is still working report at prevxresearch dot com?

Discussion in 'Prevx Releases' started by camelia, Nov 4, 2011.

Thread Status:
Not open for further replies.
  1. camelia

    camelia Registered Member

    Joined:
    Nov 4, 2011
    Posts:
    131
    Location:
    Mexico City
    I am very sorry, Can I ask to the Prevx 3.0 team if you received my mail to report@prevxresearch.com and if is ok the way I sent it?

    Subject
    Prevx 3.0 NVIDA result infected FP?

    My boyfriend is going to kill me, Please let me know :'(

    Thank you
    Camelia
     
  2. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    Yes it works. :thumb:
    Hurry send it before your BF goes :argh:
     
  3. m0unds

    m0unds Guest

    it'd probably be better to use their support inbox than that email address. i'd pm'd prevxhelp about it because i submitted a couple of fp reports there that hadn't been corrected after a few days, and he pointed me towards the support inbox.

    i'm guessing for prevx 3.0 that would still be http://info.prevx.com/service.asp
     
  4. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,014
    Location:
    Ontario, Canada
    That is correct until all Prevx users are upgraded to WSA then for WSA you use https://www.webrootanywhere.com/servicewelcome.asp? to contact support! Only use report@prevxresearch.com if PrevxHelp or someone from Prevx ask you to send something to them!

    TH
     
    Last edited: Nov 5, 2011
  5. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    :thumb: We are still checking it but because we get 15,000+ spam messages for every one FP, mails will get lost pretty frequently. It would be best to write into our support inbox or upgrade to WSA which is managed by a much larger support team and write into there :)
     
  6. camelia

    camelia Registered Member

    Joined:
    Nov 4, 2011
    Posts:
    131
    Location:
    Mexico City
    Girls are very clever, we are not clumsy, I have never had the experience with a FP reported by Prevx.

    Prevx_fp.JPG

    I have to be honest, for me it was a panic moment, the computer is not mine,
    Once Prevx fix the issue:
    GetRight, now is a suspicious application.
    The wireless keyboard is ok, BUT the wireless mouse is not responding, I had to connect a PS/2 mouse that is giving me some problems.
    The SUPERAntiSpyware Professional's GUI shows weird

    05Prevx.JPG

    I only updated the Nvidia drivers to the latest version is it extremely difficult?

    NVDIA is a well know driver!!!!, If the FP would have been for the drivers of a new Hauppauge product I would understand

    All the OS my BF installed in his machine are in English, he's out of town and the DVD to uninstall Prevx in my computer I can not find it

    My OS is in Spanish, Prevx installed, How do I KNOW I won't have the same problem, updating the NVDIA international drivers?
    http://us.download.nvidia.com/Windows/285.58/285.58-desktop-winxp-32bit-international-whql.exe

    What I am going to say to him once he returns next monday?
    Hey I updated your NVDIA drivers, and now your mouse is not working, btw GetRight, now is a suspicious application and you have to reinstall SAS, just due Prevx reported FP

    I do not know at this moment how to return this computer to its original state, since System Restore is turned off, I am clever girl, asking for help at this
    forum

    I am very UPSET with Prevx

    Camelia
     
    Last edited: Nov 5, 2011
  7. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,771
    Location:
    Outer space
    If you go to the Prevx GUI and click on status so the normal menu's return, you can go to Tools and Save Scan Results, which will show the hashes(fingerprints) of all the detected files, so Prevx can fix the FP's.(You can also click Undo Cleanup there to revert the deletion of those files.)
     
  8. camelia

    camelia Registered Member

    Joined:
    Nov 4, 2011
    Posts:
    131
    Location:
    Mexico City

    Thank you cariño, I will try your solution at this moment

    But also I want Prevx check GetRight for FP

    Camelia
     
    Last edited: Nov 5, 2011
  9. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,014
    Location:
    Ontario, Canada
    She is using a free version of Prevx but these files looks to me to be in a dubious places o_O so the PX5 hash's would be great from the log!

    TH
     
  10. camelia

    camelia Registered Member

    Joined:
    Nov 4, 2011
    Posts:
    131
    Location:
    Mexico City

    Yes, my BF installed the free version, do you want me to buy the license?

    Could you please be so kind to explain why these files looks to you to be in a dubious places?

    Thanks
    Camelia
     
  11. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,014
    Location:
    Ontario, Canada
    Can you save a scan log and post the PX5 hash's for the files listed in your picture? And yes they look to be in the dubious places such as:

    C:\downloads\win_system32\
    C:\downloads\program_files\nvidia corporation

    TH
     
    Last edited: Nov 5, 2011
  12. camelia

    camelia Registered Member

    Joined:
    Nov 4, 2011
    Posts:
    131
    Location:
    Mexico City

    Here they are cariño,

    Prevx Scan Log - Version v3.0.5.220
    Log Generated: 5/11/2011 18:08, Type: 0,1
    Windows XP Professional Service Pack 3 (Build 2600) 32bit|1033
    Hostname: EXCLUDE FOR SECURITY REASONS
    Some non-malicious files are not included in this log.
    Heuristics Settings: Age: 1, Pop: 1, Heu: 2 (Dir: 1)
    Last Scan: Sat 2011-11-05 18:08:17 Mexico Standard Time. Number of Scans: 32. Last Scan Duration: 5 seconds.
    [G] (ACTIVE) c:\downloads\malware detected by prevx 3.0\win_system32\nvmctray.dll [PX5: CCA904B24015F75219650308403F2700CC9C2F46]
    [G] (ACTIVE) c:\downloads\malware detected by prevx 3.0\program_files\nvidia corporation\installer2\display.controlpanel.1\nvmctray.dll [PX5: CCA904B24015F75219650308403F2700CC9C2F46]
    [G] (ACTIVE) c:\downloads\malware detected by prevx 3.0\nvidia\displaydriver\285.58\winxp\english\displaycontrolpanel\nvmctray.dll [PX5: CCA904B24015F75219650308403F2700CC9C2F46]


    End of Prevx Scan Log - http://www.prevx.com

    Are these files looks to you to be in a dubious places?

