False positives / Missing detections thread

I believe I've fixed the false positive - if you try running another scan, it should be fixed

 

My last Hitman Pro scan did not produce and avast! fp's from Prevx.

Can this be added?

 

We will consider it but currently there isn't much of a demand for it - users rarely see FPs and adding an extra checkbox in the interface could overcomplicate the decision process for the average user.

 

By not much of a demand, do you mean no one else has suggested it? As for overcomplicating the decision process, I think you could slip one little "Select all" into this dialog without confusing the masses.

 

Indeed we haven't had any other suggestions of it but it would be a worthy addition

 

FP with gmer:
[BP] c:\program files\gmer\gmer.exe [PX5: ABD49BF200C56E4C6803046DAE13BE00583EB383] Malware Group: High Risk Cloaked Malware

http://majorgeeks.com/GMER_d5198.html

 

Fixed - I knew this would happen sooner or later GMER's random file name downloads look increasingly suspicious

 

GesWall 2.9 is being flagged as a High Risk Worm on a new installation on a new netbook. VirusTotal shows it detected by Prevx, Sophos, and McAfee Artemis. I had this problem on another machine when I was getting a FP with AntiVir.

Prevx is not flagging this file on my other machines (older installations).

File can be found here:

http://gentlesecurity.com/download.htm

Thanks,

Dave

 

I believe I've corrected the false positive - could you try running another scan?

 

I deleted my override and ran 2 scans, and it appears to be fixed.

Thanks!

Dave

 

Hi,

flushflash.exe



The other one listed, not shown, i know about that i tested.

Which i discovered through here - http://www.broadbandreports.com/forum/r22909209-Free-Flush-Flash-eradicate-those-nasty-flash-cookies

Scanned online at various places, all clean except,


Comodo - Heur.Packed.Unknown

CP Secure - BackDoor.W32.GrayBird.aj


So FP or ?

 

This does look like a FP - I've corrected it but its hard to say if I got the exact file which you're referring to. Can you try running another scan to see if it is fixed?

Thanks!

 

All GREEN now



Thanx

 

This one http://info.prevx.com/aboutprogramtext.asp?PX5=BA98697400F6BA678015005A4250B7009CE08CC8

I believe MAXA Cookie manager is legimate

 

It is Thanks for the report!

 

Joe,
A FP with Shadow Defender when trying to commit a downloaded PDF file, this version has been around some while, have been committing files without any problems for ages - no idea why it should suddenly start now. Also tried committing several downloads I know are clean - same result on all of them.

 

That's strange indeed - could you try once again now to see if I've fixed the right file?

 

Working OK now without any problems.

 

I have received two emails from Prevx saying my system is infected, each the result of a scan. The Prevx icon in the systray is green and when I search for the offending file, it is nowhere to be found. The filename is MEL-69047DAA0D94FF11128201E40FA144001643EE50.EXE

 

That's the Prevx test virus (which I believe you've been testing with in a different thread). It says it is currently in your recycle bin which is probably why you can't find it - it might be worth just emptying your recycle bin to see if that clears it up

 

ogacheckcontrol.dll is a malware or a FP?

Log file is attached

 

It was the latter, now it's neither Thanks for the report!

 

Question is, how did it get into the recycle bin?

 

Not sure Prevx doesn't move anything to the recycle bin on cleanup (or any other time).

 

I tried adding Recycler folder to Detection Overrides and then scanning. The scan, again, came up clean green, but an email arrived within seconds saying I am infected (I posted the MyPrevx screen shot). Then I emptied the recycle bin using CCleaner and re-scanned with Prevx. Scan came back clean green and another email arrived from MyPrevx saying I am infected.

I will try the configuration change you suggested in the other thread (unticking both of the last items) and will report back.

Edit in: Reported back on specific thread, if that's okay.