Author Topic: [Mini Sticky] False Positives  (Read 86480 times)

0 Members and 1 Guest are viewing this topic.

Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 85118
  • No support PMs thanks
Re: [Mini Sticky] False Positives
« Reply #15 on: July 06, 2011, 07:26:33 PM »
Essentially there is nothing we can do based on the information that you have provided, which is why we suggest you conform the detection at virustotal.

If then it is considered a false positive then the 'physical samples' need to be sent to avast for analysts.

Given what you are saying, it doesn't appear that avast is even alerting ?
So not really a false positive, so posting in this very old tutorial topic on how to check/treat what you might consider a false positive is very misleading.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.5.2470 (build 21.5.6354.675) UI 1.0.646/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline hailstorm

  • Newbie
  • *
  • Posts: 9
Re: [Mini Sticky] False Positives
« Reply #16 on: July 29, 2011, 06:50:35 AM »
Hmmm... it seems like Avast (version 6) does not play nice with game trainers.

I have used Avast since version 4+. As far as I can remember, there was no such problem in older versions of Avast.

File:
http://dlh.net/cheats_49457g.html

It is a rar file containing some files, including an exe file (the game trainer executable).

When the Avast shields were on, the file download always gets interrupted at around 99%.

I was using Chrome. Thinking that it was a browser bug, I tried to download using IE9 and Firefox 5. Same problem.

Trusting my astute gut instincts, I disabled the Avast shields for 10 mins, and lo and behold, the download completed successfully. The contents of the rar file were also extracted successfully. Of course, scanning that exe file with Avast produces the 'threat detected' message.

Please communicate to your developers to thoroughly test and whitelist such non-malicious files in future versions of Avast. For starters, go to http://www.gamecopyworld.com/ - there's plenty of material there for you to test out.

Offline psicop

  • Newbie
  • *
  • Posts: 2
Re: [Mini Sticky] False Positives
« Reply #17 on: August 15, 2012, 04:57:29 AM »
Avast keeps on blocking me from this genuine site, which I have been using without any issues until version 7 was released.

What do I need to do in order to allow me accessing this site because Avast is blocking it.

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37029
Re: [Mini Sticky] False Positives
« Reply #18 on: August 15, 2012, 05:57:56 AM »
Avast keeps on blocking me from this genuine site, which I have been using without any issues until version 7 was released.

What do I need to do in order to allow me accessing this site because Avast is blocking it.
1. you are posting in a very old topic....that has nothing to do with your problem....you should have started your own
2. it would help to know what avast say....like a screenshot of the warning ?

what do you mean by a genuine site ?

Every 3.6 seconds a website is infected
http://www.scmagazine.com/every-36-seconds-a-website-is-infected/article/140414/

so far i get this info scanning the site

http://zulu.zscaler.com/submission/show/95ff2e9f97c29fbc6f435f65b6214994-1345002842
http://sitecheck.sucuri.net/results/www.zishateapot.co.uk/

« Last Edit: August 15, 2012, 06:00:16 AM by Pondus »

Offline psicop

  • Newbie
  • *
  • Posts: 2
Re: [Mini Sticky] False Positives
« Reply #19 on: August 15, 2012, 07:46:18 PM »
Hi,

Thanks for your reply. Here's a screenshot:

http://imageshack.us/photo/my-images/401/20120816033047.jpg/

The Sucuri site check you provided lists the site as clean:

http://imageshack.us/photo/my-images/201/31789751.jpg/

I have also submitted a scan to:

1. Virustotal. Here's the result:

https://www.virustotal.com/url/7d62e613bc5e00f675ff2a1c42a7def3641f0e519a4758c3d460d022a9eecb3b/analysis/

2. URLVoid. This is the result:

http://www.urlvoid.com/scan/zishateapot.co.uk/

CLEAN.

It is obviously a FP, so what do I need to do in order to unblock the site?

Thanks.



Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 85118
  • No support PMs thanks
Re: [Mini Sticky] False Positives
« Reply #20 on: August 15, 2012, 08:00:35 PM »
As has been mentioned previously this should be in its own 'new topic' as this topic is a small tutorial on how to treat false positives.

Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.5.2470 (build 21.5.6354.675) UI 1.0.646/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline !Donovan

  • Web Analyst
  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2220
    • The WAR Against Malware
Re: [Mini Sticky] False Positives
« Reply #21 on: August 17, 2012, 01:02:45 AM »
@psicop

Detection is correct =P

http://urlquery.net/report.php?id=134037

Notice the count18.51yes site.
See: http://www.mywot.com/en/scorecard/count18.51yes.com
And: http://www.google.com/safebrowsing/diagnostic?site=51yes.com/

Has this site acted as an intermediary resulting in further distribution of malware?
Over the past 90 days, 51yes.com appeared to function as an intermediary for the infection of 19 site(s) including 220uu.com/, liangxingai.com/, zhuoku.com/.
Familiarize Yourself! | Educate Yourself! | Beautify Yourself! | Scan Yourself!
"People who say it cannot be done should not interrupt those who are doing it."