Author Topic: False positive with executable opti.exe ? (Read 2759 times)

alaing · « **on:** October 19, 2015, 04:07:35 PM »

I am new here, so "Hello" to all.

I have just downloaded a program (opti.exe) from the following site :
http://energie.wallonie.be/fr/opti-maisons-version-4.html?IDC=8957&IDD=62441
The download link is at the bottom of the page (OPTI-maisons Version 4).

Avast reports a threat, that is also confirmed by the online scanner Virustotal (https://www.virustotal.com/).
The VirusTotal analysis reports that only 8 out of 56 virus scanners detect a threat.

So, is it a false positive from Avast ?

Thank you for your help.

Alain

Be Secure · « **Reply #1 on:** October 19, 2015, 04:13:07 PM »

Pls put the VT Link here

alaing · « **Reply #2 on:** October 19, 2015, 04:15:57 PM »

Thanks for your attention.
Here is the link :
https://www.virustotal.com/fr/file/315fc211a43cca24991981369d83cd8844d0b6b6fdb3b85b704f4b105c4bf5fb/analysis/

Alain

Be Secure · « **Reply #3 on:** October 19, 2015, 04:18:18 PM »

It is look like a genuine threat

alaing · « **Reply #4 on:** October 19, 2015, 04:24:09 PM »

Please find attached the Avast report. But nothing more than what VirusTotal report says....

Alain

Be Secure · « **Reply #5 on:** October 19, 2015, 04:29:49 PM »

Hey r you running a old version of avast?Pls update it to new one from here:https://forum.avast.com/index.php?topic=176600.0 to get support and more protection :)old version of avast support is ended.Post required logs here:https://forum.avast.com/index.php?topic=53253.0

alaing · « **Reply #6 on:** October 19, 2015, 04:50:17 PM »

I have on old version of Avast but still get the latest engine and virus definition files.
Moreover, VirusTotal certainly uses the latest version of Avast to generate its report.
So I am afraid updating Avast on my side will not help in any way about this false positive...

Alain

Pondus · « **Reply #7 on:** October 19, 2015, 05:15:36 PM »

file is new at VT First submission 2015-10-14 07:50:46 UTC ( 5 days, 7 hours ago )
and detected by avast with a generic signature, so yes probably a FP

polonus · « **Reply #8 on:** October 19, 2015, 05:25:11 PM »

I see nothing on the link scan you forwarded: http://urlquery.net/report.php?id=1445267969264
but I hope you have a good ad-script blocker to block links like
* uMatrix has prevented the following page from loading:
-http://s7.addthis.com/ and
* uMatrix has prevented the following page from loading:
-http://g.symcd.com/
See why, here: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fenergie.wallonie.be%2Ffr%2Fopti-maisons-version-4.html%3FIDC%3D8957%26IDD%3D62441
But apart from that obvious adware, I do not see real malcode there.

polonus (volunteer website security analyst and website error-hunter)

Author Topic: False positive with executable opti.exe ? (Read 2759 times)

alaing

False positive with executable opti.exe ?

Be Secure

Re: False positive with executable opti.exe ?

alaing

Re: False positive with executable opti.exe ?

Be Secure

Re: False positive with executable opti.exe ?

alaing

Re: False positive with executable opti.exe ?

Be Secure

Re: False positive with executable opti.exe ?

alaing

Re: False positive with executable opti.exe ?

Pondus

Re: False positive with executable opti.exe ?

polonus

Re: False positive with executable opti.exe ?