus, and three people agree with it. My antivirus, Avast finds nothing wrong with it.
 
Elitepvpers seems to be a disreputable site. I downloaded it from the PC gaming wiki from here instead: https://drive.google.com/folderview?id=0Bwbb_Yiw_IWNfkZCQ3dJUkRsU2hvd3R2Q2hZWjN2VElvS3lQRWN6VWdMeUExVFpJa2p6WGs&usp=sharing&tid=0Bwbb_Yiw_IWNfmplMnN1cXZZWkNpZEljdkJmeFF3eGY5b3EwNFNMSkRFalV5V2FoQi1fTVE#list
 
In your opinion, is this a false positive?
 

A:False positive?

A Virustotal analysis of elitepvpers indicates it is a clean site...see here.The first six detections are more generic detections for unknown or suspicious files. For example...Artemis technology is the "Active Protection" component of McAfee's Security Center which uses a combination of signature and behavior analysis to check with McAfee servers in real-time to identify possible new malware threats. This is accomplished by adding heuristics to the virus database. McAfee then uses this heuristic detection to analyze the cataloged behaviors and assess the likelihood of possible new variants of malware before the vendor can get samples and update the program's definitions for detection. This process is similar to Symantec's Bloodhound Technology. Artemis is not the name of an actual virus, but an alert displayed by McAfee when it thinks it may have found a new virus. Artemis is included in the detection name for any file that is quarantined or blocked by McAfee's Global Threat Intelligence (GTI) technology for enhanced detection of unknown threats based on the file's behavior. Thus, Artemis detections may or may not be malicious.In general, heuristics uses non-specific detection methods to find new or unknown malware which allows the anti-virus to detect and stop if before doing any harm to your system. Heuristic scanning methods vary depending on the vendor. Some claim to allow emulation of the file's activities in a virtual sandbox. Others scan the file more intensively, sea... Read more

Read other 10 answers
RELEVANCY SCORE 64.8

This computer i am using rarely goes online and i allways try to keep it patched and virus scan before using. During my last scan a2 (a squared) seems to have found a number of virus's, (i have submitted these files to a2 for verification). I have also run scans using Kaspersky, Mbam & SuperAntispyware which have come back clean (please see the logs below)Could some one advise me what to do next.ThankyouChr!sa-squared Free - Version 4.0Last update: 03/04/2009 13:16:01Scan settings:Objects: Memory, Traces, Cookies, C:\Scan archives: OnHeuristics: OffADS Scan: OnScan start: 04/04/2009 11:57:33c:\program files\scansoft\paperport\visioneer.exe detected: Trace.File.ClipGenie!A2C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe detected: Virus.Win32.Patched.B!IKC:\WINDOWS\$NtServicePackUninstall$\eventtriggers.exe detected: Virus.Win32.Virut.ar!IKC:\WINDOWS\$NtServicePackUninstall$\evtrig.exe detected: Virus.Win32.Virut.ar!IKC:\WINDOWS\$NtServicePackUninstall$\kernel32.dll detected: Trojan.Win32.Agent!IKC:\WINDOWS\$NtServicePackUninstall$\sysinfo.exe detected: Virus.Win32.Virut.ar!IKC:\WINDOWS\$NtServicePackUninstall$\systeminfo.exe detected: Virus.Win32.Virut.ar!IKC:\WINDOWS\$NtServicePackUninstall$\taskkill.exe detected: Win32... Read more

A:Infection or False Positive Please Help

Hello.I have also run scans using KasperskyAre you referring to the online scan? If you still have the log it would be great if I can see it.Those may be a false-positive. If Kaspersky didn't find anything it's probably a false-positive. Those files seems to be infected by VIRUT according to a2...Please run the following scan.Download and Run DrWebCureIt in Safe ModeBefore we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to use Safe Mode and you will not have access to this page.Please download DrWeb-CureIt and save it to your desktop. DO NOT perform a scan yet.Reboot your computer in Safe Mode using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".Scan with Dr.Web CureIt as follows:Double-click on launch.exe to start the program. Cancel any prompts to download the latest CureIt version and click Start.At the prompt to "Start scan now", click OK. Allow the setup.exe/driver to load if asked by any of your security programs.The Express scan will automatically begin.If an infected object is found, you will be prompted to move anything that cannot be cured. Click Yes to All.When complete, click Select All, t... Read more

