Author Topic: FALSE POSITIVE on Multimedia Builder 4.9.7's compressed files  (Read 5239 times)

0 Members and 1 Guest are viewing this topic.

belalessandro

  • Guest
FALSE POSITIVE on Multimedia Builder 4.9.7's compressed files
« on: September 02, 2007, 12:37:29 PM »
Avast! Antivirus reports a False Positive alarm (It says Win32:Bifrose-AGY [Trj]) with files created by Multimedia Builder 4.9.7, which are compressed with the UPX packer.
The definitions are the latest: 1.9.2007 - 0771-0

The problem was also reported by the software house of MMB:
http://mmb.mediachance.com/virus.htm

I hope this false positive alarm will be fixed as soon as possible..

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89230
  • No support PMs thanks
Re: FALSE POSITIVE on Multimedia Builder 4.9.7's compressed files
« Reply #1 on: September 02, 2007, 02:47:06 PM »
You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner I feel virustotal is the better option as it uses the windows version of avast (more packers supported) and there are currently 30 different scanners.
Or Jotti - Multi engine on-line virus scanner if any other scanners here detect them it is less likely to be a false positive. Whichever scanner you use, you can't do this with the file in the chest, you will need to move it out.

If it is indeed a false positive, add it to the exclusions lists (Standard Shield, Customize, Advanced, Add and Program Settings, Exclusions) and Restore it to its original location, periodically check it (scan it in the chest), there should still be a copy in the chest even though you restored it to the original location. When it is no longer detected then you can also remove it from the Standard Shield and Program Settings, exclusions.
Also see False Positives, how to report it to avast! and what to do to exclude them until the problem is corrected.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.4.6112 (build 24.4.9067.762) UI 1.0.803/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

belalessandro

  • Guest
Re: FALSE POSITIVE on Multimedia Builder 4.9.7's compressed files
« Reply #2 on: September 02, 2007, 02:47:19 PM »
I've already sent a mail to virus@avast.com..
However this is the scan with Online malware scan of an exe file created with MMB:

Scan taken on 02 Sep 2007 12:22:49 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found Win32:Bifrose-AGY
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Rising Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89230
  • No support PMs thanks
Re: FALSE POSITIVE on Multimedia Builder 4.9.7's compressed files
« Reply #3 on: September 02, 2007, 02:57:59 PM »
They are usually quick to correct these after submission of the sample.

In the meantime you can exclude the file form scans.

Welcome to the forums.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.4.6112 (build 24.4.9067.762) UI 1.0.803/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

belalessandro

  • Guest
Re: FALSE POSITIVE on Multimedia Builder 4.9.7's compressed files
« Reply #4 on: September 02, 2007, 03:00:20 PM »
Here another scan report:

File FalsePositive.exe ricevuto il 2007.09.02 14:18:32 (CET)

AntivirusVersionLast UpdateResult
AhnLab-V32007.9.1.02007.09.01-
AntiVir7.4.1.662007.09.01-
Authentium4.93.82007.09.02-
Avast4.7.1029.02007.09.01Win32:Bifrose-AGY
AVG7.5.0.4842007.09.01-
BitDefender7.22007.09.02-
CAT-QuickHeal9.002007.09.01-
ClamAV0.91.22007.09.02-
DrWeb4.332007.09.02-
eSafe7.0.15.02007.09.02suspicious Trojan/Worm
eTrust-Vet31.1.51002007.08.31-
Ewido4.02007.09.02-
FileAdvisor12007.09.02-
Fortinet3.11.0.02007.09.02-
F-Prot4.3.2.482007.09.02-
F-Secure6.70.13030.02007.09.02-
IkarusT3.1.1.122007.09.02Virus.Win32.Bifrose.AGY
Kaspersky4.0.2.242007.09.02-
McAfee51102007.08.31-
Microsoft1.28032007.09.02-
NOD32v224972007.09.01-
Norman5.80.022007.09.02-
Panda9.0.0.42007.09.01-
Prevx1V22007.09.02-
Rising19.38.62.002007.09.02-
Sophos4.21.02007.09.02-
Sunbelt2.2.907.02007.08.31-
Symantec102007.09.02-
TheHacker6.1.9.1752007.08.31-
VBA323.12.2.32007.09.01-
VirusBuster4.3.26:92007.09.02-
Webwasher-Gateway6.0.12007.09.01Win32.ModifiedUPX.gen!90 (suspicious)

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89230
  • No support PMs thanks
Re: FALSE POSITIVE on Multimedia Builder 4.9.7's compressed files
« Reply #5 on: September 02, 2007, 04:23:56 PM »
The second one I assume is VirusTotal, which is the better of the two as it uses the windows version of avast and includes more packers.

However it still may be an FP as two detections are suspicious, and could be down to heuristics, so I think it was still wise to submit the sample as you did.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.4.6112 (build 24.4.9067.762) UI 1.0.803/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

belalessandro

  • Guest
Re: FALSE POSITIVE on Multimedia Builder 4.9.7's compressed files
« Reply #6 on: September 03, 2007, 02:16:55 PM »
WOW! Very quick! Thanks a lot!

Scan taken on 03 Sep 2007 10:10:33 (GMT)
A-Squared     Found nothing
AntiVir    Found nothing
ArcaVir    Found nothing
Avast    Found nothing
AVG Antivirus    Found nothing
BitDefender    Found nothing
ClamAV    Found nothing
CPsecure    Found nothing
Dr.Web    Found nothing
F-Prot Antivirus    Found nothing
F-Secure Anti-Virus    Found nothing
Fortinet    Found nothing
Kaspersky Anti-Virus    Found nothing
NOD32    Found nothing
Norman Virus Control    Found nothing
Panda Antivirus    Found nothing
Rising Antivirus    Found nothing
Sophos Antivirus    Found nothing
VirusBuster    Found nothing
VBA32    Found nothing

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89230
  • No support PMs thanks
Re: FALSE POSITIVE on Multimedia Builder 4.9.7's compressed files
« Reply #7 on: September 03, 2007, 03:31:32 PM »
As I said they are generally very quick to correct an FP after analysis.

Thanks for the feed back, glad that the problem is resolved.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.4.6112 (build 24.4.9067.762) UI 1.0.803/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security