Jump to content
qbert55ca

Unsure If False Positive

Recommended Posts

I'm Not sure if this is a false positive or an actual virus. ESET does not tag it and neither does Malwarebytes but 3 days in a row Immunet has tagged it along with another file.

 

All the hits start with Bit, then a short alpanumeric string, the dot tmp

 

ex. bit5a.tmp, bit21w.tmp

 

The second is a alphanumeric string devided into 2 or 3 sections.

 

ex. {4FCAE697-0587-4DC7-BE86-6012862ABDC8}

 

Some advice in this would be appreciated.

Share this post


Link to post
Share on other sites
Guest orlando

I need some information:

 

1-These files where they came from?

2-How big?

 

Then do this:

 

1-Go on http://www.virustotal.com/ and sends the file, then post the results here.

2-Send the file to support_from_orlando@hotmail.it or orlandopivi@hotmail.it

3-Post file here indicted (if not too large).

 

If you like, but not recommended (as perhaps useless) please scan with HijackThis and post the results here.

 

Waiting for answers

Regards,

Orlando

Share this post


Link to post
Share on other sites
Guest orlando

How do I copy the files in quarintine and send them to you.

 

Robert

 

 

Zip the file and delete the offending files out of folders. Then send us the zip file.

 

Orlando

Share this post


Link to post
Share on other sites

I cannot send a Zip file because a single quanatined fil is 2028K.

 

All of these are coming from C:\Documents and Settings\Robert\Local Settings\Application Data\Temp.

 

 

The results from Virustotal shows only 1 found it to be a virus.

 

Panda 10.0.2.7 2010.08.15 W32/Xor-encoded.A

 

 

if you are not able to upoad the file, send us the virustotal result, immunet can download the file from vt directly.

Share this post


Link to post
Share on other sites
Guest orlando

I cannot send a Zip file because a single quanatined fil is 2028K.

 

All of these are coming from C:\Documents and Settings\Robert\Local Settings\Application Data\Temp.

 

 

The results from Virustotal shows only 1 found it to be a virus.

 

Panda 10.0.2.7 2010.08.15 W32/Xor-encoded.A

 

It may be a false positive, but I can not say more because I have enough information. My advice is to delete all files in the temp folder. Are temporary files and therefore do not need, delete any other file folder. Empty C: \ Documents and Settings \ Robert \ Local Settings \ Application Data \ Temp \ *.*

 

Regards,

Orlando

Share this post


Link to post
Share on other sites
Guest orlando

can you send us the virus total analyse link? immunet can use the md5 checksumm and download from virus total.

 

I saw the results and the file is clean.

 

Orlando

Share this post


Link to post
Share on other sites
Guest Robert

So if the file is clean why is IMMUNET continuing to quanatine these files

 

Robert

 

I saw the results and the file is clean.

 

Orlando

Share this post


Link to post
Share on other sites
Guest orlando

So if the file is clean why is IMMUNET continuing to quanatine these files

 

Robert

 

Hi Robert,

 

Becouse it's a false positive. Should send the file via email to support@immunet.com and say it is a false positive, so they will correct the problem.

 

Regards,

Orlando

Share this post


Link to post
Share on other sites

I'm Not sure if this is a false positive or an actual virus. ESET does not tag it and neither does Malwarebytes but 3 days in a row Immunet has tagged it along with another file.

 

All the hits start with Bit, then a short alpanumeric string, the dot tmp

 

ex. bit5a.tmp, bit21w.tmp

 

The second is a alphanumeric string devided into 2 or 3 sections.

 

ex. {4FCAE697-0587-4DC7-BE86-6012862ABDC8}

 

Some advice in this would be appreciated.

Hi Qbert,

Have you used Google to search for your files using (")- signs around them? The list of search results might give you a clue!

Cheers,

sweidre

Share this post


Link to post
Share on other sites

I'm Not sure if this is a false positive or an actual virus. ESET does not tag it and neither does Malwarebytes but 3 days in a row Immunet has tagged it along with another file.

 

All the hits start with Bit, then a short alpanumeric string, the dot tmp

 

ex. bit5a.tmp, bit21w.tmp

 

The second is a alphanumeric string devided into 2 or 3 sections.

 

ex. {4FCAE697-0587-4DC7-BE86-6012862ABDC8}

 

Some advice in this would be appreciated.

 

If you can send me a support snapshot I probably figure out why this is happening. I am guessing we are FP'ing on dat files from another security product you have installed.

 

You can learn how to send the support snapshot here:

 

http://support.immunet.com/tiki-read_article.php?articleId=10

 

Please send it to alfred@immunet.com

 

al

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...