qbert55ca Posted August 15, 2010 Report Share Posted August 15, 2010 I'm Not sure if this is a false positive or an actual virus. ESET does not tag it and neither does Malwarebytes but 3 days in a row Immunet has tagged it along with another file. All the hits start with Bit, then a short alpanumeric string, the dot tmp ex. bit5a.tmp, bit21w.tmp The second is a alphanumeric string devided into 2 or 3 sections. ex. {4FCAE697-0587-4DC7-BE86-6012862ABDC8} Some advice in this would be appreciated. Link to comment Share on other sites More sharing options...
markusg Posted August 15, 2010 Report Share Posted August 15, 2010 to give you an answer we need an virus total result. or upload the files please. Link to comment Share on other sites More sharing options...
Guest orlando Posted August 15, 2010 Report Share Posted August 15, 2010 I need some information: 1-These files where they came from? 2-How big? Then do this: 1-Go on http://www.virustotal.com/ and sends the file, then post the results here. 2-Send the file to support_from_orlando@hotmail.it or orlandopivi@hotmail.it 3-Post file here indicted (if not too large). If you like, but not recommended (as perhaps useless) please scan with HijackThis and post the results here. Waiting for answers Regards, Orlando Link to comment Share on other sites More sharing options...
qbert55ca Posted August 15, 2010 Author Report Share Posted August 15, 2010 How do I copy the files in quarintine and send them to you. Robert to give you an answer we need an virus total result. or upload the files please. Link to comment Share on other sites More sharing options...
Guest orlando Posted August 15, 2010 Report Share Posted August 15, 2010 How do I copy the files in quarintine and send them to you. Robert Zip the file and delete the offending files out of folders. Then send us the zip file. Orlando Link to comment Share on other sites More sharing options...
markusg Posted August 15, 2010 Report Share Posted August 15, 2010 if you are not able to upoad the file, send us the virustotal result, immunet can download the file from vt directly. Link to comment Share on other sites More sharing options...
qbert55ca Posted August 15, 2010 Author Report Share Posted August 15, 2010 I cannot send a Zip file because a single quanatined fil is 2028K. All of these are coming from C:\Documents and Settings\Robert\Local Settings\Application Data\Temp. The results from Virustotal shows only 1 found it to be a virus. Panda 10.0.2.7 2010.08.15 W32/Xor-encoded.A if you are not able to upoad the file, send us the virustotal result, immunet can download the file from vt directly. Link to comment Share on other sites More sharing options...
Guest orlando Posted August 16, 2010 Report Share Posted August 16, 2010 I cannot send a Zip file because a single quanatined fil is 2028K. All of these are coming from C:\Documents and Settings\Robert\Local Settings\Application Data\Temp. The results from Virustotal shows only 1 found it to be a virus. Panda 10.0.2.7 2010.08.15 W32/Xor-encoded.A It may be a false positive, but I can not say more because I have enough information. My advice is to delete all files in the temp folder. Are temporary files and therefore do not need, delete any other file folder. Empty C: \ Documents and Settings \ Robert \ Local Settings \ Application Data \ Temp \ *.* Regards, Orlando Link to comment Share on other sites More sharing options...
markusg Posted August 16, 2010 Report Share Posted August 16, 2010 can you send us the virus total analyse link? immunet can use the md5 checksumm and download from virus total. Link to comment Share on other sites More sharing options...
Guest orlando Posted August 16, 2010 Report Share Posted August 16, 2010 can you send us the virus total analyse link? immunet can use the md5 checksumm and download from virus total. I saw the results and the file is clean. Orlando Link to comment Share on other sites More sharing options...
Guest Robert Posted August 16, 2010 Report Share Posted August 16, 2010 So if the file is clean why is IMMUNET continuing to quanatine these files Robert I saw the results and the file is clean. Orlando Link to comment Share on other sites More sharing options...
Guest orlando Posted August 17, 2010 Report Share Posted August 17, 2010 So if the file is clean why is IMMUNET continuing to quanatine these files Robert Hi Robert, Becouse it's a false positive. Should send the file via email to support@immunet.com and say it is a false positive, so they will correct the problem. Regards, Orlando Link to comment Share on other sites More sharing options...
sweidre Posted August 17, 2010 Report Share Posted August 17, 2010 I'm Not sure if this is a false positive or an actual virus. ESET does not tag it and neither does Malwarebytes but 3 days in a row Immunet has tagged it along with another file. All the hits start with Bit, then a short alpanumeric string, the dot tmp ex. bit5a.tmp, bit21w.tmp The second is a alphanumeric string devided into 2 or 3 sections. ex. {4FCAE697-0587-4DC7-BE86-6012862ABDC8} Some advice in this would be appreciated. Hi Qbert, Have you used Google to search for your files using (")- signs around them? The list of search results might give you a clue! Cheers, sweidre Link to comment Share on other sites More sharing options...
alfred Posted August 24, 2010 Report Share Posted August 24, 2010 I'm Not sure if this is a false positive or an actual virus. ESET does not tag it and neither does Malwarebytes but 3 days in a row Immunet has tagged it along with another file. All the hits start with Bit, then a short alpanumeric string, the dot tmp ex. bit5a.tmp, bit21w.tmp The second is a alphanumeric string devided into 2 or 3 sections. ex. {4FCAE697-0587-4DC7-BE86-6012862ABDC8} Some advice in this would be appreciated. If you can send me a support snapshot I probably figure out why this is happening. I am guessing we are FP'ing on dat files from another security product you have installed. You can learn how to send the support snapshot here: http://support.immunet.com/tiki-read_article.php?articleId=10 Please send it to alfred@immunet.com al Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.