Is this a false positive that Avira found?

Discussion in 'other anti-virus software' started by robinb, Mar 5, 2009.

Thread Status:
Not open for further replies.
  1. robinb

    robinb Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    456
    Location:
    NJ
    I have a client running xp home media center sp3. During a scan today avira free popped up saying there is a trojan called s the tr/Ransom.Hexzone.agn 1 trojan. which she quarantined

    The file 'C:\Program Files\Common Files\SupportSoft\bin\ssmail.dll'
    contained a virus or unwanted program 'TR/Ransom.Hexzone.agn.1' [trojan]
    Action(s) taken:
    The file was moved to '4a1d3452.qua'! (quarantine)



    I tried sending it you but i am getting an error saying
    Server Object Failed
    Received error msg from the smtp server
    525.5.7.13 account disabled

    HUH?
    this is the free version of Avira- why won't it send?
    and, is this a false positive?
    I posted it on the Avira forum but have not received an answer yet
    I was wondering if anyone else saw it here
    robin
     
  2. andyman35

    andyman35 Registered Member

    Joined:
    Nov 2, 2007
    Posts:
    2,336
  3. robinb

    robinb Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    456
    Location:
    NJ
    I did and a few more
    only 4 avg programs out of 10 see it the same thing.
    I put it back and superantispyware nor mambam sees it as a threat after doing a full scan but avira does, karpersky, avast and avg do not see it as a threat.
    Guess i will leave it in quarantine for about a month. If nothing goes nuts i will delete it.
    I am going to try to send it to them on their support page

    robin
     
  4. Baz_kasp

    Baz_kasp Registered Member

    Joined:
    May 1, 2008
    Posts:
    593
    Location:
    London
    http://analysis.avira.com/samples/

    Should be able to send in any files for checking for FP via that webform.
     
  5. robinb

    robinb Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    456
    Location:
    NJ
    I just found that after i typed this
    I emailed them the file- it said it was not a false positive but I thought that was strange since none of the big antivirus programs found it and superantispyware pro nor mambam found it either. You would think after i put it back one or all of these good programs would have popped up and found it.

    So I tried to do it as a false positive but it just hung there for 20minutes processing, so i saw where i could email it and i zipped it up and did just that
    robin
     
  6. GES/POR

    GES/POR Registered Member

    Joined:
    Nov 26, 2006
    Posts:
    1,490
    Location:
    Armacham
    Even if no AV recognizes a certain file as a threat does not mean its clean, theres too much baddies out there n they r multiplying like rabbits
     
  7. tesk

    tesk Registered Member

    Joined:
    Aug 9, 2007
    Posts:
    100
    If you want, robinb, you can send me the file and I will submit it to all the big antimalware vendors.

    Please PM me for my emailadress.
     
  8. robinb

    robinb Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    456
    Location:
    NJ
    thanks tesk but i have that availability too and i just talked to nick at superantispyware and he is going to evaluate it for me.

    robin
     
  9. tesk

    tesk Registered Member

    Joined:
    Aug 9, 2007
    Posts:
    100
    Okay, that is fair :)
     
  10. robinb9

    robinb9 Registered Member

    Joined:
    Apr 3, 2006
    Posts:
    219
    he says it is a false positive, so i posted this to the avira forum and waiting to see if they will fix it with an updated definition, otherwise i will tell avira to ignore it

    robin
     
Loading...
Thread Status:
Not open for further replies.