    Camelia
     
  13. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,014
    Location:
    Ontario, Canada
    Thanks PrevxHelp will let you know if the files are legit! I'm just saying that these files should not be in a (downloads) folder! And there are 3 of the same file in 3 different places under dubious names!

    c:\downloads\malware detected by prevx 3.0\win_system32\nvmctray.dll
    c:\downloads\malware detected by prevx 3.0\program_files\nvidia corporation\installer2\display.controlpanel.1\nvmctray.dll
    c:\downloads\malware detected by prevx 3.0\nvidia\displaydriver\285.58\winxp\english\displaycontrolpanel\nvmctray.dll

    TH
     
    Last edited: Nov 5, 2011
  14. camelia

    camelia Registered Member

    Joined:
    Nov 4, 2011
    Posts:
    131
    Location:
    Mexico City
    Oh! I follow the instruction the instructions at

    https://www.wilderssecurity.com/showthread.php?t=245129

    I collect all FP into (downloads) folder, to add them to WinRar add to archive and e-mail to report@prevxresearch.com

    For this Is the issue I am having?

    Camelia
     
  15. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,014
    Location:
    Ontario, Canada
    For those 3 files yes just delete them from the downloads folder but they have [G] beside them which means they are good files o_O, the other 2 I will leave it upto PrevxHelp to help you further!

    TH
     
  16. camelia

    camelia Registered Member

    Joined:
    Nov 4, 2011
    Posts:
    131
    Location:
    Mexico City

    So I am alone now? its up to me?
    I will tell the truth to my BF, and I will send another e-mail to report@prevxresearch.com
    to check if GetRight.exe is FP

    I want to go to the movies with my mom, I am bored about this topic...

    Thank Triple Helix for your help

    Camelia
     
  17. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,014
    Location:
    Ontario, Canada
    I would use this address http://info.prevx.com/service.asp and send them all the files lines that are detected as bad [B ] from a new scan log!

    TH
     
  18. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Please try uninstalling and reinstalling Prevx or right clicking the detection within the UI and selecting "Report as a false positive". We fixed these detections last week so they should be clear now.
     
  19. fblais

    fblais Registered Member

    Joined:
    Jul 31, 2008
    Posts:
    839
    Location:
    Québec, Canada
    Right-clicking in Prevx?
    I don't see where I could right-click.
    (having some false positive problems too, which I sent to support)
    I don't see any Quarantine tab or the like.

    Regards,
    François
     
  20. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,014
    Location:
    Ontario, Canada
    Just Right Click on each file in the Prevx window and select "Report as a false positive" which will put them under Detection Overrides Tab https://www.wilderssecurity.com/attachment.php?attachmentid=230121&d=1320533687 and Under tools> Undo Clean Up Tab is the Quarantine location you can read more about it here near the bottom: http://info.prevx.com/help.asp

    HTH,

    TH
     
    Last edited: Nov 6, 2011
  21. fblais

    fblais Registered Member

    Joined:
    Jul 31, 2008
    Posts:
    839
    Location:
    Québec, Canada
    I see, thanks.
    However, right-clicking probably works only when the scan is done and Prevx reporting the detection.
    Right-clicking in the Undo Cleanup doesn't work.
    I don't see any way to Report as false positive from there. (?)

    I've installed in the french locale, and this screen (Undo cleanup) is badly translated.
    (and since I see no way to get the UI in english, I'm now just making presumptions on the english wording)
    The button on the far left is called "Annuler" which is the french term for "Cancel". In the english UI, it's probably Restore I guess?. (if it's also Cancel then it's pretty confusing)
    Undo would be a better term.
    For french, "Rétablir" would be much better than "Annuler".

    Anyway, since Prevx is no longer developed, I suppose it's not something that'll change now.
     
  22. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,014
    Location:
    Ontario, Canada
    True you can't but if you restore all and do a scan and then when the files comes up as a detection again that is where you Right Click and "Report as a false positive" if you are sure that they are really safe files?

    And the translations has been improved greatly so I heard in WSA! ;)

    HTH,

    TH
     
    Last edited: Nov 6, 2011
  23. fblais

    fblais Registered Member

    Joined:
    Jul 31, 2008
    Posts:
    839
    Location:
    Québec, Canada
    Thanks.
    Does "Report as a false positive" really reports it to your lab?
    I'm under the impression it just puts it in "ignore" mode locally.

    I recently bought a Prevx license, and am awaiting to be upgraded to WSA. :)

    Regards,
    François
     
  24. camelia

    camelia Registered Member

    Joined:
    Nov 4, 2011
    Posts:
    131
    Location:
    Mexico City
  25. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,014
    Location:
    Ontario, Canada
Thread Status:
Not open for further replies.