Question about Virus Total result

[theinvulnerable]

Sir i just want to ask this, when a file is uploaded to virus total then the result got only 4 out 41. Thus, is it false positive or not?

[Pondus]

It can be......or it can be a completly new virus......
What 4 was detecting it

[theinvulnerable]

It can be......or it can be a completly new virus......
What 4 was detecting it

eSafe-----------Win32.TrojanHorse
Symantec---------Reser.Reputation.1
Sophos----------Sus/VB-AY
McAfee+Artemis--------Artemis!B7004A8640FD

[-Genesis-]

Its only my opinion...

For me?

Its FP. Why?

Mostly these AV ive post are mostly the best AV. With good detection.

Avast, Kaspersky, Avira, Eset didnt detect it.

Only Symantec...

[Pondus]

Its FP. Why?

No virus program have 100% detection
No virus program have 100% no false positive

[Tarq57]

I would not trust that file on the information posted alone.
There isn't enough information to make a decision, and neither should you.
VT results are best treated as a good guide, current at the time you upload the file. If the file was new malware, it may not have any detections. Or it may be a FP that is detected as suspicious by many scanners.

It's just one part of a puzzle.

[-Genesis-]

Yep... Maybe its a new malware.

@Pondus..

Yeah no AV is perfect.

Its just my observation... 4 out of 40 AV's

And mostly the 3 Product detected it is more likely low AV's Detection Rate. Only Symantec seems good. Correct me if im wrong? Tnx!

[DavidR]

The main point is that the file requires more analysis and should be sent to avast.

The 4 detections all appear to be heuristic or generic, which are more prone to FP. That said there are still 4 detections so it is likely that they aren't all wrong, so we are back to it needing further investigation.

Unfortunately there has been nothing said about the file name and its location or any program association, e.g a component of a program that has been on your system for some time, etc.

So no one here can say one way or an other if this is an FP or not based on the information we have.

[theinvulnerable]

The main point is that the file requires more analysis and should be sent to avast.

The 4 detections all appear to be heuristic or generic, which are more prone to FP. That said there are still 4 detections so it is likely that they aren't all wrong, so we are back to it needing further investigation.

Unfortunately there has been nothing said about the file name and its location or any program association, e.g a component of a program that has been on your system for some time, etc.

So no one here can say one way or an other if this is an FP or not based on the information we have.

BTW how I send a file to avast for analysis if avast AV did not detect any virus or malware on it? Can you teach me how to do it? Thanks...

[coolsilver]

You can compress the file in a password protected zip file and send to virus(at)avast.com

Make sure you include the password to the file, such as "virus" or "password" in the email so the avast team can open it.

You may include other info such as what you provided here in the email.


Note: Some web email services may block the attachment if detected as virus with a normal zip file. If it still does not allow it, I have zipped the zip file again and password protected both with same password. Shouldn't have to do that.

[pete319]

Send the sample to virus (at) avast (dot) com zipped and password protected with the password in email body, a link to this topic might help and undetected malware in the subject.
 
Or send the sample to avast as a Undetected Malware:
Open the chest and right click in the Chest and Add, navigate to where you have the sample and add it to the chest (see image). Once in the chest, right click on the file and select 'Submit to virus lab...' complete the form and submit, the file will be uploaded during the next update.

The above is the help DavidR   ;)gave me about sending files to avast.
If you want to look at the thread see link below:
http://forum.avast.com/index.php?topic=55964.0