False positives / Missing detections thread

Discussion in 'Prevx Releases' started by EraserHW, Jun 14, 2009.

Thread Status:
Not open for further replies.
  1. EraserHW

    EraserHW Malware Expert

    Joined:
    Oct 19, 2005
    Posts:
    588
    Location:
    Italy
    Hello,

    if you have encountered a false positive or Prevx is not detecting a malicious file, please follow the instructions listed inside the thread HowTo: reporting false positives / missing detections.

    Moreover, if you want you can write in this thread what you're going to report by e-mail.

    Please use only this thread for false positive or missing detection reports, this will help us to get everything more organized.

    Thank you and enjoy Prevx :)

    Marco
     
  2. elapsed

    elapsed Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    7,034
    I couldn't ask in the other thread so I'll ask here, anything in specific wrong with zip files? :p
     
  3. EraserHW

    EraserHW Malware Expert

    Joined:
    Oct 19, 2005
    Posts:
    588
    Location:
    Italy
    They are filtered by the mail service :)
     
  4. elapsed

    elapsed Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    7,034
    You should add that to the post.
     
  5. EraserHW

    EraserHW Malware Expert

    Joined:
    Oct 19, 2005
    Posts:
    588
    Location:
    Italy
    That's why password protected RAR archive is underlined :D I'll add this note too :)

    Thank you! :)
     
  6. cet

    cet Registered Member

    Joined:
    Sep 3, 2006
    Posts:
    870
    Location:
    Turkey/İzmir
    Prevx detected portable spiderplayer.exe medium risk malware.I think this is a false positive.I ran a virustotal scan and only prevx marks it as malware.Also there is an oggenc.exe in spider player file,it is marked as malware too.
     
  7. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Hello,
    Can you send both of these files in a RAR archive with a password to report@prevxresearch.com ?

    We will analyze them and correct the determinations ASAP :)
     
  8. cet

    cet Registered Member

    Joined:
    Sep 3, 2006
    Posts:
    870
    Location:
    Turkey/İzmir
    I sent the log and immediately got a reply from Prevx.Yes it is a false positive and will be corrected soon.Thanks for such a quick response.
     
  9. Habakuck

    Habakuck Registered Member

    Joined:
    May 24, 2009
    Posts:
    544
  10. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
  11. Habakuck

    Habakuck Registered Member

    Joined:
    May 24, 2009
    Posts:
    544
    Thanks. :thumb:
     
  12. Habakuck

    Habakuck Registered Member

    Joined:
    May 24, 2009
    Posts:
    544
    Last edited by a moderator: Jun 25, 2009
  13. elapsed

    elapsed Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    7,034
    I'm not sure why you attached the file, as stated all that's needed is the file's PX code from the log.
     
  14. sputnik451

    sputnik451 Registered Member

    Joined:
    Jul 27, 2004
    Posts:
    17
    Hi,
    Prevx detected operatorres.dll as medium risk malware.
    I have emailed the log as requested here
     
  15. TonyW

    TonyW Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    2,727
    Location:
    UK
    Undetected file submitted last night re: fraudulent security program from errorfix.com.
     
  16. Habakuck

    Habakuck Registered Member

    Joined:
    May 24, 2009
    Posts:
    544
    Because of missing reply to my Post #12 i sent the win2log at avira research lab. They could not find a virus or virulent components in the file so it is a FP.

    So plz fix this:
    In the same log Prevx marked this:
    But i dont get an infection message showing up by Prevx.
    Why?

    greetz
     
  17. EraserHW

    EraserHW Malware Expert

    Joined:
    Oct 19, 2005
    Posts:
    588
    Location:
    Italy
    Just checking your submissions :) Sorry for the delay, I've been a bit busy :doubt:
     
  18. EraserHW

    EraserHW Malware Expert

    Joined:
    Oct 19, 2005
    Posts:
    588
    Location:
    Italy
    Yes, I was going to reply to your e-mail right now :)

    First one is a false positive, I've just fixed it. Try again a scan, the second has been automatically marked as good by the database. So, you should not receive any other notification now.

    Best regards,

    Marco
     
  19. Habakuck

    Habakuck Registered Member

    Joined:
    May 24, 2009
    Posts:
    544
    =) Thank you very much.
     
  20. Habakuck

    Habakuck Registered Member

    Joined:
    May 24, 2009
    Posts:
    544
    And no problem about that! ;)

    best regards.
     
  21. TonyW

    TonyW Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    2,727
    Location:
    UK
    Has this been checked? The executable is still undetected.
     
  22. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Sorry for the delayed response :) We added protection a few minutes after you sent in the email - often it takes longer to send the response back than add protection :D

    I'll make sure that we reply faster in the future :)
     
  23. sputnik451

    sputnik451 Registered Member

    Joined:
    Jul 27, 2004
    Posts:
    17
    thanks for fix :)
     
  24. raven211

    raven211 Registered Member

    Joined:
    May 4, 2005
    Posts:
    2,567
    We're simply not meant to be together... (for now? :D) :D First time that I run Prevx now, four entries in the results are all FPs as it seems. :D I'm sure you can clarify the middle-ones, cause the other two - bottom and top - I know about.

    See attached image.

    The one at top is a part of GameGuard. Now this thing is kinda tricky... I got it explained elsewhere that it uses something like rootkit-techniques, even if it indeed should be completely harmless. It's very, very common for free online-games, and even more for the "manga-type" ones.

    The one at bottom is, as can be seen on the directory, a part of Vista Codec Pack. I too think it's suspicious with something like settings32.exe for a prog. like that, but neither Avira (which, BTW, is running with heur. set to High) or MSE is detecting it as malware. To be sure I also uploaded it to VirusTotal, which only showed some lame heuristical detections. ;) :p

    BTW, the same goes for gameguard.des, which would indeed trigger at any time as I run the game often (named Dragonica). :D


    Please see what you can find out what's up with the two with same name, different locations in the registry, and just tell me if you need a scan-log for the entries in your db.


    EDIT: Nah, WTH - I attach that too while I'm still on it. :D
     

    Attached Files:

  25. TonyW

    TonyW Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    2,727
    Location:
    UK
    Thanks for adding protection for this fraudulent program.

    What I don't understand is since you added this to the database soon after I sent the email why wasn't it detected when I did an on-demand scan of the file a few times during the day, including at the time of post #21.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.