Jump to content
JeromeCP

Files From Dd-Wrt

Recommended Posts

Hi there,

 

i downloaded the dd-wrt firmware for a Linksys WRT54G V.6 wireless router, as indicated at http://www.dd-wrt.com/phpBB2/viewtopic.php?t=58231

In that Gv5Flash.zip file is another zip archive, VXImgtoolgui.zip which contains two executables caught by Immunet Protect:

  • vximgtoolgui.exe, detected as having a "W32.pecompact" thingy. My AVAST V.5 antivirus has no problem with that file. A Google search led me to http://w88wytwww.virscan.org/report/22037c497c976ffba6f9e205e721b537.html , where one can see that ClamAV is the one to detect that about that file.
  • wrt_vx_imgtool.exe, flagged as having a W32.Trojan.D3BA . AVAST isn't complaining about that one either.

I suspect that these are false positives. Can this be confirmed?

Thanks in advance.

Share this post


Link to post
Share on other sites

Hi there,

 

i downloaded the dd-wrt firmware for a Linksys WRT54G V.6 wireless router, as indicated at http://www.dd-wrt.co...pic.php?t=58231

In that Gv5Flash.zip file is another zip archive, VXImgtoolgui.zip which contains two executables caught by Immunet Protect:

  • vximgtoolgui.exe, detected as having a "W32.pecompact" thingy. My AVAST V.5 antivirus has no problem with that file. A Google search led me to http://w88wytwww.vir...05e721b537.html , where one can see that ClamAV is the one to detect that about that file.
  • wrt_vx_imgtool.exe, flagged as having a W32.Trojan.D3BA . AVAST isn't complaining about that one either.

I suspect that these are false positives. Can this be confirmed?

Thanks in advance.

 

Hi Jerome Potts,

This is a long answer of mine! You can jump down to item 2b.) below to submit possible false postives to Immunet Lab: http://www.immunet.com/contact/index.html

When You have time, read the other lines, when you have time!

Cheers,

sweidre

----------------------------------

If You are uncertain, if Your file is infected or not, You can have it analyzed. If the file is regarded as clean, the file will not be subject to any scan by Immunet.

 

1.) IF YOU NEED AN IMMEDIATE ANALYZIS WITH RESULT, FOR EXAMPLE DURING WEEKENDS & HOLIDAYS:

 

1a.) Download & install the freeware VirusTotal (VT) Uploader 2.0 from here:

 

http://virustotal-uploader.en.softonic.com/

 

Using this simple freeware You may upload the file to VT website, where 42 different Antivirus & Antimalware products will immediately analyze the file. After a few seconds You will from VT get a report, that lists if any products regard Your file as infected or not. The products, that have found Your file to be infected, will also give their names of the infection. Many products call the infection differently by using their own vocabulary. If only a few of the products report Your file to be infected, You may regard the infection to be a "false postive". Note, that results from some of the products are more reliable than from others. (Some of the products are known for reporting "false positives"!) Finally, it is up to Yourself to treat the file as clean or infected!

 

1b.) If you regard the file to be clean, it can be placed in a sort of "whitelist" in the Immunet software:

 

Product->Settings->Protection Exclusions-> Add New Exclusion. (Immunet will not scan paths on the Exclusion List!)

 

You must here enter the path to the file, and the full path will be added as a new line to the list of exclusions. Note, that to the right of the line is an (x)! If You change Your mind and want, that the path would be scanned by Immunet again, it can be deleted by clicking on the (x)- sign and the path (line) will disappear from the list.

 

Remember to click on the "Apply" button, otherwise your settings will not be saved!

 

2.) IF YOU DON'T NEED A PROMPT ANALYZIS, & YOU CAN WAIT UNTIL WORKDAYS MONDAY-FRIDAY 9-15, (”USA - MOUNTAIN TIME”), YOU CAN PREFERABLY HAVE YOUR FILE HANDLED BY THE IMMUNET STAFF:

 

2a.) Submit Your suspicious file (false postive) here:

 

http://www.immunet.com/contact/index.html

 

2b.) If the analysis by Immunet regards the file as a "false positive", this will be reported to the Immunet database (the Cloud), and all further scans by Immunet will treat the file as clean. Note, that the file does not have to be on the Exclusion list any more now! If the Immunet analysis regards the file to be infected, this will be reported to the Immunet database (the Cloud). A scan by Immunet will then place the file in Quarantine. Note, that if You personally still regard the file as clean, you must add it to Your own exclusion list (see item 1b. above)

 

3.) REMEMBER

 

Note, that if You have in emergency case used alternative 1.) above, you should later anyhow follow the instructions as per alternative 2.) as well. This is important, so that the whole Immunet communty gets proper online info from the common database (the Cloud)!

 

 

Share this post


Link to post
Share on other sites

Hi Jerome Potts,

You can jump down to item 2b.) below to submit possible false postives to Immunet Lab: http://www.immunet.com/contact/index.html

 

Cheers,

sweidre

 

Hi there Sweidre, and thanks for your reply. The VirusTotal Uploader crashed, and i was offered to send a report to Microsoft, which i did. So for the moment that one is useless for me. Should i upload my files to virscan.org?

 

I submitted the false positive report per your instructions.

Share this post


Link to post
Share on other sites

Hi there Sweidre, and thanks for your reply. The VirusTotal Uploader crashed, and i was offered to send a report to Microsoft, which i did. So for the moment that one is useless for me. Should i upload my files to virscan.org?

 

I submitted the false positive report per your instructions.

Hi Jerome Potts,

Yes, click on this link to Immunet Contact for analyzis:

http://www.immunet.c...tact/index.html

In the middle of the page, there is a curtain menu. In the bottom is the option to submit false postive. Use that and fill in the details in the form. You will then get info from Immunet lab (during workhours 9-5 "USA Mountain Time".)

I am sorry, that I referred to item 2b! This link to Immunet Contact is item 2a).

Cheers,

sweidre

Share this post


Link to post
Share on other sites
Guest Orlando

They are FP, try to clear the istory:

 

1) Run a commandline (START --> CMD) as an administrator

2) Stop the agent:

net stop immunetprotect

3) Delete cache.db (Default install is C:\Program Files\Immunet, so you may have to change the commandline below)

del "C:\program files\immunet\cache.db"

4) Start your agent

net start immunetprotect

 

Orlando

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...