False positives / Missing detections thread

Hello,

if you have encountered a false positive or Prevx is not detecting a malicious file, please follow the instructions listed inside the thread HowTo: reporting false positives / missing detections.

Moreover, if you want you can write in this thread what you're going to report by e-mail.

Please use only this thread for false positive or missing detection reports, this will help us to get everything more organized.

Thank you and enjoy Prevx

Marco

 

I couldn't ask in the other thread so I'll ask here, anything in specific wrong with zip files?

 

They are filtered by the mail service

 

You should add that to the post.

 

That's why password protected RAR archive is underlined I'll add this note too

Thank you!

 

Prevx detected portable spiderplayer.exe medium risk malware.I think this is a false positive.I ran a virustotal scan and only prevx marks it as malware.Also there is an oggenc.exe in spider player file,it is marked as malware too.

 

Hello,
Can you send both of these files in a RAR archive with a password to report@prevxresearch.com ?

We will analyze them and correct the determinations ASAP

 

I sent the log and immediately got a reply from Prevx.Yes it is a false positive and will be corrected soon.Thanks for such a quick response.

 

PrevX detects Vista Firwall Control Set 2.5 while boot up.
http://www.sphinx-soft.com/download/VistaFirewallControl-Setup-i386.exe
Heuristic Settings at maximum.

 

Fixed This was a pure-heuristic FP thanks to the file modifying firewall settings

 

Thanks.

 

I did not send an e-mail cause i am not sure whether this is a FP or not.

VirusTotal link removed per forum Policy.

File is attached. Passwort is "infected" as normal.
http://www.file-upload.net/download-1724212/win2log.rar.html

 

I'm not sure why you attached the file, as stated all that's needed is the file's PX code from the log.

 

Hi,
Prevx detected operatorres.dll as medium risk malware.
I have emailed the log as requested here

 

Undetected file submitted last night re: fraudulent security program from errorfix.com.

 

Because of missing reply to my Post #12 i sent the win2log at avira research lab. They could not find a virus or virulent components in the file so it is a FP.

So plz fix this:

In the same log Prevx marked this:

But i dont get an infection message showing up by Prevx.
Why?

greetz

 

Just checking your submissions Sorry for the delay, I've been a bit busy

 

Yes, I was going to reply to your e-mail right now

First one is a false positive, I've just fixed it. Try again a scan, the second has been automatically marked as good by the database. So, you should not receive any other notification now.

Best regards,

Marco

 

=) Thank you very much.

 

And no problem about that!

best regards.

 

Has this been checked? The executable is still undetected.

 

Sorry for the delayed response We added protection a few minutes after you sent in the email - often it takes longer to send the response back than add protection

I'll make sure that we reply faster in the future

 

thanks for fix

 

We're simply not meant to be together... (for now? ) First time that I run Prevx now, four entries in the results are all FPs as it seems. I'm sure you can clarify the middle-ones, cause the other two - bottom and top - I know about.

See attached image.

The one at top is a part of GameGuard. Now this thing is kinda tricky... I got it explained elsewhere that it uses something like rootkit-techniques, even if it indeed should be completely harmless. It's very, very common for free online-games, and even more for the "manga-type" ones.

The one at bottom is, as can be seen on the directory, a part of Vista Codec Pack. I too think it's suspicious with something like settings32.exe for a prog. like that, but neither Avira (which, BTW, is running with heur. set to High) or MSE is detecting it as malware. To be sure I also uploaded it to VirusTotal, which only showed some lame heuristical detections.

BTW, the same goes for gameguard.des, which would indeed trigger at any time as I run the game often (named Dragonica).


Please see what you can find out what's up with the two with same name, different locations in the registry, and just tell me if you need a scan-log for the entries in your db.


EDIT: Nah, WTH - I attach that too while I'm still on it.

 

Thanks for adding protection for this fraudulent program.

What I don't understand is since you added this to the database soon after I sent the email why wasn't it detected when I did an on-demand scan of the file a few times during the day, including at the time of post #21.