False positives

Discussion in 'Prevx Releases' started by PeterVO, Sep 10, 2009.

Thread Status:
Not open for further replies.
  1. PeterVO

    PeterVO Registered Member

    Joined:
    Aug 25, 2003
    Posts:
    87
    Location:
    Belgium, Leuven
    Hello,

    I'm using HitmanPro (V3.5.1 build 70) but it's the Prevx-detection module that's giving the following false positives :'(:

    1) XPSysPad.exe: "High Risk Worm"
    2) WinSuperMaximize.exe: "High Risk Infostealer".

    Kind regards,

    PeterV
     
  2. mhob

    mhob Registered Member

    Joined:
    Dec 22, 2008
    Posts:
    26
    Interesting. Prevx found "clnr0.dll" in my Avast Anti-virus data directory. It claimed it was malware. What was strange, is that I opened the Avast folder, right-clicked and scanned it with Avast. Then the file disappeared!

    I have been getting at least 1-2 detections a week that I think are false positives. This is with Heuristics at Medium/Low/Low. Most of the detections said it was "cloaked malware". One time it happened after I upgraded Creative Sound Card drivers.

    So I don't know what to believe? Do I really have cloaked malware on my system? Or is it all false positives? I'm tempted to just wipe out my whole drive and reinstall O/S.
     
  3. vlk

    vlk AV Expert

    Joined:
    Dec 26, 2002
    Posts:
    618
    <avast>\data\clnr0.dll is the avast virus cleaner module. It is digitally signed and should be safe (if the signature matches).
     
  4. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,011
    Location:
    Ontario, Canada
  5. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    I'm fairly sure these are false positives but its always worth checking if you could send us a log file using the instructions which Triple Helix has outlined:
    https://www.wilderssecurity.com/showthread.php?t=245129

    Thanks! :)

    In the meantime I will close this thread - please send me PM if you have any problems or questions!
     
    Last edited: Sep 10, 2009
Thread Status:
Not open for further replies.