Sign in to follow this  
cvn72lincoln

False positive

Recommended Posts

Hi cvn72lincoln, welcome to the forum

Please do not post neither files nor links in question

Neither developers no users will install the Software in order to define whether it is False Positive (FP) or not.

Pleas always save report so you can attach it or excerpt from it

Submit the flagged entries from the detection list to EMSI developers for analysis

Ask is you have questions about the procedure.

Please read the similar requests in the forum

My regards

p.s. when posting provide info about your System Environment as in Forum Posting Rules #2)

You are welcome to read other Stickies at the beginning of each section

Share this post


Link to post
Share on other sites

Hi cvn72lincoln, thanks for reply

Please submit the file as it was suggested above that could be FP, but only developers can tell

You are using localized system so not all can read the line like this ;)

...对象: C:\Program Files\HaoZip\sfx\HaoZip7zSetup.sfx
扫描文件: 开

Do not rush to quarantine or delete the file.

Rescan after several subsequent updates

My regards

Share this post


Link to post
Share on other sites
...I can confirm that is FP after submitting to virustotal...
Hi Ray,

Well I wouldn't say that that anything can be confirmed ever 100% just by submitting & looking into Virustotal or any on-line scanning site the code resides on your computer has to be analised if you are not sure

Yes, it could be FP and probably – most likely … but ...if you search for “haozip” or “HaoZip7zSetup.sfx” - you can find the following:

http://www.threatexpert.com/report.aspx?md5=7c15adc7530ff41727ab74f7fe64da80

http://www.threatexpert.com/report.aspx?md5=e850a43cb5f411a5972b33be98cf81f4

Cheers!

hello cvn72lincoln,

Please switch language to english and produce log again...

Share this post


Link to post
Share on other sites

I have the same exprience that A2 have false positive on WinRar component.This is the same thing.

There are tons of FP reprot on WinRar recently:kapersky,Bitdefender,Avira...

I did a search in the local forum,some one already upload winrar installer to virustotal and interestingly found the report:

http://www.virustotal.com/analisis/0b7579cf81b5741b871777cdd4d9e48f4da24d6e15021f93a0355f18c84c91c0-1253561535

25 over 41 scanner falsely detected it.

And noticing that haozip was sent to theatexpert on 14 February 2010.Detected by KAV as Trojan-Dropper.Win32.StartPage.em and now summit it virustoal again-not detected by KAV anymore:

http://www.virustotal.com/analisis/eb642a8f3180ca57474edc33b397530a9ecac2b708107a9c0df6bcb4b5a16d5e-1268388705

Share this post


Link to post
Share on other sites

No - that is for the "new Malware" that a-squared did not recognize, but flagged by other security or you just suspecting it yourself

As it was mentioned submit from the detection list.

Highlight the item ; Right-Click and choose "Submit as false alert" option

My regards

Share this post


Link to post
Share on other sites
I'm afraid this method doesn't work.

I have tried this method to submit different FPs for several months,every time it always says server error.See the picture.

Well, that happens sometimes but please clarify whether you were submitting from the detection list and/or from the Quarantine having Chinese language set.

Have you tried submitting after changing to English?

In any case since you are having this problem currently, you can use "old fashion" method.

Send the file(s) by e-mail to EMSI [email protected]

Before submitting, create a password protected archive (ZIP or RAR) containing the file(s). Make sure the main body of the email contains the password for the compressed archive.

In case you will use e-mail you can attach the report as well

My regards

  • Upvote 1

Share this post


Link to post
Share on other sites

I have changed to English language but the result is the same.It happens all the time when I want to send file to EMSI,but it dosen't matter,I will send the file by e-mail.

The "old fashion" method is very good,I think it can work,thanks.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.