Is this a false positive that Avira found?

Discussion in 'other anti-virus software' started by robinb, Mar 5, 2009.

Thread Status:
Not open for further replies.
  1. robinb

    robinb Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    456
    Location:
    NJ
    I have a client running xp home media center sp3. During a scan today avira free popped up saying there is a trojan called s the tr/Ransom.Hexzone.agn 1 trojan. which she quarantined

    The file 'C:\Program Files\Common Files\SupportSoft\bin\ssmail.dll'
    contained a virus or unwanted program 'TR/Ransom.Hexzone.agn.1' [trojan]
    Action(s) taken:
    The file was moved to '4a1d3452.qua'! (quarantine)



    I tried sending it you but i am getting an error saying
    Server Object Failed
    Received error msg from the smtp server
    525.5.7.13 account disabled

    HUH?
    this is the free version of Avira- why won't it send?
    and, is this a false positive?
    I posted it on the Avira forum but have not received an answer yet
    I was wondering if anyone else saw it here
    robin
     
  2. andyman35

    andyman35 Registered Member

    Joined:
    Nov 2, 2007
    Posts:
    2,336
  3. robinb

    robinb Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    456
    Location:
    NJ
    I did and a few more
    only 4 avg programs out of 10 see it the same thing.
    I put it back and superantispyware nor mambam sees it as a threat after doing a full scan but avira does, karpersky, avast and avg do not see it as a threat.
    Guess i will leave it in quarantine for about a month. If nothing goes nuts i will delete it.
    I am going to try to send it to them on their support page

    robin
     
  4. Baz_kasp

    Baz_kasp Registered Member

    Joined:
    May 1, 2008
    Posts:
    593
    Location:
    London
    http://analysis.avira.com/samples/

    Should be able to send in any files for checking for FP via that webform.
     
  5. robinb

    robinb Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    456
    Location:
    NJ
    I just found that after i typed this
    I emailed them the file- it said it was not a false positive but I thought that was strange since none of the big antivirus programs found it and superantispyware pro nor mambam found it either. You would think after i put it back one or all of these good programs would have popped up and found it.

    So I tried to do it as a false positive but it just hung there for 20minutes processing, so i saw where i could email it and i zipped it up and did just that
    robin
     
  6. GES/POR

    GES/POR Registered Member

    Joined:
    Nov 26, 2006
    Posts:
    1,490
    Location:
    Armacham
    Even if no AV recognizes a certain file as a threat does not mean its clean, theres too much baddies out there n they r multiplying like rabbits
     
  7. tesk

    tesk Registered Member

    Joined:
    Aug 9, 2007
    Posts:
    100
    If you want, robinb, you can send me the file and I will submit it to all the big antimalware vendors.

    Please PM me for my emailadress.
     
  8. robinb

    robinb Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    456
    Location:
    NJ
    thanks tesk but i have that availability too and i just talked to nick at superantispyware and he is going to evaluate it for me.

    robin
     
  9. tesk

    tesk Registered Member

    Joined:
    Aug 9, 2007
    Posts:
    100
    Okay, that is fair :)
     
  10. robinb9

    robinb9 Registered Member

    Joined:
    Apr 3, 2006
    Posts:
    219
    he says it is a false positive, so i posted this to the avira forum and waiting to see if they will fix it with an updated definition, otherwise i will tell avira to ignore it

    robin
     
Loading...
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.