Read other 11 answers
RELEVANCY SCORE 64.8

I recently downloaded, installed, and ran a program called KL-Detector, which was recommended by Kim Komando's Weekly Newsletter to detect key loggers. It detected some "suspicious activies" when I ran it. But, I get clean scans with Malwarebytes, ad-aware, avg, and ccleaner. How can I tell if this is really a key logger or just a false positive? And, if there is a key logger, how can I remove it? (KL-Detector only detects, it doesn't fix the problem). I've also downloaded and installed HJT and I'm attaching the log. I appreciate any help you can give me, thanks.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:56:36 PM, on 3/1/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
D:\PROGRA~1\AVG\AVG8\avgrsx.exe
D:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
D:\PROGRA~1\AVG\AVG8\avgemc.exe
D:\Program Files\AVG\AVG8\avgcsrvx.exe
D:\Progra... Read more

Read other answers
RELEVANCY SCORE 64.8

HiJust done a online scan with Trend Micro's "Housecall" and its picked up ADWARE_MEMWATCHER here: C:\WINDOWS\system32\drivers\etc\host\127.0.0.1.I think it may be a false positive and have something to do with Spybot S&D?Am I infected?Thanks in advance.__________________________Logfile of Trend Micro HijackThis v2.0.2Scan saved at 20:24:17, on 24/09/2008Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\ZONELABS\vsmon.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Acronis\Schedule2\schedul2.exeC:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exeC:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exeC:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exeC:\Program Files\Zone Labs\ZoneAlarm&#... Read more

A:Adware_memwatcher - False Positive?

to BleepingComputer.comI want to apologise that it has taken so long to get back to you. We on the HJT Team are working as fast as possible to get your log answered.If you do not still need help, please let me know, so that I can move on to other users who still need help.Please take note of the following:While a HJT Team member is working with you, please refrain from making any changes to your computer.Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.Please reply using the button in the lower left hand corner of your screen.Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave, and if there is no contact for that amount of time I will have to assume you have "vanished" .If you would still like help, please follow the instructions below:We need to create an OTViewIt ReportPlease download OTViewIt by OldTimer.Save it to your d... Read more

Read other 2 answers
RELEVANCY SCORE 64.8

*moderator edit: split from http://www.bleepingcomputer.com/forums/t/535397/possible-bootkit-or-false-positive ~ Queen-Evie*I am having the same problem with those exact same files only showing under safe mode while running AVG.

A:Bootkit or False Positive?

I am having the same problem with those exact same files only showing under safe mode while running AVG.
AVG 2015 AntiVirus command line scanner
Copyright © 1992 - 2014 AVG Technologies
Program version 2015.0.5315, engine 2015.0.4158
Virus Database: Version 4158/8302 2014-09-30
@Scan_BootSectorName|%name%=HIDDEN| Found Bootkit.61030040.F987090C is OK.
@Scan_BootSectorName|%name%=C:\| Found Bootkit.61030040.F987090C is OK.
C:\Documents and Settings\ Locked file. Not scanned. is OK.
C:\hiberfil.sys Locked file. Not scanned. is OK.
C:\pagefile.sys Locked file. Not scanned. is OK.
C:\ProgramData\AVG\AWL2015\TTUSvc.tt Locked file. Not scanned. is OK.
C:\ProgramData\Desktop\ Locked file. Not scanned. is OK.
C:\ProgramData\Documents\ Locked file. Not scanned. is OK.
C:\ProgramData\Favorites\ Locked file. Not scanned. is OK.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0057c8b42be6da76e4be49e6085f122d_4fca430b-54d9-4323-9ef5-6bad1825404b Locked file. Not scanned. is OK.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\00879823be1c77a4e4514c823462b173_4fca430b-54d9-4323-9ef5-6bad1825404b Locked file. Not scanned. is OK.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\00a3993b0857a3d87a584e13319671c9_4fca430b-54d9-4323-9ef5-6bad1825404b Locked file. Not scanned. is OK.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\010c1541871ebbbba728583ed7ad2eb6_4fca430b-54d9-4323-9ef5-6bad1825404b Locked file. Not scanned. is OK.
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0121702ff471... Read more

Read other 9 answers
RELEVANCY SCORE 64.8

I was messing around with Avast's Custom scans to scan my computer's memory, and it says that Microsoft Security Essentials (memory process, not the actual file) is infected, but when I safe-mode scan with Malware Bytes, a standard Full System scan from both Avast and MSE, nothing appears. Is this just a false positive, and if not, how do I get rid of it?

I am running on Windows 7, and Avast claims that the infected memory files are only from MSE's memory process blocks, and nowhere else. That's it.

A:False Positive from Avast?

You're not suppose to run two AV programs as it may cause conflicts and false positives like in your case.
Uninstall one of the programs.

Read other 1 answers
RELEVANCY SCORE 64.8

During a recent virus scan, I got the following in a report.
 
@Scan_BootSectorName|%name%=HIDDEN| Found Bootkit.61030040.F987090C is OK.
@Scan_BootSectorName|%name%=C:\| Found Bootkit.61030040.F987090C is OK.
 
