Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Should "false" Positives Be Ignored?

28 Feb 2012   #1
seekermeister

W7x64 Pro, SuSe 12.1/** W7 x64 Pro, XP MCE
 
 
Should "false" Positives Be Ignored?

I just installed an update for a video recorder that I use (GETFlv) and Comodo popped an alert for the Trojware.Win32.Spy.Banker.Gen@1. Most of what I found Googling are non-English returns, but one I found from Virus Total indicated that only 4 out of 43 scanners balked on this program, and each of those four identified it by a different name.

https://www.virustotal.com/file/4608...53af/analysis/

That makes it appear that it is a false positive, but considering the nature of the trojan that it sees:

Quote:
Steal bank account information from your PC, and:
The Trojan can be configured to perform any of the following actions:
Captures Screenshots
Checks the title of active Internet Explorer Windows to see if it matches any preconfigured strings.
Delete all the URL cache and cookies.
Display a fake login screen for certain South American banking sites
Gather email addresses
May display a preconfigured message box
May search for and delete predetermined files
Record keystrokes
Register itself as a service
Replace the contents of hosts file
Search for and deletes files
Send an email with the collected information to the remote attacker
Monitor active Internet Explorer windows for user access to various web sites, particularly those of financial institutions.
I would like to be sure. Some might say to just not use the program, but it is quite expensive, and one that I use almost daily, so I wouldn't like that idea.

Am I just making too much of it or not?


My System SpecsSystem Spec
.

28 Feb 2012   #2
fseal

Windows 7 x64 Ultimate
 
 

Well... the trouble is, figureing out if it is really false or not .

Of course if it is a false positive then yes you can ignore it, but how do you know? Frequently with new virii or morphing ones, only a handfull or even one av scanner will even pick it up and it may be legit. On the other hand I've written code myself that managed to trip at virus scanner by accident in the past. There are now so many signatures and code is a fairly random set of bytes that it does just happen sometimes.

The only way to really get to the bottom of it is to contact the maker of the software and work it out with them... It's not unheard of for a companies build machine to get infected and then produce infected files for DL

Edit: Just a couple months ago I got a driver disk for a 4x2 HDMI switch that MSE flagged as having a virus on in the driver on the CD! Company was not responsive and so I just didn't install it...
My System SpecsSystem Spec
28 Feb 2012   #3
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

I don't use Comodo, but does it have a link to report what it found as a virus inside it's scanner program?
My System SpecsSystem Spec
.


28 Feb 2012   #4
seekermeister

W7x64 Pro, SuSe 12.1/** W7 x64 Pro, XP MCE
 
 

Quote   Quote: Originally Posted by fseal View Post
Well... the trouble is, figureing out if it is really false or not .

Of course if it is a false positive then yes you can ignore it, but how do you know? Frequently with new virii or morphing ones, only a handfull or even one av scanner will even pick it up and it may be legit. On the other hand I've written code myself that managed to trip at virus scanner by accident in the past. There are now so many signatures and code is a fairly random set of bytes that it does just happen sometimes.

The only way to really get to the bottom of it is to contact the maker of the software and work it out with them... It's not unheard of for a companies build machine to get infected and then produce infected files for DL

Edit: Just a couple months ago I got a driver disk for a 4x2 HDMI switch that MSE flagged as having a virus on in the driver on the CD! Company was not responsive and so I just didn't install it...
Yes, I sent an email to them about this, but the problem with that, is if the programmers were the type that would design their program for malicious purposes, they wouldn't admit it. I have not found that this company is particularly responsive, regardless of the nature of an enquiry, but since I have been using this program for a couple of years, I tend to doubt that the program is malicious. It's just that rather than have any suspicion, I would like to feel certain that it is safe.
My System SpecsSystem Spec
28 Feb 2012   #5
seekermeister

W7x64 Pro, SuSe 12.1/** W7 x64 Pro, XP MCE
 
 

Quote   Quote: Originally Posted by Jacee View Post
I don't use Comodo, but does it have a link to report what it found as a virus inside it's scanner program?
Yes, I did send it to them, but I'm more interested in a report to me, than to them.
My System SpecsSystem Spec
28 Feb 2012   #6
fseal

Windows 7 x64 Ultimate
 
 

I wasn't suggesting that the programmers themselves did it on purpose, but it's possible that they unknowingly have an infected build machine OR it may be that by pure accident this compile triggers the signature detection.

In both cases there may be something they can do to fix it. Like I said, it happened to me at an old company and we were notified and we fixed the problem and issued an update. (Though I admit that I seem to work for the only companies in the universe that actually care when someone calls in with a problem).
My System SpecsSystem Spec
28 Feb 2012   #7
seekermeister

W7x64 Pro, SuSe 12.1/** W7 x64 Pro, XP MCE
 
 

Kharma or kismet?
My System SpecsSystem Spec
Reply

 Should "false" Positives Be Ignored?




Thread Tools





Similar help and support threads
Thread Forum
"Bad Sector" False Positives: Bad blocks caused by write errors?
Are bad sectors always irreversible hardware problems? How do programs test for bad sectors, and could it be possible for soft data errors to come up as damaged blocks even if they are physically just fine? I recently had a drive come into my possession that had completely failed within the...
Hardware & Devices
IE & Chrome: "__.exe contained a virus and was deleted." FALSE REPORT
Hi all. I searched through the forum & didn't find any reports like this. A client's employee needed my help remotely via Teamviewer the last 24 hours. Old, old, old Pentium 4 PC running Win 7 32-bit; 512MB RAM (wth?) :cry: The system is old, and was running even slower than it usually does...
System Security
I hate false positives
Malware is bad, but false positives are almost as bad, in my experience. I know no single antimalware is perfect, and free programs aren't near the quality of pay programs, and you often have to run 2 or more to find everything. MSE is.... well, it's free and part of Window sand while it offers...
System Security
GFWL Giving "False Positive" Error Message
Hi I'm getting an error message everytime I start my game, although there is nothing wrong!! I just close the message and play my game. Is there a way to get rid of this nuisance?
Gaming
Malwarebytes false positives?
I scanned my system using Malwarebytes flash scan and here is the Log Files: 1/3/2012 3:24:19 PM mbam-log-2012-01-03 (15-24-19).txt Scan type: Flash scan Scan options enabled: Memory | Startup | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: Registry | File...
System Security
Cascading false positives.
Source - Viruslist.com - Analyst's Diary
Security News

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 19:16.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App