Author Topic: Possible false positive (Read 2861 times)

Xanadu · « **on:** August 09, 2014, 12:36:11 AM »

I did a quick scan this evening and Avast! found four files that it said were infected with Win64:Dropper (DRP). They are all part of my beats audio system. All files in those folders have the same "last modified date" of 3/29/13. The four files are all alike - located in four places on the machine. Windows and the IDT folder. sstray64 is a legitimate file per research on the net. I know they can be changed with a virus but with 54 cleans on the virus total...false positive?

I uploaded to Virus Total and it says it is clean.
https://www.virustotal.com/en/file/5bb2e053da5f9e9d5b1142b450719d28896a731ed7e7033ca7496ca3974fc70a/analysis/1407535928/

This was not found the last time I scanned. No warnings from Avast on anything.
Windows 8.1.1.
Avast! 2014.9.0.2021

I don't want to obliterate my audio over a false positive. Can someone help please?

jefferson sant · « **Reply #1 on:** August 09, 2014, 12:44:52 AM »

I do not have to tell you if there is injection into the file
send the file to be analyzed virus@avast.com "False positive" in email subject.

compressed with Zip or RAR password "virus" or "infected"

use http://www.avast.com/contact-form.php, please.

or else send through the virus chest

http://www.avast.com/faq.php?article=AVKB21

Xanadu · « **Reply #2 on:** August 09, 2014, 01:29:33 AM »

The files are quarantined in the chest. I submitted through the virus chest. I submitted two - one from windows location and one from program files location.

jefferson sant · « **Reply #3 on:** August 09, 2014, 04:01:55 AM »

Quote from: Xanadu on August 09, 2014, 01:29:33 AM

The files are quarantined in the chest. I submitted through the virus chest. I submitted two - one from windows location and one from program files location.

OK
wait for the next update.

Para-Noid · « **Reply #4 on:** August 09, 2014, 04:20:14 AM »

Quote from: Xanadu on August 09, 2014, 01:29:33 AM

The files are quarantined in the chest. I submitted through the virus chest. I submitted two - one from windows location and one from program files location.

Once in the chest they can sit there without causing any damage.
My suggestion is to leave them be for a week or two. Then open the
chest and "right click" an re-scan right from the chest. If they then
come out clean "right click" and restore to their original place.

You may find this might help http://www.avast.com/en-us/faq.php?article=AVKB21#artTitle

Xanadu · « **Reply #5 on:** August 09, 2014, 04:42:35 AM »

Ok. Thank you for the additional information. I was just wondering how long to wait to recheck them. Thank you!
I appreciate the help you guys give.

Xanadu · « **Reply #6 on:** August 09, 2014, 08:08:14 PM »

I waited for a couple updates and then decided to rescan within the virus chest. They now all scan as "no virus". So this was a false positive correct and it is safe to restore these files?

Asyn · « **Reply #7 on:** August 09, 2014, 08:09:17 PM »

Quote from: Xanadu on August 09, 2014, 08:08:14 PM

So this was a false positive correct and it is safe to restore these files?

Yes.

Xanadu · « **Reply #8 on:** August 09, 2014, 08:19:28 PM »

Thanks! You guys rock!

Asyn · « **Reply #9 on:** August 09, 2014, 08:24:31 PM »

You're welcome.

Author Topic: Possible false positive (Read 2861 times)

Xanadu

Possible false positive

jefferson sant

Re: Possible false positive

Xanadu

Re: Possible false positive

jefferson sant

Re: Possible false positive

Para-Noid

Re: Possible false positive

Xanadu

Re: Possible false positive

Xanadu

Re: Possible false positive

Asyn

Re: Possible false positive

Xanadu

Re: Possible false positive

Asyn

Re: Possible false positive