is still working report at prevxresearch dot com?

[camelia]

I am very sorry, Can I ask to the Prevx 3.0 team if you received my mail to report@prevxresearch.com and if is ok the way I sent it?

Subject
Prevx 3.0 NVIDA result infected FP?

My boyfriend is going to kill me, Please let me know

Thank you
Camelia

[SweX]

Yes it works.
Hurry send it before your BF goes

[m0unds]

it'd probably be better to use their support inbox than that email address. i'd pm'd prevxhelp about it because i submitted a couple of fp reports there that hadn't been corrected after a few days, and he pointed me towards the support inbox.

i'm guessing for prevx 3.0 that would still be http://info.prevx.com/service.asp

[Triple Helix]

Quote:

Originally Posted by m0unds

it'd probably be better to use their support inbox than that email address. i'd pm'd prevxhelp about it because i submitted a couple of fp reports there that hadn't been corrected after a few days, and he pointed me towards the support inbox.

i'm guessing for prevx 3.0 that would still be http://info.prevx.com/service.asp

That is correct until all Prevx users are upgraded to WSA then for WSA you use https://www.webrootanywhere.com/servicewelcome.asp? to contact support! Only use report@prevxresearch.com if PrevxHelp or someone from Prevx ask you to send something to them!

TH

[PrevxHelp]

Quote:

Originally Posted by m0unds

it'd probably be better to use their support inbox than that email address. i'd pm'd prevxhelp about it because i submitted a couple of fp reports there that hadn't been corrected after a few days, and he pointed me towards the support inbox.

i'm guessing for prevx 3.0 that would still be http://info.prevx.com/service.asp

We are still checking it but because we get 15,000+ spam messages for every one FP, mails will get lost pretty frequently. It would be best to write into our support inbox or upgrade to WSA which is managed by a much larger support team and write into there

[camelia]

Girls are very clever, we are not clumsy, I have never had the experience with a FP reported by Prevx.



I have to be honest, for me it was a panic moment, the computer is not mine,
Once Prevx fix the issue:
GetRight, now is a suspicious application.
The wireless keyboard is ok, BUT the wireless mouse is not responding, I had to connect a PS/2 mouse that is giving me some problems.
The SUPERAntiSpyware Professional's GUI shows weird



I only updated the Nvidia drivers to the latest version is it extremely difficult?

NVDIA is a well know driver!!!!, If the FP would have been for the drivers of a new Hauppauge product I would understand

All the OS my BF installed in his machine are in English, he's out of town and the DVD to uninstall Prevx in my computer I can not find it

My OS is in Spanish, Prevx installed, How do I KNOW I won't have the same problem, updating the NVDIA international drivers?
http://us.download.nvidia.com/Window...ional-whql.exe

What I am going to say to him once he returns next monday?
Hey I updated your NVDIA drivers, and now your mouse is not working, btw GetRight, now is a suspicious application and you have to reinstall SAS, just due Prevx reported FP

I do not know at this moment how to return this computer to its original state, since System Restore is turned off, I am clever girl, asking for help at this
forum

I am very UPSET with Prevx

Camelia

[BoerenkoolMetWorst]

If you go to the Prevx GUI and click on status so the normal menu's return, you can go to Tools and Save Scan Results, which will show the hashes(fingerprints) of all the detected files, so Prevx can fix the FP's.(You can also click Undo Cleanup there to revert the deletion of those files.)

[camelia]

Quote:

Originally Posted by BoerenkoolMetWorst

If you go to the Prevx GUI and click on status so the normal menu's return, you can go to Tools and Save Scan Results, which will show the hashes(fingerprints) of all the detected files, so Prevx can fix the FP's.(You can also click Undo Cleanup there to revert the deletion of those files.)

Thank you cariño, I will try your solution at this moment

But also I want Prevx check GetRight for FP

Camelia

[Triple Helix]

Quote:

Originally Posted by BoerenkoolMetWorst

If you go to the Prevx GUI and click on status so the normal menu's return, you can go to Tools and Save Scan Results, which will show the hashes(fingerprints) of all the detected files, so Prevx can fix the FP's.(You can also click Undo Cleanup there to revert the deletion of those files.)

She is using a free version of Prevx but these files looks to me to be in a dubious places so the PX5 hash's would be great from the log!

TH

[camelia]

Quote:

Originally Posted by Triple Helix

She is using a free version of Prevx but these files looks to me to be in a dubious places so the PX5 hash's would be great from the log!

TH

Yes, my BF installed the free version, do you want me to buy the license?

Could you please be so kind to explain why these files looks to you to be in a dubious places?

Thanks
Camelia

[Triple Helix]

Quote:

Originally Posted by camelia

Yes, my BF installed the free version, do you want me to buy the license?

