False Positive - Downloader.Agent.ij

Discussion in 'ewido anti-spyware forum' started by JC_Denton, Jun 1, 2008.

Thread Status:
Not open for further replies.
  1. JC_Denton

    JC_Denton Registered Member

    Joined:
    Jun 14, 2007
    Posts:
    6
    Location:
    Weltstadt
    AVG AntiSpyware 7.5.1.43 with the latest definitions is showing the following log:

    D:\Eigene Dateien\Netzwerk\Cache\094FD36Cd01 -> Downloader.Agent.ij
    D:\Eigene Dateien\Netzwerk\Cache\7F43FCABd01 -> Downloader.Agent.ij
    D:\Eigene Dateien\Netzwerk\Cache\7F43FCCEd01 -> Downloader.Agent.ij
    D:\Eigene Dateien\Netzwerk\Cache\809D305Ed01 -> Downloader.Agent.ij

    The files were located in the Firefox browser cache. I scanned these with the following virusscan.jotti.org (nothing) and virustotal.com, all clean, only exception is Ewido:

    [font='Courier New, Courier, mono']Antivirus Version letzte aktualisierung Ergebnis
    AhnLab-V3 2008.5.30.1 2008.05.30 -
    AntiVir 7.8.0.26 2008.06.01 -
    Authentium 5.1.0.4 2008.06.01 -
    Avast 4.8.1195.0 2008.06.01 -
    AVG 7.5.0.516 2008.06.01 -
    BitDefender 7.2 2008.06.01 -
    CAT-QuickHeal 9.50 2008.05.31 -
    ClamAV 0.92.1 2008.06.01 -
    DrWeb 4.44.0.09170 2008.06.01 -
    eSafe 7.0.15.0 2008.06.01 -
    eTrust-Vet 31.4.5837 2008.05.30 -
    Ewido 4.0 2008.06.01 Downloader.Agent.ij
    F-Prot 4.4.4.56 2008.06.01 -
    F-Secure 6.70.13260.0 2008.06.01 -
    Fortinet 3.14.0.0 2008.06.01 -
    GData 2.0.7306.1023 2008.06.01 -
    Ikarus T3.1.1.26.0 2008.06.01 -
    Kaspersky 7.0.0.125 2008.06.01 -
    McAfee 5307 2008.05.30 -
    Microsoft 1.3520 2008.06.01 -
    NOD32v2 3150 2008.06.01 -
    Norman 5.80.02 2008.05.30 -
    Panda 9.0.0.4 2008.06.01 -
    Prevx1 V2 2008.06.01 -
    Rising 20.46.62.00 2008.06.01 -
    Sophos 4.29.0 2008.06.01 -
    Sunbelt 3.0.1139.1 2008.05.29 -
    Symantec 10 2008.06.01 -
    VBA32 3.12.6.6 2008.06.01 -
    VirusBuster 4.3.26:9 2008.06.01 -
    Webwasher-Gateway 6.6.2 2008.06.01 -[/font]

    WinXP Home Edition SP3 on my TOSHIBA Satellite Laptop behaves perfectly normal. Am I right in assuming that this is very likely to be a so called 'false postitive'? The installed Virus/Malware scanners i.e. AVIRA AntiVir, ThreatFire and Spyware Doctor do not detect anything in the mentioned files, either. Any suggestions?!

    Thanks in advance, Jessie :)
     
    Last edited: Jun 1, 2008
  2. karl.ewido

    karl.ewido former ewido team

    Joined:
    Dec 9, 2005
    Posts:
    236
    Location:
    Germany
    Please send us the detected files in a Password protected zip Archive (password: infected): submit at ewido dot net
    We will check these files and if they are really false positives, they will be fixed with the next Signature Updates.
     
  3. JC_Denton

    JC_Denton Registered Member

    Joined:
    Jun 14, 2007
    Posts:
    6
    Location:
    Weltstadt
    Ok, thanks for the quick reply. Processing... :cool:


    *edit*

    Call me stupid, but where exactly can I submit the file on the ewido-hompage?

    The Link mentioned in the FAQs does not work anymore:

    Where can I submit undetected or suspected malware?
    http://www.ewido.net/en/malware/

    o_O


    *edit²*

    Ok, sent one .zip-archive to virus at avg dot com
    Hope that will suffice.


    *edit³*

    Ok, apparently I was right.

     
    Last edited: Jun 2, 2008
Thread Status:
Not open for further replies.