Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Should "false" Positives Be Ignored?


28 Feb 2012   #1

W7x64 Pro, SuSe 12.1/** W7 x64 Pro, XP MCE
 
 
Should "false" Positives Be Ignored?

I just installed an update for a video recorder that I use (GETFlv) and Comodo popped an alert for the Trojware.Win32.Spy.Banker.Gen@1. Most of what I found Googling are non-English returns, but one I found from Virus Total indicated that only 4 out of 43 scanners balked on this program, and each of those four identified it by a different name.

https://www.virustotal.com/file/4608...53af/analysis/

That makes it appear that it is a false positive, but considering the nature of the trojan that it sees:

Quote:
Steal bank account information from your PC, and:
The Trojan can be configured to perform any of the following actions:
Captures Screenshots
Checks the title of active Internet Explorer Windows to see if it matches any preconfigured strings.
Delete all the URL cache and cookies.
Display a fake login screen for certain South American banking sites
Gather email addresses
May display a preconfigured message box
May search for and delete predetermined files
Record keystrokes
Register itself as a service
Replace the contents of hosts file
Search for and deletes files
Send an email with the collected information to the remote attacker
Monitor active Internet Explorer windows for user access to various web sites, particularly those of financial institutions.
I would like to be sure. Some might say to just not use the program, but it is quite expensive, and one that I use almost daily, so I wouldn't like that idea.

Am I just making too much of it or not?

My System SpecsSystem Spec
.

28 Feb 2012   #2

Windows 7 x64 Ultimate
 
 

Well... the trouble is, figureing out if it is really false or not .

Of course if it is a false positive then yes you can ignore it, but how do you know? Frequently with new virii or morphing ones, only a handfull or even one av scanner will even pick it up and it may be legit. On the other hand I've written code myself that managed to trip at virus scanner by accident in the past. There are now so many signatures and code is a fairly random set of bytes that it does just happen sometimes.

The only way to really get to the bottom of it is to contact the maker of the software and work it out with them... It's not unheard of for a companies build machine to get infected and then produce infected files for DL

Edit: Just a couple months ago I got a driver disk for a 4x2 HDMI switch that MSE flagged as having a virus on in the driver on the CD! Company was not responsive and so I just didn't install it...
My System SpecsSystem Spec
28 Feb 2012   #3
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

I don't use Comodo, but does it have a link to report what it found as a virus inside it's scanner program?
My System SpecsSystem Spec
.


28 Feb 2012   #4

W7x64 Pro, SuSe 12.1/** W7 x64 Pro, XP MCE
 
 

Quote   Quote: Originally Posted by fseal View Post
Well... the trouble is, figureing out if it is really false or not .

Of course if it is a false positive then yes you can ignore it, but how do you know? Frequently with new virii or morphing ones, only a handfull or even one av scanner will even pick it up and it may be legit. On the other hand I've written code myself that managed to trip at virus scanner by accident in the past. There are now so many signatures and code is a fairly random set of bytes that it does just happen sometimes.

The only way to really get to the bottom of it is to contact the maker of the software and work it out with them... It's not unheard of for a companies build machine to get infected and then produce infected files for DL

Edit: Just a couple months ago I got a driver disk for a 4x2 HDMI switch that MSE flagged as having a virus on in the driver on the CD! Company was not responsive and so I just didn't install it...
Yes, I sent an email to them about this, but the problem with that, is if the programmers were the type that would design their program for malicious purposes, they wouldn't admit it. I have not found that this company is particularly responsive, regardless of the nature of an enquiry, but since I have been using this program for a couple of years, I tend to doubt that the program is malicious. It's just that rather than have any suspicion, I would like to feel certain that it is safe.
My System SpecsSystem Spec
28 Feb 2012   #5

W7x64 Pro, SuSe 12.1/** W7 x64 Pro, XP MCE
 
 

Quote   Quote: Originally Posted by Jacee View Post
I don't use Comodo, but does it have a link to report what it found as a virus inside it's scanner program?
Yes, I did send it to them, but I'm more interested in a report to me, than to them.
My System SpecsSystem Spec
28 Feb 2012   #6

Windows 7 x64 Ultimate
 
 

I wasn't suggesting that the programmers themselves did it on purpose, but it's possible that they unknowingly have an infected build machine OR it may be that by pure accident this compile triggers the signature detection.

In both cases there may be something they can do to fix it. Like I said, it happened to me at an old company and we were notified and we fixed the problem and issued an update. (Though I admit that I seem to work for the only companies in the universe that actually care when someone calls in with a problem).
My System SpecsSystem Spec
28 Feb 2012   #7

W7x64 Pro, SuSe 12.1/** W7 x64 Pro, XP MCE
 
 

Kharma or kismet?
My System SpecsSystem Spec
Reply

 Should "false" Positives Be Ignored?




Thread Tools



Similar help and support threads for2: Should "false" Positives Be Ignored?
Thread Forum
IE & Chrome: "__.exe contained a virus and was deleted." FALSE REPORT System Security
I hate false positives System Security
Solved GFWL Giving "False Positive" Error Message Gaming
Malwarebytes false positives? System Security
AllCritical IsPresent="false" in BackupSpecs.xml Backup and Restore
Cascading false positives. Security News
a-square false positives? System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 11:41 AM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33