Could you please so kind to explain why these files looks to you to be in a dubious places?

Thanks
Camelia

Can you save a scan log and post the PX5 hash's for the files listed in your picture? And yes they look to be in the dubious places such as:

C:\downloads\win_system32\
C:\downloads\program_files\nvidia corporation

TH

[camelia]

Quote:

Originally Posted by Triple Helix

Can you save a scan log and post the PX5 hash's for the files listed in in your picture? And yes they look to be in the dubious place such as:

C:\downloads\win_system32\
C:\downloads\program_files\nvidia corporation

TH

Here they are cariño,

Prevx Scan Log - Version v3.0.5.220
Log Generated: 5/11/2011 18:08, Type: 0,1
Windows XP Professional Service Pack 3 (Build 2600) 32bit|1033
Hostname: EXCLUDE FOR SECURITY REASONS
Some non-malicious files are not included in this log.
Heuristics Settings: Age: 1, Pop: 1, Heu: 2 (Dir: 1)
Last Scan: Sat 2011-11-05 18:08:17 Mexico Standard Time. Number of Scans: 32. Last Scan Duration: 5 seconds.
[G] (ACTIVE) c:\downloads\malware detected by prevx 3.0\win_system32\nvmctray.dll [PX5: CCA904B24015F75219650308403F2700CC9C2F46]
[G] (ACTIVE) c:\downloads\malware detected by prevx 3.0\program_files\nvidia corporation\installer2\display.controlpanel.1\nvmctray.dll [PX5: CCA904B24015F75219650308403F2700CC9C2F46]
[G] (ACTIVE) c:\downloads\malware detected by prevx 3.0\nvidia\displaydriver\285.58\winxp\english\displaycontrolpanel\nvmctray.dll [PX5: CCA904B24015F75219650308403F2700CC9C2F46]


End of Prevx Scan Log - http://www.prevx.com

Are these files looks to you to be in a dubious places?

Camelia

[Triple Helix]

Quote:

Originally Posted by camelia

Here they are cariño,

Prevx Scan Log - Version v3.0.5.220
Log Generated: 5/11/2011 18:08, Type: 0,1
Windows XP Professional Service Pack 3 (Build 2600) 32bit|1033
Hostname: EXCLUDE FOR SECURITY REASONS
Some non-malicious files are not included in this log.
Heuristics Settings: Age: 1, Pop: 1, Heu: 2 (Dir: 1)
Last Scan: Sat 2011-11-05 18:08:17 Mexico Standard Time. Number of Scans: 32. Last Scan Duration: 5 seconds.
[G] (ACTIVE) c:\downloads\malware detected by prevx 3.0\win_system32\nvmctray.dll [PX5: CCA904B24015F75219650308403F2700CC9C2F46]
[G] (ACTIVE) c:\downloads\malware detected by prevx 3.0\program_files\nvidia corporation\installer2\display.controlpanel.1\nvmctray.dll [PX5: CCA904B24015F75219650308403F2700CC9C2F46]
[G] (ACTIVE) c:\downloads\malware detected by prevx 3.0\nvidia\displaydriver\285.58\winxp\english\displaycontrolpanel\nvmctray.dll [PX5: CCA904B24015F75219650308403F2700CC9C2F46]


End of Prevx Scan Log - http://www.prevx.com

Are these files looks to you to be in a dubious places?

Camelia

Thanks PrevxHelp will let you know if the files are legit! I'm just saying that these files should not be in a (downloads) folder! And there are 3 of the same file in 3 different places under dubious names!

c:\downloads\malware detected by prevx 3.0\win_system32\nvmctray.dll
c:\downloads\malware detected by prevx 3.0\program_files\nvidia corporation\installer2\display.controlpanel.1\nvmctray.dll
c:\downloads\malware detected by prevx 3.0\nvidia\displaydriver\285.58\winxp\english\displaycontrolpanel\nvmctray.dll

TH

[camelia]

Quote:

Originally Posted by Triple Helix

Thanks PrevxHelp will let you know if the files are legit! I'm just saying that these files should not be in a (downloads) folder! And there are 3 of the same file in 3 different places under dubious names!

c:\downloads\malware detected by prevx 3.0\win_system32\nvmctray.dll
c:\downloads\malware detected by prevx 3.0\program_files\nvidia corporation\installer2\display.controlpanel.1\nvmctray.dll
c:\downloads\malware detected by prevx 3.0\nvidia\displaydriver\285.58\winxp\english\displaycontrolpanel\nvmctray.dll

TH

Oh! I follow the instruction the instructions at

http://www.wilderssecurity.com/showthread.php?t=245129

I collect all FP into (downloads) folder, to add them to WinRar add to archive and e-mail to report@prevxresearch.com

For this Is the issue I am having?

