False Positive Frui.exe

[WacoJohn]

I strongly believe the attached file is safe ... even though TWO antivirus products [immunet and PREVX] have flagged it. Immunex quarantined it "W32.Trojan. PREVX says it is a Rootkit containing a 'hidden file'. I have used previous versions with no apparent problems. MS Security Essentials scans it as safe. I obtained the file from I got this particular version from: http://www.freshdevices.com/files.php frui.exe ver 8.71/

 

I am not going to execute it ... until I learn more about it .. hopefully from this forum.

[sweidre]

I strongly believe the attached file is safe ... even though TWO antivirus products [immunet and PREVX] have flagged it. Immunex quarantined it "W32.Trojan. PREVX says it is a Rootkit containing a 'hidden file'. I have used previous versions with no apparent problems. MS Security Essentials scans it as safe. I obtained the file from I got this particular version from: http://www.freshdevices.com/files.php frui.exe ver 8.71/

 

I am not going to execute it ... until I learn more about it .. hopefully from this forum.

Hi WacoJohn,

I am using VirusTotal (freeware) to which I can upload a suspicious file for analyzis. VirusTotal consists of 42 of the most wellknown antiviris- & antispyware products. The file will be scanned by all 42 participents and I receive immediately a report on their website, if any of the products have found the file infected by any malware or not. The products, that have found the file infected will also give their names of the infection. Many products call the infection differently using their own vocabulary. If only a handful or less of the products report the file to be infected, I regard the infection to be a "false positive". Of course, I respect the comments from some of the AV products as more reliable than others´. (So it is finally up to myself to handle the infection as a positive or a false postive.)

Cheers,

sweidre

[WacoJohn]

Hi WacoJohn,

I am using VirusTotal

 

Wow .. VirusTotal is great to know about. Thank you. It returned zero negatives using 40 well known AV products. Odd thing .. one of the products .. PREVX (on my PC) is also reporting it as infected. Prevx at the website says OK, Prevx on my PC says it is infected. I submitted it to McAfee Labs and they replied:

 

inconclusive [frui.exe]

 

Upon analysis the file submitted does not appear to contain one of the 200,000 known

threats in the AutoImmune database. The file may contain a new threat, or no code

capable of being infected. Your submission is being forwarded to an McAfee Labs

Researcher for further analysis. You will be contacted by McAfee through e-mail with

the results of that analysis.

 

Looks to me like frui.exe is safe and is being 'caught' by Immunet as infected (as well as PREVX) .. and something needs to be corrected. Thank you for the reply. VirusTotal is awesome.

[Guest Orlando]

Hi,

 

You can also send us FPs, for that please read this.

 

Orlando

[WacoJohn]

Hi,

 

You can also send us FPs, for that please read this.

 

Orlando

 

AH! did not know about that 'section'. thought I was putting it in the right place here in this forum. Thanks. I will do that in the future.

[sweidre]

Hi, this thread should be read together with the folllowing thread:

"Immunet 3.0 Quarantines Temp File But Not Actual File "

http://forum.immunet.com/index.php?/topic/1056-immunet-30-quarantines-temp-file-but-not-actual-file/page__p__5682__hl__frui%28__fromsearch__1&do=findComment&comment=5682 ,

because they are completely related!

Both problems in these two threads are caused by Immunet Protect ETHOS engine, that has too strong heuristic engine causing many Malware Alerts (quarantining of completely clean files = false postives). An Anti-Malware product causing too many false positives is very annoying and almost useless! Immunet Protect Technical Staff must immediately reconstruct ETHOS, otherwise many users will soon abandon Immunet for good! THIS IS URGENT FOR THE SURVIVAL OF IMMUNET!

Cheers,

sweidre