KAV False Positive mswinsck.ocx

I think that KAV gives a False Positive on
C:\WINDOWS\SYSTEM\MSWINSCK.OCX

I'm not exactly happy with this !

Scanned in Safe Mode on Win98SE with KAV 4.5

MD5 checksum:
e8a2190a9e8ee5e5d2e0b599bbf9dda6

This file was not changed on my system in a long time.
Report from NISFileCheck:
Application: c:\windows\system\mswinsck.ocx
Status: Unchanged
Version old: 6.01.9782
Size old: 124688
Date old: 2004-03-08 23:00:00
RMD160 Hash old: DADEF71BA2260FFF2820A7653D8BA07513C92DBD


First screenshot:

 

Checked at Jotti Online scanner.

Second screenshot:

 

Of course I know that every scanner can give a FP from time to time.
I know it.
In my case, at this moment (while I'm trying to fix someone-else's PC from a lot of malware), it's a bad moment...

I will later submit the file to KAV.

My question for the moment:
Did some of you find this FP too?

Cheers, Jan.

 

Please, I'm begging you ALL :

Did someone else of you get this alert from KAV also ?

Please, do let us know

Thanks in advance !!!
Cheers, Jan.

 

PLEASE !!!!!

PLEASE do let us know if you also got that warning from KAV.

PLEASE, I'm begging you all !

 

Is there really nobody here on this board who would like to help me here....?

Once again, I am begging on my knees :
PLEASE DO POST !!!!!!!!!!

 

Hi Fan,

I have the same file on 98SE, but an earlier version, 6.00.8988 106KB

I scanned at Jottis, Clean, and then with KAV and Antivir on my PC, Clean, followed by an attempt with AVG.

Part way through my PC froze and i had to restart. When it did it was in safe mode. As this often displaces the icons on the desktop, i did a regrestore to a previous copy. All is well now !

Have you thought of just DL a fresh copy of the file and replacing it ?


StevieO

 

Thanks a lot StevieO for replying !!!!!
Very much appreciated !!!!!

It looks to me at the moment that KAV has fixed it.
After having just updating my KAV 4.5 definitions to "known viruses 141265", I don't get that warning from KAV anymore when right-clicking that file and letting KAV scanning it.

And Jotti's online scanner doesn't give that warning too anymore
See screenie.

I was in desperate need to be sure that that file, or any other file on my system, was not infected.
I cannot help someone else on an infected system when I'm in doubt whether my own system is clean....

Time to let KAV do again a full system scan in Safe Mode while I'll try to have some sleep.

Thanks again StevieO for your posting !!!!!
Cheers, Jan.

 

I got the same FP today and sent it to KAV, within 5 minutes I had a reply that it was a false positve and would be fixed and it has been.

 

Thanks Honyak !!!
Thanks also to KAV for fixing it so quickly !!!

I fully admit that I was too much stressed when I posted this thread

 

Well what does this say, its time to update and use NOD32

 

Hi Albinoni,

It does not say very much: every scanner has sometimes a false positive.
Let's not forget that KAV fixed it quickly.

I do have both NOD32 and KAV

Again I would like to make clear that I should have posted in another way (I was too much stressed); I am sorry for that !

I really see no point in going on in this thread. There was a FP, people informed each other and KAV, and it was quickly fixed; that's all.

Best regards, Jan.

 

If I changed AV everytime I got a FP, I would be out of choices. Think I will stick with KAV.

 

I noticed KAV was falsely detecting /windows/system32/wextract.exe earlier today, but it was quickly fixed in the next hourly update

Further, I occasionally catch new worms on my honeypot and send them to kaspersky, and they are very quick to add them to their database.

I certainly value their quick responses

Ned

 

I had 3 FPs today. Quickly fixed as you said.


tD