Camelia

[Triple Helix]

Quote:

Originally Posted by camelia

Oh! I follow the instruction the instructions at

http://www.wilderssecurity.com/showthread.php?t=245129

I collect all FP into (downloads) folder, to add them to WinRar add to archive and e-mail to report@prevxresearch.com

For this Is the issue I am having?

Camelia

For those 3 files yes just delete them from the downloads folder but they have [G] beside them which means they are good files , the other 2 I will leave it upto PrevxHelp to help you further!

TH

[camelia]

Quote:

Originally Posted by Triple Helix

For those 3 files yes just delete them from the downloads folder but they have [G] beside them which means they are good files , the other 2 I will leave it upto PrevxHelp to help you further!

TH

So I am alone now? its up to me?
I will tell the truth to my BF, and I will send another e-mail to report@prevxresearch.com
to check if GetRight.exe is FP

I want to go to the movies with my mom, I am bored about this topic...

Thank Triple Helix for your help

Camelia

[Triple Helix]

Quote:

Originally Posted by camelia

So I am alone now? its up to me?
I will tell the truth to my BF, and I will send another e-mail to report@prevxresearch.com
to check if GetRight.exe is FP

I want to go to the movies with my mom, I am bored about this topic...

Thank Triple Helix for your help

Camelia

I would use this address http://info.prevx.com/service.asp and send them all the files lines that are detected as bad [B ] from a new scan log!

TH

[PrevxHelp]

Please try uninstalling and reinstalling Prevx or right clicking the detection within the UI and selecting "Report as a false positive". We fixed these detections last week so they should be clear now.

[fblais]

Quote:

Originally Posted by PrevxHelp

Please try uninstalling and reinstalling Prevx or right clicking the detection within the UI and selecting "Report as a false positive". We fixed these detections last week so they should be clear now.

Right-clicking in Prevx?
I don't see where I could right-click.
(having some false positive problems too, which I sent to support)
I don't see any Quarantine tab or the like.

Regards,
François

[Triple Helix]

Quote:

Originally Posted by fblais

Right-clicking in Prevx?
I don't see where I could right-click.
(having some false positive problems too, which I sent to support)
I don't see any Quarantine tab or the like.

Regards,
François

Just Right Click on each file in the Prevx window and select "Report as a false positive" which will put them under Detection Overrides Tab http://www.wilderssecurity.com/attac...1&d=1320533687 and Under tools> Undo Clean Up Tab is the Quarantine location you can read more about it here near the bottom: http://info.prevx.com/help.asp

HTH,

TH

[fblais]

I see, thanks.
However, right-clicking probably works only when the scan is done and Prevx reporting the detection.
Right-clicking in the Undo Cleanup doesn't work.
I don't see any way to Report as false positive from there. (?)

I've installed in the french locale, and this screen (Undo cleanup) is badly translated.
(and since I see no way to get the UI in english, I'm now just making presumptions on the english wording)
The button on the far left is called "Annuler" which is the french term for "Cancel". In the english UI, it's probably Restore I guess?. (if it's also Cancel then it's pretty confusing)
Undo would be a better term.
For french, "Rétablir" would be much better than "Annuler".

Anyway, since Prevx is no longer developed, I suppose it's not something that'll change now.

[Triple Helix]

Quote:

Originally Posted by fblais

I see, thanks.
However, right-clicking probably works only when the scan is done and Prevx reporting the detection.
Right-clicking in the Undo Cleanup doesn't work.
I don't see any way to Report as false positive from there. (?)

True you can't but if you restore all and do a scan and then when the files comes up as a detection again that is where you Right Click and "Report as a false positive" if you are sure that they are really safe files?

And the translations has been improved greatly so I heard in WSA!

HTH,

TH

[fblais]

Thanks.
Does "Report as a false positive" really reports it to your lab?
I'm under the impression it just puts it in "ignore" mode locally.

I recently bought a Prevx license, and am awaiting to be upgraded to WSA.

Regards,
François

[camelia]

My BF is still out of the town but he called me by phone and he gave me some directions

1.- How do I KNOW I won't have the same problem (having FP), updating NVDIA international drivers?
http://us.download.nvidia.com/Window...ional-whql.exe

Camelia

[Triple Helix]

Quote:

Originally Posted by camelia

My BF is still out of the town but he called me by phone and he gave me some directions

1.- How do I KNOW I won't have the same problem (having FP), updating NVDIA international drivers?
http://us.download.nvidia.com/Window...ional-whql.exe

Camelia

If you do just send the file lines that are marked Bad [B ] from the scan log to support! http://info.prevx.com/service.asp

TH