Author Topic: Please tell me if this is malware or a fp (Read 2740 times)

robinb · « **on:** October 27, 2010, 04:59:41 PM »

it is in c:\i386\ternsvr.dll
Avast has it in the virus chest

I sent it to analysis to Avast (his is in the free version)

but i have not received a reply as of yet so can someone please tell me?

thanks
robin

DavidR · « **Reply #1 on:** October 27, 2010, 05:11:41 PM »

You will not normally receive a reply unless they need more information. Periodically scan it within the chest to see if it is still detected or no longer detected (when it can be restored), that will give you an indication of the result of any analysis.

Why did you send it to avast for analysis ?
If you felt it might be an FP, then you can confirm first:
You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here the URL in the Address bar of the VT results page. You can't do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.

Create a folder called Suspect in the C:\ drive. Now exclude that folder in the File System Shield, Expert Settings, Exclusions, Add, type (or copy and paste) C:\Suspect\*
That will stop the File System Shield scanning any file you put in that folder.

If only GData and avast detect it - GData uses avast as one of its two scanners so counts as 1 detection and almost certainly an FP.

robinb · « **Reply #2 on:** October 27, 2010, 07:06:46 PM »

Avast must have issued an update because 3 hours after i sent the file -avast popped up with an update and i took your advice and scanned just that file in the virus vault and now it is clean

thanks David

robin

robinb · « **Reply #3 on:** October 27, 2010, 07:08:26 PM »

oh btw if you delete it out of the virus vault does this permanently delete the file? Once i checked if it was clean i restored it back but if i delete it out of the virus vault will it delete the file from its original folder?

robin

Pondus · « **Reply #4 on:** October 27, 2010, 07:18:46 PM »

when you restore, there will remain a copy in the chest......wait a week before you delete it, just in case....

DavidR · « **Reply #5 on:** October 27, 2010, 08:34:46 PM »

Quote from: robinb on October 27, 2010, 07:08:26 PM

oh btw if you delete it out of the virus vault does this permanently delete the file? Once i checked if it was clean i restored it back but if i delete it out of the virus vault will it delete the file from its original folder?

robin

A copy remains in the chest when you restore, which is a good policy in case there is a problem in actually transferring the file. Personally I would confirm that the file is back in the original location and then remove it from the chest. Though there is no rush to do this.

robinb · « **Reply #6 on:** October 28, 2010, 12:44:18 AM »

i did confirm that it is back there where it belongs, i was just afraid if i deleted it from the chest it would delete the original file, but now that i know that doesn't happen i will give it a few days then delete this.

It would be nice if there was a check mark next to the file to show you it went back so you do not accidentally delete it. Now there is no way to figure this out unless you do a search of the file and see if it is back where it belongs.
thanks for the quick response

robin

Author Topic: Please tell me if this is malware or a fp (Read 2740 times)

robinb

Please tell me if this is malware or a fp

DavidR

Re: Please tell me if this is malware or a fp

robinb

Re: Please tell me if this is malware or a fp

robinb

Re: Please tell me if this is malware or a fp

Pondus

Re: Please tell me if this is malware or a fp

DavidR

Re: Please tell me if this is malware or a fp

robinb

Re: Please tell me if this is malware or a fp