Author Topic: WZCNFLCT.EXE False Positive?  (Read 13631 times)

0 Members and 1 Guest are viewing this topic.

Epsi

  • Guest
Re: WZCNFLCT.EXE False Positive?
« Reply #15 on: February 27, 2011, 08:59:35 PM »
Same here. Running Avast 6.0.1000 on Windows 7 64bit and it just flaged

C:\Program Files (x86)\Common Files\microsoft shared\Database Replication\WZCNFLCT.EXE

as Win32:Malware-gen

Tested the files with TotalVirus and got 1/43, only GData flags it as Win32:Malware-gen

http://www.virustotal.com/file-scan/report.html?id=bf42d743efc3603c8887eed2cb85c8ca8c567bd7dc6c0936bc0f66f1dfc74fd5-1298836376

MAG

  • Guest
Re: WZCNFLCT.EXE False Positive?
« Reply #16 on: February 27, 2011, 09:04:02 PM »
Virustotal seems to be using out of date definitions for avast but up to date for Gdata, which probably explains the difference

jjavast

  • Guest
Re: WZCNFLCT.EXE False Positive?
« Reply #17 on: February 27, 2011, 09:06:22 PM »
I am thinking to Delete WZCNFLCT.EXE....

but I can't find if Win 7 Home really need it....


what do you think ?

MAG

  • Guest
Re: WZCNFLCT.EXE False Positive?
« Reply #18 on: February 27, 2011, 09:12:18 PM »
I am thinking to Delete WZCNFLCT.EXE....

but I can't find if Win 7 Home really need it....


what do you think ?

I would be inclined to do nothing until after the next avast definition update (or two or three).

Have you reported the file as a suspect fp via the chest report function?

Offline danny96

  • Malware Fighter
  • Advanced Poster
  • **
  • Posts: 668
  • No-malware!
Re: WZCNFLCT.EXE False Positive?
« Reply #19 on: February 27, 2011, 09:19:08 PM »
Just keep It in virus chest and after the next 1-3 VPS updates you should test It and when It will be reported as malware, delete It. When It will report that it's clean you will can restore file

And as @mag said you should send It to a lab using virus chest...
Real-time protection and Firewall: COMODO Internet Security 12.0.0.6810 -- Additional Protection: Web Of Trust, Ublock, NoScript, Malwarebytes Premium, Avast! Online Security, Hitman Pro -- OS: Windows 10

Bub12

  • Guest
Re: WZCNFLCT.EXE False Positive?
« Reply #20 on: February 27, 2011, 10:37:14 PM »
Hi again...I am the OP, so here's what VT has come up w/, as previously reported:

http://www.virustotal.com/file-scan/report.html?id=bf42d743efc3603c8887eed2cb85c8ca8c567bd7dc6c0936bc0f66f1dfc74fd5-1298840655

When I went in the chest to restore the file so that I could submit it to VT, I noticed another detection in the chest pertaining to system restore...see attached screen shot. Mind you, I haven't run any more Avast scans, yet there was a new detection. I did however run MBAM & SAS scans & they detected nothing. I also use hard & soft firewalls & also use some other network security features & practice extremely safe internet, so the chance that I picked up a bug are not likely!

FYI, I updated to the new version of Avast a couple of days ago & now suddenly I am experiencing problems. Comodo was blocking attempts by Avast to update, & I of course allowed all.

Would love it if Avast would verify these supposed FP's or can somehow confirm if in fact they are malicious in nature. According to Avast as listed on VT, the suspect file is clean. I am confused! 

jjavast

  • Guest
Re: WZCNFLCT.EXE False Positive?
« Reply #21 on: February 27, 2011, 10:41:15 PM »
Just keep It in virus chest and after the next 1-3 VPS updates you should test It and when It will be reported as malware, delete It. When It will report that it's clean you will can restore file

And as @mag said you should send It to a lab using virus chest...


I can't move it ( WZCNFLCT.EXE) to chest !

"acces denied"   ???

DBone

  • Guest
Re: WZCNFLCT.EXE False Positive?
« Reply #22 on: February 27, 2011, 10:42:11 PM »
Hi again...I am the OP, so here's what VT has come up w/, as previously reported:

http://www.virustotal.com/file-scan/report.html?id=bf42d743efc3603c8887eed2cb85c8ca8c567bd7dc6c0936bc0f66f1dfc74fd5-1298840655

When I went in the chest to restore the file so that I could submit it to VT, I noticed another detection in the chest pertaining to system restore...see attached screen shot. Mind you, I haven't run any more Avast scans, yet there was a new detection. I did however run MBAM & SAS scans & they detected nothing. I also use hard & soft firewalls & also use some other network security features & practice extremely safe internet, so the chance that I picked up a bug are not likely!

