Possible false positive in Pestpatrol?

Pestpatrol keeps finding trojan downloader.win32.agent.cp and i deleted this and put in quarantine. I have searched the web sites and they say this is a ccRegVfy.exe and has to do with Nortons. Some sites say to remove this while others say to keep this. Can somone here tell which is the right thing to do please? I have since put it back on but not sure if this was the right thing to do..Please help and thanks in advance.

 

Had exactly the same thing with PestPatrol, immediately after updating definitions last week. I didn't delete the ccregvfy file but the details given by PestPatrol leave you in no doubt that they think this files contains a Trojan. http://pestpatrol.com/PestInfo/t/trojandownloader_win32_agent_cp.asp

The mind boggles!

 

I have Pest Patrol and am getting that exact detection also. I wouldn't doubt it's another false positive. PP is famous for them.

I always consider anything I find with Pest Patrol to be a FP first, because nearly every time it turns out to be one.

That's one thing that I really dislike about Pest Patrol and some of the other spyware scanners, all the FP's make them nearly worthless.

If your a newbie they can really drive you crazy because you may go ahead and delete something the scanner finds, assuming it was really malware, and then you could have all kinds of problems and not even be aware it was the so-called malware you just deleted with the so-called trusted anti-spyware program.

I realize some FPs should be expected, but with this program they just never seem to end.

 

If they reduced their database to 100 then i am sure they could maintain it and keep it false positive free. Their database is tens of thousands and as such will inevitabily generate a few false positives. A few out of thousands is not bad really imho. You can always swap to another application. But you'll find that the others generate FP's as well.

muf

 

muf.

I can't agree with you. This latest example of a PestPatrol false positive has inevitably meant that thousands of people who have PP and NAV on their computers have gone ahead and blindly deleted the ccregvfy file. In PestPatrol's own words it said the certainty of this threat has been confirmed, (or something to that effect). It didn't say it might be a false positive or that care should be taken before deleting the file.

Most of the people who frequent this forum are unlikely to delete anything and everything flagged up by any of their anti-spyware programmes, without investigating it first, but thousands of people will do just that. Then they wonder why this or that programme doesn't work anymore.

You are perfectly correct to say that PP is not on its own when it comes to false positives but it certainly seems to be leading the field. (I still like, Cookie Patrol, however, lol).

 

Well i have to agree that PP is high up the list of FP generators. But it is also quite a unique application in what it protects against. If you look at the list of malware it searches for then i think you will agree that there isn't another application that covers such a broad spectrum. Yes it has flaws, and one is the FP's. The good thing is that any deletion's are quarantined by default. If your pc plays happy for the next 2 or 3 weeks then delete them permanently. If your pc starts misbehaving then restore what you deleted. It's not perfect but there's no one application out there that covers the range of malware that PP does. I have been using PP for about 3 years now. I have learned to live with the flaws because i know once i start a scan that it will be looking for a lot of different types of malware. But i remain always wary of FP's.

muf

 

muf.

Yes, fair comments.

 

not only does PP5 do that, but it detects the entire Norton antivirus Quarantine folder as an unknown pest. I use PP5 for the resident protection Only, and I never delete anything with it unless it is fully verified by another program, or by a support web site other then the CA web site

 

its becuase anything with "norton" sucks.no questions asked