I was using AVG in safe mode, as I do run safe mode scans from time to time.  These are just part of the report, they are not flagged as infections in safe mode.  When I run in normal mode, it shows no infections.
After I found this, I ran Malwarebytes (with rootkit scan checked), AVG Rootkit Scanner, TDSSKiller and ADW.  None of these found anything in either normal or safe mode.  I then uninstalled AVG and installed Microsoft Security Essentials which found nothing.  I uninstalled MSE and installed Avast.  Nothing.  I backed up all of my data, reformatted my drive (not a low level format though) re-installed Windows 7 and installed AVG again (since it's the only one that showed an infection) and ran in safe mode again.  I did not install anything else, other than the driver disc that came with my motherboard, after re-installing Windows and running a new scan. It had the same results as above, nothing.  I ran Malwarebytes again, then Bitdefender Rootkit Remover, TDSSKiller, SUPERAntiSpyware, AVG Rootkit Scanner, and Malwarebytes Anti Rootkit Beta.  Again, they all found nothing.  
 
Now this is on two separate computers.  I found the same scan results with AVG (again safe mode only) on my ups... Read more

A:Possible Bootkit or False Positive?

Welcome aboard   Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeList Restore PointsClick Go and post the result. Please download Malwarebytes Anti-Malware to your desktop.NOTE. If you already have MBAM 2.0 installed scroll down.Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
At the end, be sure a checkma... Read more

Read other 10 answers
RELEVANCY SCORE 64.8

Superantispyware found C:\ProgramData\NVIDIA\UPDATUS\PACKAGES\0000XXXX\UPDATUS.XXXXXXXX_RUNASUSER.EXE
The 0000XXX and XXXXXXXXX are random numbers. There's 22 of these. They're false positives I'm guessing?

A:SAS NVIDIA False Positive?

Hello Cas. Lets get a second opinion.To get a second opinion, submit it to one of the following online services that analyzes suspicious files:Jotti's virusscanVirusTotalIn the "File to Scan" (Upload or Submit) box, browse to the location of the suspicious file(s) and submit (upload) it for scanning/analysis. If you get a message saying "File has already been analyzed", click Reanalyze or Scan again.

Read other 6 answers
RELEVANCY SCORE 64.8

I started up my computer and Dell Backup and Recovery started by itself as usual and all of a sudden AVAST moved a file associated with Dell Backup and Recovery that was in the folder for it. Is this a false positive or is it actually malware? The reason why I am keeping this software that could be bloating the PC is for the DELL Factory Reinstall disk. The file is called "DBRFactorySetupUpdate.exe" and it is thought to be "Win32:Evo-gen [Susp]."

A:AVAST False Positive?

If you think it's a false positive you can let them know,

Avast Contact us

Explain why you think it is to them and it should get removed.

Read other 5 answers
RELEVANCY SCORE 64.8

Hi, this is my first time posting, so I hope I am posting in the correct forum!  I have an acer aspire one, 64-bit OS windows 7 home premium version.  I have IOLO system mechanic as my main anti-virus program, and run MBAM premium along side it.  lately I have to repair the system 3-4 times a day with system mechanic program, system shield says its blocking and quarantining infections with real time monitoring, but nothing is ever in the quarantine section, d my settings don't let it purge automatically, MBAM is not reporting anything, but another scan I ran, says im infected with the WIN32:adw-gen virus, but it never shows up anywhere else, ive even scanned the implicated infected folder with MBAM and it says no malware detected. please help! my computer has slowed down greatly, it takes about 10mn for it to load at start-up. please  help me get my computer back!

A:possible virus? or false positive?

Hello asl, also do these now.Please download MiniToolBox, save it to your desktop and run it.Checkmark the following checkboxes:Flush DNSReport IE Proxy SettingsReset IE Proxy SettingsReport FF Proxy SettingsReset FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory size.Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.Note: When using "Reset FF Proxy Settings" option Firefox should be closed.Download TDSSKiller and save it to your desktop.Extract (unzip) its contents to your desktop.Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.If an infected file is detected, the default action will be Cure, click on Continue.If a suspicious file is detected, the default action will be Skip, click on Continue.It may ask you to reboot the computer to complete the process. Click on Reboot Now.If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here....ADW CleanerPlease download AdwCleaner by Xplode and save to your Desktop.Double-click on AdwCleaner.exe to run the tool.Vista/Windows 7/8 users right-click and ... Read more

Read other 4 answers
RELEVANCY SCORE 64.8

Hello,

I've had a a virus detection in a3-free and AVG, and I'm slightly concerned about it. I'd appreciate some advice from someone a bit more adept with computers than myself

The virus is detected in A3 as "Exploit.Win32.MS04!k" and is on six files in the temp folder, eg: C:\Users\A---\Appdata|Local\Temp\~PI1187.tmp. All the files have a similar name, starting with "~PI". In AVG, I just get a message that the same six files "May be infected by unknown virus Exploit.JPEG". There's no other information than that in AVG.