FYI, I updated to the new version of Avast a couple of days ago & now suddenly I am experiencing problems. Comodo was blocking attempts by Avast to update, & I of course allowed all.

Would love it if Avast would verify these supposed FP's or can somehow confirm if in fact they are malicious in nature. According to Avast as listed on VT, the suspect file is clean. I am confused! 



Have you changed any settings? Pup? Heuristics level?

Bub12

  • Guest
Re: WZCNFLCT.EXE False Positive?
« Reply #23 on: February 27, 2011, 10:44:38 PM »
Nope! Left them at default...

FYI..Avast just updated! Let's run another scan...stay tuned!

MAG

  • Guest
Re: WZCNFLCT.EXE False Positive?
« Reply #24 on: February 27, 2011, 10:46:54 PM »
Nope! Left them at default...

FYI..Avast just updated! Let's run another scan...stay tuned!
Just right click scan it in the chest, and if it's clean restore it.

jjavast

  • Guest
Re: WZCNFLCT.EXE False Positive?
« Reply #25 on: February 27, 2011, 11:19:32 PM »
It's OK NOW  :)

after updating  ;)

Finally it was just a False Positive.
« Last Edit: February 27, 2011, 11:22:21 PM by jjavast »

Bub12

  • Guest
Re: WZCNFLCT.EXE False Positive?
« Reply #26 on: February 27, 2011, 11:21:24 PM »
I am about to run a boot scan! Just went thru all the settings of Avast 6.0 & adjusted to my liking.

Oh, & BTW...Avast seems to have fixed the issue!! Just scanned the two files in question & now they are clean...well they were always clean, but you get the point. Let's see what the boot scan turns up...I hope nothing, as I believe should be the case.

I am curious now though why I have WZCNFLCT on my machine  ??? Seems like I can delete it anyway...stay tuned...

Offline Gopher John

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2098
Re: WZCNFLCT.EXE False Positive?
« Reply #27 on: February 27, 2011, 11:33:34 PM »
A0043371.EXE from the restoration files and WZCNFLCT.EXE are likely the same files.  They are both the same size at 45130 bytes.

You should be able to find out what program install put the file there.  It would be better to uninstall that program if you don't want/need it rather than just deleting the file.  It seems that it was a false positive, anyway.
AMD A6-5350M APU with Radeon HD Graphics, 8.0GB RAM, Win7 Pro SP1 64bit, IE11
i7-3610QM 2.3GHZ, 8.0GB Ram,  Nvidia GeForce GT 630M 2GB, Win7 Pro SP1 64bit, IE 11
Common to both: Avast Premium Security 19.7.2388, WinPatrol Plus, SpywareBlaster 5.5, Opera 12.18, Firefox 68.0.2, MBam Free, CCleaner

Bub12

  • Guest
Re: WZCNFLCT.EXE False Positive?
« Reply #28 on: February 28, 2011, 12:59:08 AM »
Gopher John

Quote
They are both the same size at 45130 bytes.

Curious, how do you know how large WZCNFLCT is, exactly?

Quote
You should be able to find out what program install put the file there.

Any suggestions as to how I might discover that?  ???

Thanks!!

Offline Gopher John

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2098
Re: WZCNFLCT.EXE False Positive?
« Reply #29 on: February 28, 2011, 01:06:25 AM »
Gopher John

Quote
They are both the same size at 45130 bytes.

Curious, how do you know how large WZCNFLCT is, exactly?

Quote
You should be able to find out what program install put the file there.

Any suggestions as to how I might discover that?  ???

Thanks!!

The VirusTotal results link you posted has a "Show All" button.  Clicking that gives the filesize and checksums, among other information about the file.

Visiting the links I posted earlier lists one candidate.  Searching Google for WZCNFLCT.EXE and comparing the results with your Add/Remove Programs list on your machine should give you the answer.
AMD A6-5350M APU with Radeon HD Graphics, 8.0GB RAM, Win7 Pro SP1 64bit, IE11
i7-3610QM 2.3GHZ, 8.0GB Ram,  Nvidia GeForce GT 630M 2GB, Win7 Pro SP1 64bit, IE 11
Common to both: Avast Premium Security 19.7.2388, WinPatrol Plus, SpywareBlaster 5.5, Opera 12.18, Firefox 68.0.2, MBam Free, CCleaner