Author Topic: false positive  (Read 9345 times)

0 Members and 1 Guest are viewing this topic.

Offline MWassef

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1315
false positive
« on: February 28, 2004, 04:16:25 PM »
*
* avast! Report
* This file is generated automatically
*
* Task 'Simple user interface' used
* Started on Saturday, February 28, 2004 2:49:34 PM
* VPS: 0402-4, 02/28/2004
*

c:\WIN98SE\TEMP\JETF812.TMP [E] The process cannot access the file because (32)
c:\WIN98SE\TEMP\JETD81.TMP [E] The process cannot access the file because (32)
c:\WIN98SE\TEMP\JET9D1A.TMP [E] The process cannot access the file because (32)
[font=Verdana color= red]c:\WIN98SE\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-6f603a78-4a901267.zip\BlackBox.class [L] JS:ClassLoader-4 (0) [/font]
Infected files: 1
Total files: 4766
Total folders: 200
Total size: 457.5 M

*
* Task stopped: Saturday, February 28, 2004 5:00:47 PM
* Run-time was 2 hour(s), 11 minute(s), 13 second(s)
*
..

I already sent this file to virusataswDotcz..
MW

Offline MWassef

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1315
Re:false positive
« Reply #1 on: March 01, 2004, 03:36:09 PM »
any response?
MW

whocares

  • Guest
Re:false positive
« Reply #2 on: March 01, 2004, 04:03:08 PM »
Hi Mina,

a) if you sent the file in already, imho there's no response (or post) needed
b) how did you determine exactly that this would be a false positive ? ???

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11658
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re:false positive
« Reply #3 on: March 01, 2004, 04:26:42 PM »
this is a normal report. The java packages do contain the ClassLoaders...
If at first you don't succeed, then skydiving's not for you.

Offline MWassef

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1315
Re:false positive
« Reply #4 on: March 01, 2004, 04:37:39 PM »
how is that?  ::)
this is the 1st time that avast shows I am infected  ???
MW

whocares

  • Guest
Re:false positive
« Reply #5 on: March 01, 2004, 04:45:13 PM »
you were not infected..
your Browser (IE?) just downloaded a malicious java-package into your java-Cache

this is a first because you were baaaad!!  (I mean on a bad page) ;D ;D ;)

empty java-cache and secure your IE better..

whocares

  • Guest
Re:false positive
« Reply #6 on: March 01, 2004, 05:14:41 PM »

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9406
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re:false positive
« Reply #7 on: March 01, 2004, 05:36:05 PM »
Stop using IE :P Opera/Mozilla are the future ;)
Visit my webpage Angry Sheep Blog

Offline MWassef

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1315
Re:false positive
« Reply #8 on: March 01, 2004, 05:44:19 PM »
I see  :D :D :D
is it possible that I get infected by visiting some sites that may have some 'bad'   :-[ :-[ :-[  ads on it? (dll archives sites..etc)..
« Last Edit: March 01, 2004, 05:47:31 PM by minacross »
MW

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9406
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re:false positive
« Reply #9 on: March 01, 2004, 05:47:43 PM »
Correct,when you visit some "bad" page,nasty files download to browser cache and get executed. Usually Resident Shield blocks such activity.
Visit my webpage Angry Sheep Blog

Offline MWassef

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1315
Re:false positive
« Reply #10 on: March 01, 2004, 06:13:48 PM »

empty java-cache ..

how is that  ??? ??? ???
« Last Edit: March 01, 2004, 06:14:40 PM by minacross »
MW

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11658
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re:false positive
« Reply #11 on: March 01, 2004, 06:21:22 PM »
Infected is not a right word here, I'd say.

There are 'infected' files stored on your disk is much more appropriate. To be infected usually means that the virus is active, which is not the case here (far from that actually)
If at first you don't succeed, then skydiving's not for you.

Offline MWassef

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1315
Re:false positive
« Reply #12 on: March 01, 2004, 06:47:08 PM »
thanx Vlk   :)
good job avast  ;D
MW

Offline MWassef

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1315
Re:false positive
« Reply #13 on: March 01, 2004, 09:42:35 PM »
just for the info, only avast and antivir pe detected this trojan. 2 other big names missed it .
MW

Offline .: Mac :.

  • Avast Überevangelist
  • Ultra Poster
  • *****
  • Posts: 5093
Re:false positive
« Reply #14 on: March 02, 2004, 01:11:51 AM »
Quote
2 other big names missed it
was F-Secure one of those 2
"People who are really serious about software should make their own hardware." - Alan Kay