False Positive - Downloader.Agent.ij

Discussion in 'ewido anti-spyware forum' started by JC_Denton, Jun 1, 2008.

Thread Status:
Not open for further replies.
  1. JC_Denton

    JC_Denton Registered Member

    Joined:
    Jun 14, 2007
    Posts:
    6
    Location:
    Weltstadt
    AVG AntiSpyware 7.5.1.43 with the latest definitions is showing the following log:

    D:\Eigene Dateien\Netzwerk\Cache\094FD36Cd01 -> Downloader.Agent.ij
    D:\Eigene Dateien\Netzwerk\Cache\7F43FCABd01 -> Downloader.Agent.ij
    D:\Eigene Dateien\Netzwerk\Cache\7F43FCCEd01 -> Downloader.Agent.ij
    D:\Eigene Dateien\Netzwerk\Cache\809D305Ed01 -> Downloader.Agent.ij

    The files were located in the Firefox browser cache. I scanned these with the following virusscan.jotti.org (nothing) and virustotal.com, all clean, only exception is Ewido:

    [font='Courier New, Courier, mono']Antivirus Version letzte aktualisierung Ergebnis
    AhnLab-V3 2008.5.30.1 2008.05.30 -
    AntiVir 7.8.0.26 2008.06.01 -
    Authentium 5.1.0.4 2008.06.01 -
    Avast 4.8.1195.0 2008.06.01 -
    AVG 7.5.0.516 2008.06.01 -
    BitDefender 7.2 2008.06.01 -
    CAT-QuickHeal 9.50 2008.05.31 -
    ClamAV 0.92.1 2008.06.01 -
    DrWeb 4.44.0.09170 2008.06.01 -
    eSafe 7.0.15.0 2008.06.01 -
    eTrust-Vet 31.4.5837 2008.05.30 -
    Ewido 4.0 2008.06.01 Downloader.Agent.ij
    F-Prot 4.4.4.56 2008.06.01 -
    F-Secure 6.70.13260.0 2008.06.01 -
    Fortinet 3.14.0.0 2008.06.01 -
    GData 2.0.7306.1023 2008.06.01 -
    Ikarus T3.1.1.26.0 2008.06.01 -
    Kaspersky 7.0.0.125 2008.06.01 -
    McAfee 5307 2008.05.30 -
    Microsoft 1.3520 2008.06.01 -
    NOD32v2 3150 2008.06.01 -
    Norman 5.80.02 2008.05.30 -
    Panda 9.0.0.4 2008.06.01 -
    Prevx1 V2 2008.06.01 -
    Rising 20.46.62.00 2008.06.01 -
    Sophos 4.29.0 2008.06.01 -
    Sunbelt 3.0.1139.1 2008.05.29 -
    Symantec 10 2008.06.01 -
    VBA32 3.12.6.6 2008.06.01 -
    VirusBuster 4.3.26:9 2008.06.01 -
    Webwasher-Gateway 6.6.2 2008.06.01 -[/font]

    WinXP Home Edition SP3 on my TOSHIBA Satellite Laptop behaves perfectly normal. Am I right in assuming that this is very likely to be a so called 'false postitive'? The installed Virus/Malware scanners i.e. AVIRA AntiVir, ThreatFire and Spyware Doctor do not detect anything in the mentioned files, either. Any suggestions?!

    Thanks in advance, Jessie :)
     
    Last edited: Jun 1, 2008
  2. karl.ewido

    karl.ewido former ewido team

    Joined:
    Dec 9, 2005
    Posts:
    236
    Location:
    Germany
    Please send us the detected files in a Password protected zip Archive (password: infected): submit at ewido dot net
    We will check these files and if they are really false positives, they will be fixed with the next Signature Updates.
     
  3. JC_Denton

    JC_Denton Registered Member

    Joined:
    Jun 14, 2007
    Posts:
    6
    Location:
    Weltstadt
    Ok, thanks for the quick reply. Processing... :cool:


    *edit*

    Call me stupid, but where exactly can I submit the file on the ewido-hompage?

    The Link mentioned in the FAQs does not work anymore:

    Where can I submit undetected or suspected malware?
    http://www.ewido.net/en/malware/

    o_O


    *edit²*

    Ok, sent one .zip-archive to virus at avg dot com
    Hope that will suffice.


    *edit³*

    Ok, apparently I was right.

     
    Last edited: Jun 2, 2008
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.