Malwarebytes, Ad-aware and Avira Antivir all show the files as clean. I did a jotti.org scan and about half the scanners show the files as infected.

After googling I found that the MS04 virus sometimes shows on images that have been resized by the user. Also, the "PI" extension seems to be some kind of high-quality or encrypted image format. In my case, I'm assuming these are temp files left/created after I resized or edited some images (though I've never knowingly used or downloaded files in the format).

I've scanned all the .jpg images on the PC and my portable HD, and AVG/A3 shows them as clean. I've also submitted the files for analysis to ikarus and grisoft, but this can take days or weeks. I'm using Vista 32-bit on a Dell laptop.

I don't have any recurring virus issues at this point, the files have been sucessfully quarantine... Read more

A:Possible false positive but cannot confirm this

Hi akjunke,I can see your frustration. The messages on the internet are mixed. However, what seems to be consistent is that the information following the MS04 in the name Exploit.Win32.MS04 gives more information about what this is. In one case, I believe it is Exploit.Win32.MS04 011 this refers to a file called explor.exe which is definitely malware. Your particular filename, ending with !k doesn't appear anywhere in the internet except in this thread we're in now.There is another thread about this that I can refer you to: http://www.bleepingcomputer.com/forums/t/159591/avg-8-detects-exploitjpeg-only-in-the-resized-file/Also, how are your resizing your photos? I'm sorry this is not more substantial. I hope the files you submitted to ikarus and grisoft will return some kind of result that can clarify this and that you can post those results back here. Sorry for the long wait.Thanks for bringing this up.Zllio

Read other 3 answers
RELEVANCY SCORE 64.8

AVG False Positive with mIRC v. 5.91
AVG tech support confirmed that their latest update (Virus Database 250 dated January 21, 2003) reports that mIRC v. 5.91 is infected with the trojan BackDoor.mar. They say it will be fixed in the next release.
 

A:AVG False Positive with mIRC v. 5.91

OK thanks, Will have to post this in another thread-3 people report it saying they had the virus.
 

Read other 1 answers
RELEVANCY SCORE 64.8

I just recently downloaded AdwCleaner from Malwarebytes. First version I had was fine. Newer versions (as of today) consistently list Auslogics Disk Defrag as a "threat". It isn't. The first time I got that response, I assumed it was because of Auslogics persistence in trying to get you to buy SpeedBoost, so I deleted the files AC marked as malware. After doing that, Auslogics Disk Defrag no longer worked. I reinstalled it, and sent a message to Malwarebytes that these were false positives.

Their response: THEY ARE NOT FALSE POSITIVES. I emailed back "WRONG!!!! They ARE". Today I downloaded the latest AC version and ran it. Same false positives. The Malwarebytes programmers are apparently not competent to deal with this false positive.

Bottom line: I have uninstalled AC on both computers.
 

Read other answers
RELEVANCY SCORE 64.8

Greetings.

Today, 3/28/2011, I downloaded the latest ComboFix with a filesize of 4304820 and ran it.

I did so because of an unusual occurrence in my IE7 session which all of a sudden took me to Symantec's site saying something had interfered with my home page.

As I am a tech and this is my daily machine, it surprised me that anything should be amiss. I ran Malwarebytes and it did not find anything amiss, however, while scanning Symantec (Ver 10.0.1.1009) found and deleted a plugin for a security camera, dvrocxchs.dll and said it was a downloader trojan.

As this .dll has been on my machine for quite some time and while has been known to present false positives in the past, I decided to err on the side of caution. I downloaded and ran ComboFix as well.

Much to my surprise, it found a few "viruses", however they are all "sourceforge" type programs, which leads me to believe ComboFix has ID'd them incorrectly. Below is the log....

2011-03-28 13:17:07 . 2011-03-28 13:17:07 9,910 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2011-03-28 13:12:29 . 2011-03-28 13:12:29 51 ----a-w- C:\Qoobox\Quarantine\catchme.log
2010-03-21 13:14:18 . 2010-01-22 06:46:50 214,528 ----a-w- C:\Qoobox\Quarantine\C\JDownloader\JDownloader.exe.vir
2010-02-15 12:36:15 . 2004-09-19 15:46:40 69,632 ----a-w- C:\Qoobox\Quarantine\C\NZB-O-Mati... Read more

A:Combofix false positive?

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your ... Read more

Read other 3 answers