Sign in to follow this  
Oz Assassin

False Positives on some files.

Recommended Posts

I have installed the Emsisoft Anti-Malware 5 a few days ago, did an update and ran a full scan. There were something in the results window which got my attention. Emsisoft identified a game called Bus Driver (which i got from www.busdrivergame.com) as a threat (it didn't say Trojan or anything, just TRACE.FILE.BUS DRIVER 1.0!A2, plus TRACE.DIRECTORY.BUS DRIVER 1.0!A2 and TRACE.REGISTRY.BUS DRIVER 1.0!A2 which point to installation directory of the game). I was terrified for a moment because I thought I have downloaded a malware embedded in the game, so I did a research and found out busdriver was a name given for kinds of malware which modify and control computer's bus (or something like that). Therefore it could be a false positive in Emsisoft since the game is clean itself (tested with other security scanners and found nothing!), maybe the program misunderstood the game's directory and path with other malwares'.

Another false positive is with Warcraft version switcher, a well known application for Warcraft's lovers and players. It switches between versions of Warcraft so players can update the game quickly but can also restore to previous versions so they can play with people with older versions, etc. This was being identified as TROJAN-BANKER.WIN32.BANKER!IK. I also did a research on this and found out that Warcraft version switcher has an executable named wvs.exe, there is also a Trojan with that name so I think that's why Ikarus engine thought this file is a trojan. I put this wvs.exe file to the test on VirusTotal and with several other security scanners on my computer just to be sure. The result came back as NEGATIVE. It's 100% clean (except on VirusTotal, Ikarus and A-squared flagged this file as TROJAN-BANKER.WIN32.BANKER!IK also).

I did submitted these false alert via the program and added them as white list also. Hopefully this will be improved.

Share this post


Link to post
Share on other sites

i would try to contact emsisoft about the program's flagging the "bus driver" files and folder.. to contact emsisoft about false-positives, you could use the email address [email protected] , or use the "customer center".. you probably should include data from the scan-log, showing what is being flagged..

Share this post


Link to post
Share on other sites

Well, Emsisoft is pretty good at finding false positives in my opinion, but failed to detect a malware embedded in dll files (I got Photoshop portable from my friend, and one of those files was infected with a dll malware. I needed that program but can't afford to buy a full suite and my laptop can't run the full suite anyway. Maybe I'll have to use Paint.NET portable as an alternative). But yeah, Norton Internet Security 2010 on my other computer (not this one with Emsisoft on) detected a virus in the dll file, therefore removed it. I will never use pirated software again lol.

Share this post


Link to post
Share on other sites

Hi Oz Assassin, welcome to the forum

1st, sure, when using pirated Software - you always has a chance to be infected

If you are stating that Emsisoft did not catch "something", that other security flagged as a malware - it would be appreciated if you will submit that, as it is described in #4 here

My regards

p.s.

1) If you want to know how many excellent Software you can use instead of Adobe Photoshop in addition to definitely well done Paint.NET & having practically if not all features, including free Photoshop compatible Plug-Ins, please create a thread in Offtopic & I (we) can post the links to the Software(s)

2) if you cannot afford to by full Emsisoft Anti-Malware Suite - leave the existing Software in place - it will go into Free Mode & you will have on-demand scanner with the best detection rate in the market anyway (no comparison to the Symantec's detection abilities)

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.