KAV False Positive mswinsck.ocx

Discussion in 'other anti-virus software' started by FanJ, Sep 20, 2005.

Thread Status:
Not open for further replies.
  1. FanJ

    FanJ Guest

    I think that KAV gives a False Positive on

    I'm not exactly happy with this ! :blink:

    Scanned in Safe Mode on Win98SE with KAV 4.5

    MD5 checksum:

    This file was not changed on my system in a long time.
    Report from NISFileCheck:
    Application: c:\windows\system\mswinsck.ocx
    Status: Unchanged
    Version old: 6.01.9782
    Size old: 124688
    Date old: 2004-03-08 23:00:00
    RMD160 Hash old: DADEF71BA2260FFF2820A7653D8BA07513C92DBD

    First screenshot:

    Attached Files:

  2. FanJ

    FanJ Guest

    Checked at Jotti Online scanner.

    Second screenshot:

    Attached Files:

  3. FanJ

    FanJ Guest

    Of course I know that every scanner can give a FP from time to time.
    I know it.
    In my case, at this moment (while I'm trying to fix someone-else's PC from a lot of malware), it's a bad moment...

    I will later submit the file to KAV.

    My question for the moment:
    Did some of you find this FP too?

    Cheers, Jan.
  4. FanJ

    FanJ Guest

    Please, I'm begging you ALL :

    Did someone else of you get this alert from KAV also ?

    Please, do let us know :D

    Thanks in advance !!!
    Cheers, Jan.
  5. FanJ

    FanJ Guest

    PLEASE !!!!!

    PLEASE do let us know if you also got that warning from KAV.

    PLEASE, I'm begging you all ! ;)
  6. FanJ

    FanJ Guest

    Is there really nobody here on this board who would like to help me here....?

    Once again, I am begging on my knees :
    PLEASE DO POST !!!!!!!!!!
  7. StevieO

    StevieO Guest

    Hi Fan,

    I have the same file on 98SE, but an earlier version, 6.00.8988 106KB

    I scanned at Jottis, Clean, and then with KAV and Antivir on my PC, Clean, followed by an attempt with AVG.

    Part way through my PC froze and i had to restart. When it did it was in safe mode. As this often displaces the icons on the desktop, i did a regrestore to a previous copy. All is well now !

    Have you thought of just DL a fresh copy of the file and replacing it ?

  8. FanJ

    FanJ Guest

    Thanks a lot StevieO for replying !!!!!
    Very much appreciated !!!!! :D

    It looks to me at the moment that KAV has fixed it.
    After having just updating my KAV 4.5 definitions to "known viruses 141265", I don't get that warning from KAV anymore when right-clicking that file and letting KAV scanning it.

    And Jotti's online scanner doesn't give that warning too anymore :)
    See screenie.

    I was in desperate need to be sure that that file, or any other file on my system, was not infected.
    I cannot help someone else on an infected system when I'm in doubt whether my own system is clean....

    Time to let KAV do again a full system scan in Safe Mode while I'll try to have some sleep.

    Thanks again StevieO for your posting !!!!!
    Cheers, Jan.

    Attached Files:

    Last edited by a moderator: Sep 20, 2005
  9. Honyak

    Honyak Registered Member

    Jul 19, 2004
    Deep South
    I got the same FP today and sent it to KAV, within 5 minutes I had a reply that it was a false positve and would be fixed and it has been.
  10. FanJ

    FanJ Guest

    Thanks Honyak !!!
    Thanks also to KAV for fixing it so quickly !!! :D

    I fully admit that I was too much stressed when I posted this thread :oops: :oops:
  11. Albinoni

    Albinoni Registered Member

    Feb 17, 2005
    Perth, Western Australia
    Well what does this say, its time to update and use NOD32 :D
  12. FanJ

    FanJ Guest

    Hi Albinoni,

    It does not say very much: every scanner has sometimes a false positive.
    Let's not forget that KAV fixed it quickly.

    I do have both NOD32 and KAV :)

    Again I would like to make clear that I should have posted in another way (I was too much stressed); I am sorry for that !

    I really see no point in going on in this thread. There was a FP, people informed each other and KAV, and it was quickly fixed; that's all.

    Best regards, Jan.
  13. Honyak

    Honyak Registered Member

    Jul 19, 2004
    Deep South
    If I changed AV everytime I got a FP, I would be out of choices. Think I will stick with KAV.
  14. Ned Slider

    Ned Slider Registered Member

    Mar 24, 2005
    I noticed KAV was falsely detecting /windows/system32/wextract.exe earlier today, but it was quickly fixed in the next hourly update :)

    Further, I occasionally catch new worms on my honeypot and send them to kaspersky, and they are very quick to add them to their database.

    I certainly value their quick responses :)

  15. Technodrome

    Technodrome Security Expert

    Feb 13, 2002
    New York
    I had 3 FPs today. Quickly fixed as you said.[​IMG]


    Attached Files:

Thread Status:
Not open for further replies.