Jump to content

False Positive Frui.exe


WacoJohn

Recommended Posts

I strongly believe the attached file is safe ... even though TWO antivirus products [immunet and PREVX] have flagged it. Immunex quarantined it "W32.Trojan. PREVX says it is a Rootkit containing a 'hidden file'. I have used previous versions with no apparent problems. MS Security Essentials scans it as safe. I obtained the file from I got this particular version from: http://www.freshdevices.com/files.php frui.exe ver 8.71/

 

I am not going to execute it ... until I learn more about it .. hopefully from this forum.

Link to comment
Share on other sites

I strongly believe the attached file is safe ... even though TWO antivirus products [immunet and PREVX] have flagged it. Immunex quarantined it "W32.Trojan. PREVX says it is a Rootkit containing a 'hidden file'. I have used previous versions with no apparent problems. MS Security Essentials scans it as safe. I obtained the file from I got this particular version from: http://www.freshdevices.com/files.php frui.exe ver 8.71/

 

I am not going to execute it ... until I learn more about it .. hopefully from this forum.

Hi WacoJohn,

I am using VirusTotal (freeware) to which I can upload a suspicious file for analyzis. VirusTotal consists of 42 of the most wellknown antiviris- & antispyware products. The file will be scanned by all 42 participents and I receive immediately a report on their website, if any of the products have found the file infected by any malware or not. The products, that have found the file infected will also give their names of the infection. Many products call the infection differently using their own vocabulary. If only a handful or less of the products report the file to be infected, I regard the infection to be a "false positive". Of course, I respect the comments from some of the AV products as more reliable than others´. (So it is finally up to myself to handle the infection as a positive or a false postive.)

Cheers,

sweidre

Link to comment
Share on other sites

Hi WacoJohn,

I am using VirusTotal

 

Wow .. VirusTotal is great to know about. Thank you. It returned zero negatives using 40 well known AV products. Odd thing .. one of the products .. PREVX (on my PC) is also reporting it as infected. Prevx at the website says OK, Prevx on my PC says it is infected. I submitted it to McAfee Labs and they replied:

 

inconclusive [frui.exe]

 

Upon analysis the file submitted does not appear to contain one of the 200,000 known

threats in the AutoImmune database. The file may contain a new threat, or no code

capable of being infected. Your submission is being forwarded to an McAfee Labs

Researcher for further analysis. You will be contacted by McAfee through e-mail with

the results of that analysis.

 

Looks to me like frui.exe is safe and is being 'caught' by Immunet as infected (as well as PREVX) .. and something needs to be corrected. Thank you for the reply. VirusTotal is awesome.

Link to comment
Share on other sites

  • 1 month later...

Hi, this thread should be read together with the folllowing thread:

"Immunet 3.0 Quarantines Temp File But Not Actual File "

http://forum.immunet.com/index.php?/topic/1056-immunet-30-quarantines-temp-file-but-not-actual-file/page__p__5682__hl__frui%28__fromsearch__1&do=findComment&comment=5682 ,

because they are completely related!

Both problems in these two threads are caused by Immunet Protect ETHOS engine, that has too strong heuristic engine causing many Malware Alerts (quarantining of completely clean files = false postives). An Anti-Malware product causing too many false positives is very annoying and almost useless! Immunet Protect Technical Staff must immediately reconstruct ETHOS, otherwise many users will soon abandon Immunet for good! THIS IS URGENT FOR THE SURVIVAL OF IMMUNET!

Cheers,

sweidre

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...