Author Topic: False positive: ImageShrink.exe (Read 11379 times)

saanvi · « **on:** December 29, 2011, 02:45:26 AM »

Hi anybody. I renamed .exe into .log and attached it. This simple utility has no rootkits; I've used it on my site and visitors reporting that it contains a rootkit (when file checking by Avast! web shield).

Coolmario88 · « **Reply #1 on:** December 29, 2011, 02:56:49 AM »

The log is giving me a popup when i try to look at it.. an avast popup (see pic)

saanvi · « **Reply #2 on:** December 29, 2011, 03:00:17 AM »

Quote from: Coolmario88cp on December 29, 2011, 02:56:49 AM

The log is giving me a popup when i try to look at it.. an avast popup (see pic)

There is no rootkit in this file - I've told that it's a false positive.

true indian · « **Reply #3 on:** December 29, 2011, 06:15:37 AM »

i have sent the sample as a FP to avast virus lab..lets see

saanvi · « **Reply #4 on:** December 29, 2011, 06:18:30 AM »

Quote from: true indian on December 29, 2011, 06:15:37 AM

i have sent the sample as a FP to avast virus lab..lets see

Thanks, I just did it too.

true indian · « **Reply #5 on:** December 29, 2011, 06:20:45 AM »

can u upload the file here:

www.virustotal.com

and post the link to results here please.

Coolmario88 · « **Reply #6 on:** December 29, 2011, 06:24:47 AM »

I have downloaded the file.. I uploaded it.
http://www.virustotal.com/file-scan/report.html?id=81ae16f063cedad86fe2f63732dbd29e7764a58a6b4ba5d8fe523c9bb9124e1b-1325135834

the MD5 for virus total is: 65bf5ca5d39fbf509139cbd529644c8e (Just incase the link doesn't work)

Also the file is detected by 13/ 43 antiviruses.

true indian · « **Reply #7 on:** December 29, 2011, 06:27:39 AM »

interesting results..lets see what the avast virus lab has to say about this.

saanvi · « **Reply #8 on:** December 29, 2011, 06:32:07 AM »

Quote from: true indian on December 29, 2011, 06:20:45 AM

can u upload the file here:

www.virustotal.com

and post the link to results here please.

Here the results:

http://www.virustotal.com/file-scan/report.html?id=81ae16f063cedad86fe2f63732dbd29e7764a58a6b4ba5d8fe523c9bb9124e1b-1280262252

It's strange that Avast! didn't mark file as a suspicious. What "another" Avast! they have?

true indian · « **Reply #9 on:** December 29, 2011, 06:33:33 AM »

this seems to be a different file...did u upload the file that u gave us??

saanvi · « **Reply #10 on:** December 29, 2011, 06:34:11 AM »

Well, it's more and more interesting in comparing with Coolmario88cp results...

saanvi · « **Reply #11 on:** December 29, 2011, 06:34:55 AM »

Quote from: true indian on December 29, 2011, 06:33:33 AM

this seems to be a different file...did u upload the file that u gave us??

No, the file is the same - md5 signature shows it. Just renamed extension.

true indian · « **Reply #12 on:** December 29, 2011, 06:35:30 AM »

can u attach the file in log format which u uploaded at VT

In that case avast catches it when it is in log format and not in exe format??

Coolmario88 · « **Reply #13 on:** December 29, 2011, 06:36:16 AM »

Quote from: SaAnVi on December 29, 2011, 06:34:55 AM

Quote from: true indian on December 29, 2011, 06:33:33 AM
this seems to be a different file...did u upload the file that u gave us??
No, the file is the same - md5 signature shows it. Just renamed extension.

Strange.. I didn't rename the file at all.

true indian · « **Reply #14 on:** December 29, 2011, 06:37:20 AM »

Quote from: true indian on December 29, 2011, 06:35:30 AM

In that case avast catches it when it is in log format and not in exe format??

there seems to be something fishy...

Author Topic: False positive: ImageShrink.exe (Read 11379 times)

saanvi

False positive: ImageShrink.exe

Coolmario88

Re: False positive: ImageShrink.exe

saanvi

Re: False positive: ImageShrink.exe

true indian

Re: False positive: ImageShrink.exe

saanvi

Re: False positive: ImageShrink.exe

true indian

Re: False positive: ImageShrink.exe

Coolmario88

Re: False positive: ImageShrink.exe

true indian

Re: False positive: ImageShrink.exe

saanvi

Re: False positive: ImageShrink.exe

true indian

Re: False positive: ImageShrink.exe

saanvi

Re: False positive: ImageShrink.exe

saanvi

Re: False positive: ImageShrink.exe

true indian

Re: False positive: ImageShrink.exe

Coolmario88

Re: False positive: ImageShrink.exe

true indian

Re: False positive: ImageShrink.exe