New
#11
which AV you using?
The file is ~.7 GB. I calculate it takes me over 2.5 hrs to upload if all goes well at my 800Kbs upstream rate, and renders the rest of my internet activity pretty useless as it sucks up all my upstream bandwidth. I'm doing one upload to Agnitum - one attempt already got canned as I tried some other internet surfing, and I have to remember not to reboot while this is going on . I'll post when I have more details. Meanwhile my house and tenants need some looking after .
Well, as I was about to start a new upload marathon, I suddenly had the idea, if it was scanning OK before and then starts scanning positive after the update from 7/23 (verified in two images - I hadn't used 7232 since the 18th, and when I first booted the scan was OK, then after the latest update it scanned positive like in 7600), maybe the new updates would correct a false positive?
Well, I just scanned it again since I've had a bunch of updates since the 23rd, and I'm back to negative again! Woo-hoo! Either way I'll send it to them and have them peruse it.
all's well that ends well - good to see that it was indeed a false positive
one day AV makers will get it right...
Yes, and pigs will fly, and the governments (all of them) will be just, efficient and effective, and relatively tax-free . I'm appreciative of AV being part science, part black art .
Well my second upload attempt crapped out also sometime while I was having lunch - I think the file is just too big. I'll see if I get any response in their forum.
did you say in the OP that the file was part of a zip archive?
can you isolate the 'suspect' file and just upload that, rather than the whole zip?
from what i can tell it might have been a single file in a zip archive from what i can see...:)
if you are able to recreate the same scenario you could the AV off then scan the folder you extracted the archive too...
and for the AV makers, well Morro is coming out so it turn ugly (and it just out to be good for us consumers as there is a base standard which every commercial AV vendor must at least surpass in order to be profitable...)
Well, I have been reluctant to do anything that might remotely trigger the potential malware, not even opening the archive with Winzip (I actually have a license, how anal is that!) until I have a better handle on the sitch.
And unfortunately it appears my false positive gone experience wasn't quite true. What happened is I did a file-specific right-click / Scan for malware, and apparently that works different, or possible doesn't work as expected in Win 7 which is still in beta trim for this release. I just did another full system scan and they (I have two copies currently) showed up again.
The good news? The same sig showed up this time three times, the two zip archives, and an OCX in my 7232 partition's SysWOW64, mswinsck.ocx which is a skimpy 106KB. And it matches what might have been installed by that installation ZIP. I'll send that and see what happens now.
BTW, the right-click / Scan for malware gives positive on the OCX file, but not on the ZIP that seems to contain it.