Author Topic: False POstive  (Read 6699 times)

0 Members and 1 Guest are viewing this topic.

HS2234

  • Guest
False POstive
« on: November 14, 2012, 10:48:51 PM »
Avast updated today and started blocking LoL
It said Xiff.dat or something.
I scanned with malwarebytes and it said 0 objects found

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37509
  • Not a avast user
Re: False POstive
« Reply #1 on: November 14, 2012, 10:57:46 PM »
Quote
It said Xiff.dat or something.
is that all the info you have  ::)
if you have not rebooted since it happend....right click avast tray icon and show last popup



upload suspicious file(s) to www.virustotal.com and test with 40+ malware scanners
« Last Edit: November 14, 2012, 11:03:58 PM by Pondus »

HS2234

  • Guest
Re: False POstive
« Reply #2 on: November 14, 2012, 11:28:49 PM »

Offline Arthur Gibraltar

  • Newbie
  • *
  • Posts: 12
Re: False POstive
« Reply #3 on: November 15, 2012, 12:58:59 AM »
     It happened to me, too, and I wanna play League of Legends, so I simply added Riot Games' folder to exceptions list of file scanning Module.

     Take a look at LoL's forum, and at this thread I posted how I repaired the error that happens after the detection: <http://na.leagueoflegends.com/board/showthread.php?p=31419020&posted=1#post31419020>.

     Maybe it's being used a old version of "Xiff.dat" that could be used as some kind of exploit by malicious software, or maybe it's a real False Positive. I believe in both cases, we can't be sure, but the thing is that I wanna play the game and I won't let avast! block it by now... ;cD

     And maybe later the game will update its files to not be detected. Or not, making it being detected forever. The last case would not be very confortable. Anyway, it's an official and very used software, by Riot Games, and it's almost sure it's not a virus, but a False Positive.

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37509
  • Not a avast user
Re: False POstive
« Reply #4 on: November 15, 2012, 01:01:59 AM »
Quote
and it's almost sure it's not a virus, but a False Positive.
so...... upload to virustotal and test!

Duninn

  • Guest
Re: False POstive
« Reply #5 on: November 15, 2012, 01:16:13 AM »
Just wanted to say I got th same thing during a boottime scan, and I was worried as hell (Supposed to be working on a paper). But if your not the only one, then maybe a false positive.

Also a bad idea to run a scan while windows installs updates.......


O and the issue was an Agent-AO, but same for others here it seems


Duninn

  • Guest
Re: False POstive
« Reply #7 on: November 15, 2012, 02:08:47 AM »
so what does it all mean lol?

Offline Arthur Gibraltar

  • Newbie
  • *
  • Posts: 12
Re: False POstive
« Reply #8 on: November 15, 2012, 02:27:33 AM »
     [I got to rewrite twice. Firstly because the captcha letters didn't match and all my message was erased. And then because the forum detected I had already sent the message. Annoying!! >.<]

     Thanks, HS2234, we needed that. Just avast! and G DATA detect as a problem.

     Well, the detection is not a huge problem to me 'cause I can add the folder to exceptions list. I can live with that. But it's really not confortable that avast! detects a virus on a program that I believe trustable (League of Legends, Riot Games) and does not detect as a PUP the file that appear in my computer without I know/perceive and runs on background, stealthy ("BetterInstaller.exe" ["Threat! - Betterinstaller.exe - free version doesn't detect?" <http://forum.avast.com/index.php?topic=93918.0>]).

     This situation is simply obfuscating the reliability I have on avast!...

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37509
  • Not a avast user
Re: False POstive
« Reply #9 on: November 15, 2012, 07:55:01 AM »
if it is not there already, move the file to avast chest (it will only be a copy when done manually)

then right click the file in chest, and upload the file to avast lab as a possible False Positive

you may add a link to this topic in case they reply


Moving files to chest
https://support.avast.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=1406#idt_03

Submitting files from chest to avast lab
https://support.avast.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=1406#idt_07







Offline Arthur Gibraltar

  • Newbie
  • *
  • Posts: 12
Re: False POstive
« Reply #10 on: November 15, 2012, 07:53:36 PM »
if it is not there already, move the file to avast chest (it will only be a copy when done manually)

then right click the file in chest, and upload the file to avast lab as a possible False Positive

you may add a link to this topic in case they reply


Moving files to chest
https://support.avast.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=1406#idt_03

Submitting files from chest to avast lab
https://support.avast.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=1406#idt_07








     I've already done that. Submitted upon detection. Didn't that get to the lab'? I mean, isn't any transference problem occuring? I sent it twice, I guess. Because it was detected twice and broke the game twice, so I had to repair both times. And I'm sending "BetterInstaller.exe" detected by other security softwares too, since June, I guess, but it never is detected as a trojan... :cO~~

     I'm sending again right now. Just sent.  :)

     EDIT:
     Oh, and here's the game's forum's topic, about the detection, if you want to take a look: <http://na.leagueoflegends.com/board/showthread.php?t=2799163>.
« Last Edit: November 15, 2012, 08:15:23 PM by Arthur Gibraltar »