JeromeCP Posted April 8, 2011 Report Share Posted April 8, 2011 Hi there, i downloaded the dd-wrt firmware for a Linksys WRT54G V.6 wireless router, as indicated at http://www.dd-wrt.com/phpBB2/viewtopic.php?t=58231 In that Gv5Flash.zip file is another zip archive, VXImgtoolgui.zip which contains two executables caught by Immunet Protect: vximgtoolgui.exe, detected as having a "W32.pecompact" thingy. My AVAST V.5 antivirus has no problem with that file. A Google search led me to http://w88wytwww.virscan.org/report/22037c497c976ffba6f9e205e721b537.html , where one can see that ClamAV is the one to detect that about that file. wrt_vx_imgtool.exe, flagged as having a W32.Trojan.D3BA . AVAST isn't complaining about that one either. I suspect that these are false positives. Can this be confirmed? Thanks in advance. Link to comment Share on other sites More sharing options...
sweidre Posted April 8, 2011 Report Share Posted April 8, 2011 Hi there, i downloaded the dd-wrt firmware for a Linksys WRT54G V.6 wireless router, as indicated at http://www.dd-wrt.co...pic.php?t=58231 In that Gv5Flash.zip file is another zip archive, VXImgtoolgui.zip which contains two executables caught by Immunet Protect: vximgtoolgui.exe, detected as having a "W32.pecompact" thingy. My AVAST V.5 antivirus has no problem with that file. A Google search led me to http://w88wytwww.vir...05e721b537.html , where one can see that ClamAV is the one to detect that about that file. wrt_vx_imgtool.exe, flagged as having a W32.Trojan.D3BA . AVAST isn't complaining about that one either. I suspect that these are false positives. Can this be confirmed? Thanks in advance. Hi Jerome Potts, This is a long answer of mine! You can jump down to item 2b.) below to submit possible false postives to Immunet Lab: http://www.immunet.com/contact/index.html When You have time, read the other lines, when you have time! Cheers, sweidre ---------------------------------- If You are uncertain, if Your file is infected or not, You can have it analyzed. If the file is regarded as clean, the file will not be subject to any scan by Immunet. 1.) IF YOU NEED AN IMMEDIATE ANALYZIS WITH RESULT, FOR EXAMPLE DURING WEEKENDS & HOLIDAYS: 1a.) Download & install the freeware VirusTotal (VT) Uploader 2.0 from here: http://virustotal-uploader.en.softonic.com/ Using this simple freeware You may upload the file to VT website, where 42 different Antivirus & Antimalware products will immediately analyze the file. After a few seconds You will from VT get a report, that lists if any products regard Your file as infected or not. The products, that have found Your file to be infected, will also give their names of the infection. Many products call the infection differently by using their own vocabulary. If only a few of the products report Your file to be infected, You may regard the infection to be a "false postive". Note, that results from some of the products are more reliable than from others. (Some of the products are known for reporting "false positives"!) Finally, it is up to Yourself to treat the file as clean or infected! 1b.) If you regard the file to be clean, it can be placed in a sort of "whitelist" in the Immunet software: Product->Settings->Protection Exclusions-> Add New Exclusion. (Immunet will not scan paths on the Exclusion List!) You must here enter the path to the file, and the full path will be added as a new line to the list of exclusions. Note, that to the right of the line is an (x)! If You change Your mind and want, that the path would be scanned by Immunet again, it can be deleted by clicking on the (x)- sign and the path (line) will disappear from the list. Remember to click on the "Apply" button, otherwise your settings will not be saved! 2.) IF YOU DON'T NEED A PROMPT ANALYZIS, & YOU CAN WAIT UNTIL WORKDAYS MONDAY-FRIDAY 9-15, (”USA - MOUNTAIN TIME”), YOU CAN PREFERABLY HAVE YOUR FILE HANDLED BY THE IMMUNET STAFF: 2a.) Submit Your suspicious file (false postive) here: http://www.immunet.com/contact/index.html 2b.) If the analysis by Immunet regards the file as a "false positive", this will be reported to the Immunet database (the Cloud), and all further scans by Immunet will treat the file as clean. Note, that the file does not have to be on the Exclusion list any more now! If the Immunet analysis regards the file to be infected, this will be reported to the Immunet database (the Cloud). A scan by Immunet will then place the file in Quarantine. Note, that if You personally still regard the file as clean, you must add it to Your own exclusion list (see item 1b. above) 3.) REMEMBER Note, that if You have in emergency case used alternative 1.) above, you should later anyhow follow the instructions as per alternative 2.) as well. This is important, so that the whole Immunet communty gets proper online info from the common database (the Cloud)! Link to comment Share on other sites More sharing options...
JeromeCP Posted April 8, 2011 Author Report Share Posted April 8, 2011 Hi Jerome Potts, You can jump down to item 2b.) below to submit possible false postives to Immunet Lab: http://www.immunet.com/contact/index.html Cheers, sweidre Hi there Sweidre, and thanks for your reply. The VirusTotal Uploader crashed, and i was offered to send a report to Microsoft, which i did. So for the moment that one is useless for me. Should i upload my files to virscan.org? I submitted the false positive report per your instructions. Link to comment Share on other sites More sharing options...
sweidre Posted April 8, 2011 Report Share Posted April 8, 2011 Hi there Sweidre, and thanks for your reply. The VirusTotal Uploader crashed, and i was offered to send a report to Microsoft, which i did. So for the moment that one is useless for me. Should i upload my files to virscan.org? I submitted the false positive report per your instructions. Hi Jerome Potts, Yes, click on this link to Immunet Contact for analyzis: http://www.immunet.c...tact/index.html In the middle of the page, there is a curtain menu. In the bottom is the option to submit false postive. Use that and fill in the details in the form. You will then get info from Immunet lab (during workhours 9-5 "USA Mountain Time".) I am sorry, that I referred to item 2b! This link to Immunet Contact is item 2a). Cheers, sweidre Link to comment Share on other sites More sharing options...
Guest Orlando Posted April 8, 2011 Report Share Posted April 8, 2011 Hi Jerome Potts, Another time read this to report FP. Thanks, Orlando Link to comment Share on other sites More sharing options...
JeromeCP Posted April 8, 2011 Author Report Share Posted April 8, 2011 Hi Jerome Potts, Another time read this to report FP. Thanks, Orlando OK thanks, and sorry that i didn't get it well the first time. So here is the original zip archive which contains both files vximgtoolgui.zip Link to comment Share on other sites More sharing options...
Guest Orlando Posted April 8, 2011 Report Share Posted April 8, 2011 They are FP, try to clear the istory: 1) Run a commandline (START --> CMD) as an administrator 2) Stop the agent: net stop immunetprotect 3) Delete cache.db (Default install is C:\Program Files\Immunet, so you may have to change the commandline below) del "C:\program files\immunet\cache.db" 4) Start your agent net start immunetprotect Orlando Link to comment Share on other sites More sharing options...
JeromeCP Posted April 8, 2011 Author Report Share Posted April 8, 2011 They are FP Thanks. Link to comment Share on other sites More sharing options...
Rob.T Posted April 9, 2011 Report Share Posted April 9, 2011 Thanks Jerome, these have been marked as FP's in the Immunet cloud. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.