WacoJohn Posted April 4, 2011 Report Share Posted April 4, 2011 I strongly believe the attached file is safe ... even though TWO antivirus products [immunet and PREVX] have flagged it. Immunex quarantined it "W32.Trojan. PREVX says it is a Rootkit containing a 'hidden file'. I have used previous versions with no apparent problems. MS Security Essentials scans it as safe. I obtained the file from I got this particular version from: http://www.freshdevices.com/files.php frui.exe ver 8.71/ I am not going to execute it ... until I learn more about it .. hopefully from this forum. Link to comment Share on other sites More sharing options...
sweidre Posted April 4, 2011 Report Share Posted April 4, 2011 I strongly believe the attached file is safe ... even though TWO antivirus products [immunet and PREVX] have flagged it. Immunex quarantined it "W32.Trojan. PREVX says it is a Rootkit containing a 'hidden file'. I have used previous versions with no apparent problems. MS Security Essentials scans it as safe. I obtained the file from I got this particular version from: http://www.freshdevices.com/files.php frui.exe ver 8.71/ I am not going to execute it ... until I learn more about it .. hopefully from this forum. Hi WacoJohn, I am using VirusTotal (freeware) to which I can upload a suspicious file for analyzis. VirusTotal consists of 42 of the most wellknown antiviris- & antispyware products. The file will be scanned by all 42 participents and I receive immediately a report on their website, if any of the products have found the file infected by any malware or not. The products, that have found the file infected will also give their names of the infection. Many products call the infection differently using their own vocabulary. If only a handful or less of the products report the file to be infected, I regard the infection to be a "false positive". Of course, I respect the comments from some of the AV products as more reliable than others´. (So it is finally up to myself to handle the infection as a positive or a false postive.) Cheers, sweidre Link to comment Share on other sites More sharing options...
WacoJohn Posted April 4, 2011 Author Report Share Posted April 4, 2011 Hi WacoJohn, I am using VirusTotal Wow .. VirusTotal is great to know about. Thank you. It returned zero negatives using 40 well known AV products. Odd thing .. one of the products .. PREVX (on my PC) is also reporting it as infected. Prevx at the website says OK, Prevx on my PC says it is infected. I submitted it to McAfee Labs and they replied: inconclusive [frui.exe] Upon analysis the file submitted does not appear to contain one of the 200,000 known threats in the AutoImmune database. The file may contain a new threat, or no code capable of being infected. Your submission is being forwarded to an McAfee Labs Researcher for further analysis. You will be contacted by McAfee through e-mail with the results of that analysis. Looks to me like frui.exe is safe and is being 'caught' by Immunet as infected (as well as PREVX) .. and something needs to be corrected. Thank you for the reply. VirusTotal is awesome. Link to comment Share on other sites More sharing options...
Guest Orlando Posted April 4, 2011 Report Share Posted April 4, 2011 Hi, You can also send us FPs, for that please read this. Orlando Link to comment Share on other sites More sharing options...
WacoJohn Posted April 4, 2011 Author Report Share Posted April 4, 2011 Hi, You can also send us FPs, for that please read this. Orlando AH! did not know about that 'section'. thought I was putting it in the right place here in this forum. Thanks. I will do that in the future. Link to comment Share on other sites More sharing options...
sweidre Posted May 14, 2011 Report Share Posted May 14, 2011 Hi, this thread should be read together with the folllowing thread: "Immunet 3.0 Quarantines Temp File But Not Actual File " http://forum.immunet.com/index.php?/topic/1056-immunet-30-quarantines-temp-file-but-not-actual-file/page__p__5682__hl__frui%28__fromsearch__1&do=findComment&comment=5682 , because they are completely related! Both problems in these two threads are caused by Immunet Protect ETHOS engine, that has too strong heuristic engine causing many Malware Alerts (quarantining of completely clean files = false postives). An Anti-Malware product causing too many false positives is very annoying and almost useless! Immunet Protect Technical Staff must immediately reconstruct ETHOS, otherwise many users will soon abandon Immunet for good! THIS IS URGENT FOR THE SURVIVAL OF IMMUNET! Cheers, sweidre Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.