Author Topic: Intel Bluetooth false positives  (Read 12739 times)

0 Members and 1 Guest are viewing this topic.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67275
The best things in life are free.

Offline Omid Farhang

  • Malware Hunter
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1661
  • I wish I could write longer personal text!!
    • Omid's Site
Re: Intel Bluetooth false positives
« Reply #1 on: March 22, 2011, 09:15:55 PM »
Maybe a False Positive, but look likes it is Intel's Fault too!

doktornotor

  • Guest
Re: Intel Bluetooth false positives
« Reply #2 on: March 22, 2011, 09:18:01 PM »
Maybe a False Positive, but look likes it is Intel's Fault too!

Exactly how's this Intel fault?  ???

Offline Omid Farhang

  • Malware Hunter
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1661
  • I wish I could write longer personal text!!
    • Omid's Site
Re: Intel Bluetooth false positives
« Reply #3 on: March 22, 2011, 09:26:19 PM »
Exactly how's this Intel fault?  ???

I've not checked the file yet as I'm busy, but usually a bad packing/compile or not signing the file result in such problems. (or even uncommon setup script which could be the problem as what I see in detection names)

Offline echo14612

  • Newbie
  • *
  • Posts: 1
Re: Intel Bluetooth false positives
« Reply #4 on: March 22, 2011, 11:46:12 PM »
hmmm...  I came to this forum looking for info and this is the closest thing I found.  I have a brand-new Dell XPS just out of the box today.  I installed Avast, did a scan, and got this report:

btplayerctrl.exe is infected by win32:Malware-gen

This is in the Intel\Bluetooth directory.  Should I assume this is a false positive?

Offline Omid Farhang

  • Malware Hunter
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1661
  • I wish I could write longer personal text!!
    • Omid's Site
Re: Intel Bluetooth false positives
« Reply #5 on: March 22, 2011, 11:53:43 PM »
Should I assume this is a false positive?
Most Likely yes :)

Offline polonus

  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 32241
  • malware fighter
Re: Intel Bluetooth false positives
« Reply #6 on: March 22, 2011, 11:55:13 PM »
Has these been checked for instance?
Product:   Intel PROSet\Wireless Bluetooth
Company:   Intel Corporation
Description:   Bluetooth Media Service
Version:   1.0.0.40
MD5:   03A7341E94ACD92E0831336D4F3ACE92
SHA1:   B79EE6B0F81533962635CDCDA6765897A941D087
SHA256:   B7BF8B549F2E1508E13568A735C20E799751143DE7D58728100E0EB527D39AC6
Size:   1298496
Directory:   %PROGRAMFILES%\Intel\Bluetooth\mediasrv.exe
Operating System:   Windows 7

There were bugs in the software way back in 2007, something could have happened again, or just a FP,
there is malware like this:
http://www.prevx.com/filenames/1433731098718421003-X1/OBEXSRV.EXE.html
and
http://www.prevx.com/filenames/2537676002901419612-X1/MEDIASRV.EXE.html


polonus
« Last Edit: March 22, 2011, 11:59:30 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

doktornotor

  • Guest
Re: Intel Bluetooth false positives
« Reply #7 on: March 23, 2011, 12:57:07 AM »
Anyone submitted this via http://www.avast.com/contact-form.php?loadStyles yet?

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67275
Re: Intel Bluetooth false positives
« Reply #8 on: March 23, 2011, 03:47:38 AM »
I've submitted all files from Chest. avast team has them. I wish they could say something about.
The best things in life are free.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67275
Re: Intel Bluetooth false positives
« Reply #9 on: March 25, 2011, 12:46:11 AM »
Wow! Wow!
You're brave. Even against a "problematic" virustotal results you've added them as false positives.
Congratulations! Shows your good work and how virustotal aggressive behavior is not an indication (always) of a better product.
The best things in life are free.


doktornotor

  • Guest
Re: Intel Bluetooth false positives
« Reply #11 on: March 25, 2011, 11:50:56 AM »
And the eternal champions of false positives: Avira, Emsisoft, F-Secure and Prevx. ;D

The Avira stuff is probably caused by High heuristics (didn't check, no machine w/ Avira at hand ATM). PrevX/Emsisoft - yeah, highly annoying, happens all the time. No experience with F-Secure. Whatever, thanks to Avast for fixing this.  8)

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67275
Re: Intel Bluetooth false positives
« Reply #12 on: March 25, 2011, 01:31:17 PM »
The Avira stuff is probably caused by High heuristics
It's always the same...
People applaud it when it detects and forgot to mention when it messes.
The best things in life are free.

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 36541
  • Weihrauch Airguns
Re: Intel Bluetooth false positives
« Reply #13 on: March 25, 2011, 01:37:41 PM »
F-Secure is using Bitdefender engine....but are not on same update...yet

Offline Omid Farhang

  • Malware Hunter
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1661
  • I wish I could write longer personal text!!
    • Omid's Site
Re: Intel Bluetooth false positives
« Reply #14 on: March 25, 2011, 09:58:57 PM »
The Avira stuff is probably caused by High heuristics (didn't check, no machine w/ Avira at hand ATM).
This detection name is not related to High or Low heuristics.
anyway, I could not find any malware detectd by avira in installed setups (Links in first post)