Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: VirusTotal getting annoying cause of FPs

03 Nov 2014   #11
Callender

Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
 
 
Re: Your questions

Your original browser questions - I don't know how to exclude scan engines from VT but I certainly didn't see any browser window opening but then there were no detections!

I guess the answer is to drop the -r switch and output to text file.


My System SpecsSystem Spec
.
03 Nov 2014   #12
Tookeri

Windows 7 Pro 32
 
 

Oh, maybe drivers were clean and all FP's were in system32. That's probably how it was, hard to remember when browser windows were popping up all the time. I spent more time closing them than actually read their content Well, I can only say that having each report opened in a browser is a terrible idea if there are many FP's.

If you want you can just check nslookup.exe and wscript.exe in system32. There were so many so I can't remember them all

Browser reports are only opened when you use parameter -vr for sigcheck.exe Don't know if the GUI app has similar functionality.
My System SpecsSystem Spec
03 Nov 2014   #13
Callender

Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
 
 
SigCheckGUI results

That's funny - they both show up zero detections.

VirusTotal getting annoying cause of FPs-sigcheckgui-results.jpg


My System SpecsSystem Spec
.

03 Nov 2014   #14
Tookeri

Windows 7 Pro 32
 
 

I did a re-check, you're correct, they're clean now! Well, at least nice to see that AegisLab could fix their FPs quickly. I'm sure they got massive reports when they started detecting lots of files wrongly.

I still don't like these questionable AVs and can't understand why VirusTotal would include them in the first place
My System SpecsSystem Spec
03 Nov 2014   #15
oneeyed

Windows 8
 
 

Quote   Quote: Originally Posted by Tookeri View Post
I still don't like these questionable AVs and can't understand why VirusTotal would include them in the first place
Never heard of them before using VT either but I think they are experimental or outliers. Maybe they even use overly aggressive heuristics by default which usually isn't the case in other AVs. They "might" pick up things that regular AVs miss. Of course you'll get more FPs this way too.

This might be bad, or rather inconvenient, for end-users but for the other AVs, it's a great way to get warned of any new malware that bypassed their cautious engines. After all, they don't participate in VT for charity, they do get benefits from it too.

There was a recent article on how malware creators use VT to check what they build, and when they get a "safe" on all major AVs, they start distributing them. So including very aggressive AVs on VT is a good way to make sure everyone get alerted fast when that happens.

Quote:
There was no definitive pattern to the kinds of changes that reduced the detection rate. Although all of the samples Dixon tracked got detected by one or more antivirus engine, those with low detection rates were often found only by the more obscure engines that are not in popular use.
Source : A Google Site Meant to Protect You Is Helping Hackers Attack You | WIRED
My System SpecsSystem Spec
03 Nov 2014   #16
Tookeri

Windows 7 Pro 32
 
 

Yes that's true. I think I've read somewhere that when an AV detects something on VT it's reported to all other AVs as well, but maybe that was what you meant.

I noticed something interesting, the version info. If that's the version of the AV software it might reveal the ones that haven't been available that long.
VirusTotal getting annoying cause of FPs-avversions.png

Interesting you mentioned that article. When I first heard about it I thought can't VT keep track of these files that are only slightly modified and rescanned several times? I mean they do it until the file is clean. Rescanning a file that previously had detections and suddenly is clean, maybe even without updated definitions from all AVs. They can't track with hashes of course but there must be other ways to track the content.


My System SpecsSystem Spec
03 Nov 2014   #17
Tookeri

Windows 7 Pro 32
 
 

Quote   Quote: Originally Posted by oneeyed View Post
Quote:
There was no definitive pattern to the kinds of changes that reduced the detection rate. Although all of the samples Dixon tracked got detected by one or more antivirus engine, those with low detection rates were often found only by the more obscure engines that are not in popular use.
Source : A Google Site Meant to Protect You Is Helping Hackers Attack You | WIRED
I get it, they're not all bad
My System SpecsSystem Spec
03 Nov 2014   #18
Tookeri

Windows 7 Pro 32
 
 

This is funny: (from that same article)

"They made it particularly easy to track their code in the wild because even the emails and attachments they used in their phishing campaigns got tested on VirusTotal. More surprising, they even uploaded files they’d stolen from victims’s machines. Dixon found calendar documents and attachments taken from some of the group’s Tibetan victims uploaded to VirusTotal. He thinks, ironically, that the hackers may have been testing the files to see if they were infected before opening them on their own machines."
My System SpecsSystem Spec
04 Nov 2014   #19
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

See if Jotti's is any better Jotti's malware scan
My System SpecsSystem Spec
04 Nov 2014   #20
oneeyed

Windows 8
 
 

@Tookeri

Yes the article had funny parts. If you imagined all these hackers were pros/geniuses with a deep understanding of computers/security, then it's a letdown.
From what I gathered in the article, most of these groups don't create anything new, they just modify already existing malware until they can bypass AV checks.
My System SpecsSystem Spec
Reply

 VirusTotal getting annoying cause of FPs




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
AdwCleaner bad VirusTotal result 4/55
AdwCleaner has been recommended from several quarters. I have downloaded "adwcleaner_3.308.exe" from the author ... https://toolslib.net/downloads/viewdownload/1-adwcleaner/ But scans by VirusTotal and Metascan return negative results VirusTotal - fresh scan 31-Aug-2014...
System Security
VirusTotal Uploader
VirusTotal Uploader VirusTotal Uploader (VTup) adds an Explorer context menu that allows you to right click on a file detected as suspicious by any malware scanner or Anti-Virus (AV) application and send it to VirusTotal (VT) for further analysis. . 1. Read the VTup online documentation. ...
Tutorials
VirusTotal: When is it a false positive, when is it new malware?
Hi everyone. Perhaps this is a stupid question, but I'm rather curious if there is any way to confirm that something is a false positive when it comes to malware scans? Recently I've become interested in running a rather old program that's being support out-of-cycle by user generated updates....
System Security
VTzilla - The VirusTotal addon for Firefox
VirusTotal - Free Online Virus, Malware and URL Scanner - Browser Addons
Browsers & Mail
VTzilla-VirusTotal Firefox plugin
A really handy security addon.... read here in browser addons...VTzilla d/l from here P.S. it overlaps browser & security both...so posted here instead of browser section:p
System Security


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 03:59.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App