Author Topic: False Positive (Read 11162 times)

BKKKPewsey · « **Reply #15 on:** December 16, 2009, 11:11:49 PM »

As the original poster I would like to thank the Avast team for their quick response, and for all those that complain do you use windows? trying dealing with Micros*$t

spg SCOTT · « **Reply #16 on:** December 16, 2009, 11:59:09 PM »

Quote from: BKKKPewsey on December 16, 2009, 05:11:43 PM

Further info for u guys file version for EBAP14.dll is V5.15.0.0 Hope that helps (printer only 1 month old)

Ahhh...That would explain the difference in scanning...my version is 5.11.0.0

sublyme · « **Reply #17 on:** December 17, 2009, 12:25:06 AM »

Thanks so much for this thread! I had gotten the same threat message earlier when I powered up my laptop. It claimed 15 infected files when I know I had'nt downloaded of recieved any suspicious emails. It was only after I checked this post that I realized that all the files were associated with my epson all-in-one.

I'm not all that computer savvy, so I have just left these files in the virus chest for now. When the fix is done, is there a way to restore them from the chest? I hardly use the printer right now, but is the fact that they are in the chest going to affect the programs functionality? I'm really clueless here, so any advise would be a great help.....

sublyme · « **Reply #18 on:** December 17, 2009, 12:35:14 AM »

Quote from: sublyme on December 17, 2009, 12:25:06 AM

Thanks so much for this thread! I had gotten the same threat message earlier when I powered up my laptop. It claimed 15 infected files when I know I had'nt downloaded of recieved any suspicious emails. It was only after I checked this post that I realized that all the files were associated with my epson all-in-one.

I'm not all that computer savvy, so I have just left these files in the virus chest for now. When the fix is done, is there a way to restore them from the chest? I hardly use the printer right now, but is the fact that they are in the chest going to affect the programs functionality? I'm really clueless here, so any advise would be a great help.....

additionally, a few of these files has also been flagged as Win32: Trojan-gen. They are also associated with my epson printer. Has anyone else had this happen?

DavidR · « **Reply #19 on:** December 17, 2009, 01:08:36 AM »

Ensure that you have the latest VPS update as there should have been a correction on these.

Scan the files in the Infected Files section of the Chest again and if they come up No Virus, then Right click on the file and select Restore. That sends the file back to the original location, a copy remains in the chest, confirm that the file original location and delete the copy in the chest.

ibell63 · « **Reply #20 on:** December 17, 2009, 06:56:45 AM »

Hi everyone, I just attempted to install the metasploit framework to do some vulnerability testing for a friend and avast! reported the installer as Win32:Malware-gen. I believe this to be a false positive. I used the report false positive box in the virus detected window to submit the file. Just to be safe, I decided not to run this file until the situation is sorted out. Unfortunately, this file is an archive which is 36 MB, so I can't send it to virus total.

Original file can be found here:

hxxp://www.metasploit.com/releases/framework-3.3.2.exe

In the meantime, I will try to decompress the archive in order to find the specific offending file.

Also, forgot to mention: my VPS version is: 091216-2

Milos · « **Reply #21 on:** December 17, 2009, 09:33:10 AM »

Quote from: ibell63 on December 17, 2009, 06:56:45 AM

Hi everyone, I just attempted to install the metasploit framework to do some vulnerability testing for a friend and avast! reported the installer as Win32:Malware-gen. I believe this to be a false positive. I used the report false positive box in the virus detected window to submit the file. Just to be safe, I decided not to run this file until the situation is sorted out. Unfortunately, this file is an archive which is 36 MB, so I can't send it to virus total.

Original file can be found here:

hxxp://www.metasploit.com/releases/framework-3.3.2.exe

In the meantime, I will try to decompress the archive in order to find the specific offending file.

Also, forgot to mention: my VPS version is: 091216-2

Hi,
metasploit contains a lot of unencrypted exploit/malware signatures so it is detected by avast!.

Milos

ibell63 · « **Reply #22 on:** December 17, 2009, 09:53:10 AM »

Ok thank you, my mistake. I don't know why I completely overlooked that fact in the first place, my mind isn't working properly today. Sorry for the inconvenience. I guess when I saw Win32:Malware-gen I immediately thought false positive, then I thought metasploit surely doesn't contain any malware that is intended to run on the attacker's machine. I figured the exploit code would have been obfuscated or encrypted somehow.

Milos · « **Reply #23 on:** December 17, 2009, 10:41:52 AM »

Your welcome.

Milos

Author Topic: False Positive (Read 11162 times)

BKKKPewsey

Re: False Positive

spg SCOTT

Re: False Positive

sublyme

Re: False Positive

sublyme

Re: False Positive

DavidR

Re: False Positive

ibell63

Re: False Positive

Milos

Re: False Positive

ibell63

Re: False Positive

Milos

Re: False Positive