Author Topic: False positive Win32:Doomber-C [Wrm] for Psinfo.exe  (Read 10102 times)

0 Members and 1 Guest are viewing this topic.

Osc

  • Guest
False positive Win32:Doomber-C [Wrm] for Psinfo.exe
« on: January 13, 2006, 05:36:44 PM »
VPS version 0602-3, 2006-01-13 detects psinfo.exe (available from http://www.sysinternals.com/Utilities/PsInfo.html) as Win32:Doomber-C [Wrm] . This is incorrect.

avast home edition
build dec2005 (4.6.744)
toolkit version 1.9.4.0
activeskin version 4.2.7.3
vps compilation date 2006-01-13
version 0602-3


Online DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 87637
  • No support PMs thanks
Re: False positive Win32:Doomber-C [Wrm] for Psinfo.exe
« Reply #1 on: January 13, 2006, 08:37:36 PM »
If you are getting a virus warning that you believe is a false positive, then if you can zip and password protect ('virus', will do) the suspect file and send it to virus @ avast.com (no spaces).

Give a brief outline of the problem (possibly a link to this thread), the fact that you believe it to be a either a new, undetected virus or false positive and include the password in the body of the email. Some info on the avast version and VPS number (see about avast {right click avast icon}) will also help.

You could also check the offending/suspect file at: Jotti - Multi engine on-line virus scanner if any other scanners here detect them it is less likely to be a false positive. You can't do this with the file in the chest, you will need to move it out.
Or VirusTotal - Multi engine on-line virus scanner

If it is indeed a false positive, add it to the exclusions lists and check scan it periodically using the ashQuick scan (right click scan), when it is no longer detected then remove it from the exclusions.
Also see (Mini Sticky) False Positives
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 23.4.6062 (build 23.4.8118.762) UI 1.0.762/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Osc

  • Guest
Re: False positive Win32:Doomber-C [Wrm] for Psinfo.exe
« Reply #2 on: January 14, 2006, 12:31:22 AM »
perfect, thanks.

that "mini sticky" should be a real Sticky.  =]


Online DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 87637
  • No support PMs thanks
Re: False positive Win32:Doomber-C [Wrm] for Psinfo.exe
« Reply #3 on: January 14, 2006, 01:36:00 AM »
No problem, welcome to the forums.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 23.4.6062 (build 23.4.8118.762) UI 1.0.762/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67203
The best things in life are free.

WDGC

  • Guest
Re: False positive Win32:Doomber-C [Wrm] for Psinfo.exe
« Reply #5 on: January 14, 2006, 10:39:13 AM »
If it is indeed a false positive, add it to the exclusions lists and check scan it periodically using the ashQuick scan (right click scan), when it is no longer detected then remove it from the exclusions.
Also see (Mini Sticky) False Positives

I too get the Win32:Doomber-C [Wrm] detection for psinfo.exe

http://forum.avast.com/index.php?action=display;topic=18657.0

and so followed the "Mini Sticky" directions to exclude the file from scans.

However when I run a standard scan the file is still detected. Is there something else I need do to exclude the file?

.


Offline XMAS

  • Avast translator
  • Super Poster
  • ***
  • Posts: 1211
  • Santa is watching you ;)
    • avast! in Bulgarian
Re: False positive Win32:Doomber-C [Wrm] for Psinfo.exe
« Reply #6 on: January 14, 2006, 10:57:50 AM »
The problem seems to be fixed with the latest VPS update(0602-4) ;)
You've Got To Get Close To The Flame To See What It's Made Of...

WDGC

  • Guest
Re: False positive Win32:Doomber-C [Wrm] for Psinfo.exe
« Reply #7 on: January 14, 2006, 01:05:35 PM »
So it is. Avast should be commended for attending to the matter so speedily.

.

pmi

  • Guest
Re: False positive Win32:Doomber-C [Wrm] for Psinfo.exe
« Reply #8 on: January 15, 2006, 10:13:31 AM »
I also got a false positive with w32:doomber-c on WOL.EXE (Wake on Lan utility) with vps 0602-3. This software has been on my machine for months.

This also seems to have been fixed with the later VPS (0603-0) - I wasn't online to update to 0602-4 so can't confirm if this was fixed in that version.