False positives / Missing detections thread

The middle two are service entries from the GameGuard file, not unique infections by themselves, but we detect those pieces as well and report them.

I've fixed the FP on your version and a handful of other versions which were detected as FPs, but indeed GameGuard uses rootkit techniques and also a plethora of other strange/suspicious behaviors and is also packed by Themida - a technology primarily used by malware authors (and detected by 9/41 vendors on VT). In my opinion, it would be irresponsible to not detect this

settings32.exe is a bit more of a genuine FP which crops up periodically because they use AutoIt - a scripting tool which is often used by malware - and we had a signature generically detecting some specific types of AutoIt executables as malicious (which is now fixed )

 

Hi.

Just started using Prevx Free 3.0 sometime back. I have it on my vista x64 OS and my W7 x86 OS.
Upon first scan it detected a few Avira files as infections. But i'm guessing they'r definitely FP's.

Cheers!
Arjun Ned.

 

Hello,
Can you please click Tools > Save Scan Results and email us a scan log to report@prevxresearch.com? We will fix them from there ASAP

Thanks!

 

That's strange because I was testing AVIRA yesterday, and none of their files were flagged.

 

The Avira module aeskript changed. I got an Outpost-HIPS warning and a PrevX flag after that.

 

Security Center Reset is flaged as malicious:
http://my.opera.com/rejzor/blog/security-center-reset-1-0-released

I think it is a FP.
Virustotal 0% and a2 doesnt found anything.

 

Posted this in a wrong thread, but here goes anyway:
http://i40.tinypic.com/29ghn2o.png

 

Based on the small graphical excerpt, it looks like the system is "infected" with a couple DOS viruses. We don't detect DOS viruses as they are not a threat to users (and haven't been for 20 years ) We also do not focus on detecting scripts on demand as they are only threatening on execution.

However, if there are samples which you think we should detect, please send a scan log to report@prevxresearch.com and we will analyze it from there

 

Check again It should be now fixed

 

Thanks!

 

Already reported. Just want to share these confirmed FP:
Combofix.exe (already referred to but included FYI),
unregdll.exe (FAS Common File from Peachtree),
gspawn-win32-helper-console.exe (GnuCash Bin file), and
Fontzoom.exe (system32 font).

Awaiting confirmation of FP:
Awatch.exe (Adapter watch),
autounbreak.exe (Auto Unbreak, a clipboard editor),
kvmosd.exe (onboard display for KVM switch),
avsdvdplayer.exe (free DVD player),
ipscan.exe (IP Scan),
webvideocap.exe (Web Video Capture)

Also, mentioned in report as malware but I believe is FP:
fwmanager.dll and opswatavcommon.dll (both from an online Sophos test).

Best wishes,
Dawn

 

Hello,
Just to ensure that we handle each one of your files properly, could you send a scan log by clicking Tools > Save Scan Results and email it to report@prevxresearch.com ?

Thanks!

 

Hi Joe, the italian spaghetti english spoken is come back
I think eraser is flying around the world 'cause don't reply on email so..i'm here.
I have a FP for you
Is about this program http://www.winmend.com/folder-hidden/ and for prevx is a malware, I think is FP
The log is that:

Prevx Scan Log - Version v3.0.1.65
Log Generated: 8/7/2009 14:29, Type: 0,1
Windows XP Professional Service Pack 3 (Build 2600) 32bit|1040
Some non-malicious files are not included in this log.
Heuristics Settings: Age: 2, Pop: 2, Heu: 2 (Dir: 1)
Last Scan: Wed 2009-07-08 14:28:45 ora solare Europa occidentale. Number of Scans: 135. Last Scan Duration: 2 minutes 2 seconds.
(ACTIVE) c:\programmi\winmend\folder hidden\helpus.dll [PX5: 8570A62B00EEB8916697224E22AD72009AB301B5] Malware Group: Medium Risk Malware
[UP] (ACTIVE) c:\programmi\iolo\common\lib\carina.dll [PX5: 238BF06A006B3049D8230065AF3CBA00962E8423]
[UP] (ACTIVE) c:\programmi\iolo\common\lib\iolosearchfunctions.dll [PX5: 5301E285002A345AD20E00DEFED7FF005D32E1F2]
(ACTIVE) c:\windows\system32\rpcrt4.dll [PX5: 93D4D4E7002892DCEEEB0824BD83A8003E98BD43]
...........................

Thanks

 

Quale e-mail? Probabilmente mi è sfuggita

Ora controllo

Edit: fixato

 

un collega di HWUpgrade, dice di avertela inviata
Comunque l'importante è risolvergli il FP
Su quel forum ti ho fatto una domanda su un dubbio relativo all'uso o meno in ambito commerciale della trial se puoi illuminarmi ....
Grazie

 

risolto

 

Ti ho risposto anche su hwupgrade, comunque il link è sbagliato sul sito web

Il link corretto è: http://info.prevx.com/downloadcsibusiness.asp

 

Sorry about some italian posts written above

We've just found a mistake on our website. When you try to download trial business version of Prevx 3.0 you could be redirected to the home version of Prevx 3.0. Link is wrong, correct address is: http://info.prevx.com/downloadcsibusiness.asp

We are going to fix the problem on the website

 

Another FP with Kaspersky, this time with the 2010 version. Is:

c:\program files (x86)\kaspersky lab\kaspersky internet security 2010\x64\ievkbd.dll

 

We can't tell by just the filename Can you send a log to report@prevxresearch.com?

Thanks

 

I told it to ignore, and now it is in the log, but not as detected. Would the log still help?

 

Nessun problema sulla italiano post scritti sopra

 

eheheh, perfetto!

 

utmwmzg5.sys Malware or FP ?

Almost half the vendors on VirusTotal showed this as Malware when i again uploaded it a few hours ago. I also scanned it locally with several Apps including MBAM.

Malwarebytes' Anti-Malware 1.38 Database version: 2397 09/07/2009

Files Infected:
c:\Users\ \Desktop\U\utmwmzg5.sys (Rootkit.Bagle) -> No action taken.

If this a FP then it's a major ooops from all of them, if not lots of vendors have been caught with their pants down. Either way, not good.

 

Please can you send your scan log to report@prevxresearch.com?

Thank you