winrar 3.92 64bit false positives?

Discussion in 'malware problems & news' started by wutsup, Mar 14, 2010.

Thread Status:
Not open for further replies.
  1. wutsup

    wutsup Registered Member

    Joined:
    Sep 20, 2009
    Posts:
    630
    Location:
    United States
    hey wilders, i uploaded the winrar 3.92 x64 exe to virustotal and esafe says it has a win32.trojanhorse and mcafee+artemis says it has artemis.

    i downloaded the file from winrars official site(www.rarlab.com)

    are these false positives?

    link to virus total: ~Virus Total link removed per Policy.~
     
    Last edited by a moderator: Mar 14, 2010
  2. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,764
    Location:
    Texas
  3. wutsup

    wutsup Registered Member

    Joined:
    Sep 20, 2009
    Posts:
    630
    Location:
    United States
    ok thx for the info willl send the winrar 3.92 64bit exe to them,
    but just in general do you think its a false positive or not?
     
  4. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,764
    Location:
    Texas
    It may be but submitting it will allow them to correct the definition.
     
  5. wutsup

    wutsup Registered Member

    Joined:
    Sep 20, 2009
    Posts:
    630
    Location:
    United States
    i cant submit the file anymore since winrar now updated to 3.93, but i certainly hope the 3.92 was a false positive cause i installed it on my computer....but then i unisntalled it
     
  6. wutsup

    wutsup Registered Member

    Joined:
    Sep 20, 2009
    Posts:
    630
    Location:
    United States
    what does everyone else think? fp or not?
     
  7. lordpake

    lordpake Registered Member

    Joined:
    Aug 7, 2004
    Posts:
    563
    Location:
    Helsinki ~ European Union
    Well, if it looks lika a duck and quacks like a duck .. :)

    Unfortunately the scanners you listed are known to have false positives (though Artemis shouldn't be that sensitive ...).

    Since there were no detections by any of the major players, and you got the file from dev's site, the likelihood for false positive is massive :)
     
Thread Status:
Not open for further replies.