[Solved] False positives reported but not corrected

[Lisandro]

Seems clearly false positives. I've reported before but the detection remains  :'(
Are you the only right antivirus in the yard?

ShutdownCKCL.etl
http://www.virustotal.com/file-scan/report.html?id=62eaf94f76c6e19be43b02f7c414f3093487a9626e1dea392482e294d12b0ca6-1305920608

ReadyBoot.etl
http://www.virustotal.com/file-scan/report.html?id=d213d65f6f62ca3175a5f87d8dbf774eaeb2d67cd901a14dcd2dd239be3c66fe-1305921109

BootCKCL.etl
http://www.virustotal.com/file-scan/report.html?id=8e29fbc926d8377045952647143c000fe0d81485fe69359303ea5a0242b542d7-1305922367

[polonus]

Hi Tech,

Similar result at VirScan.org: http://7.www.virscan.org/report/c2f5b5d4263af65a97f87b3962a383cf.html
and here: http://virscan.org/report/5fb102ebcad92e3b83d2461cca3749bd.html

polonus

[Lisandro]

Hi Tech,

Similar result at VirScan.org: http://7.www.virscan.org/report/c2f5b5d4263af65a97f87b3962a383cf.html
and here: http://virscan.org/report/5fb102ebcad92e3b83d2461cca3749bd.html

polonus

Thanks Polonus, but what do you think? False positives or not?

[Lisandro]

Still being detected with 110521-1 :'(

[Asyn]

Thanks Polonus, but what do you think? False positives or not?

I think these dedections are FPs.
Where did you report them..??
Here..?? http://www.avast.com/contact-form.php?loadStyles

[Lisandro]

Where did you report them..??

From Chest.
They always said that these files, reported from Chest, have high priority.

Here..?? http://www.avast.com/contact-form.php?loadStyles

No.
Did not lose time to that... and won't.
Why don't they correct the false positive? 

[polonus]

Hi Tech,

If a scan at VT or VirScan only turns out to be flagged by avast and not by GData as well, then here I could smell  a FP,
and things that smell like a duck, sound like a duck and walk and swim like a duck in most cases turn out to be a genuine duck,

polonus

[Lisandro]

Thanks Polonus.
What more can I do? :'(

Do you have similar files .etl in your computer?
Are they being flagged?

[polonus]

Hi Tech,

This issue is one year old: http://forum.avast.com/index.php?topic=60305.0

polonus

[calcu007]

Try using virus@avast.com  Maybe you will get a reply. Try posting in Avast subforum, that is more read than this

[Lisandro]

Try using virus@avast.com

They always advocate the opposite for false positives.

Maybe you will get a reply. Try posting in Avast subforum, that is more read than this

Well, false positives were always posted here.

The problem is that they do not say anything about...
Why does this happen to me?

The false positive continues... 110522-1

[calcu007]

I had send false positive there and had personal replies and in the forum. You will not lose if try both

[igor]

I don't think that's a real false positive - the detection has been for more than a year, and it looks OK to me.
I'd say something (other product's virus signatures from memory?) somehow got into these files. Though I admit I have no idea what those .etl files are.

[Asyn]

I don't think that's a real false positive - the detection has been for more than a year, and it looks OK to me.

It does..??
Did you look at the VT results in Tech's original post..?
I think we need a reply from the viruslab guys here..!!

[Lisandro]

Igor, we need a virus analyst's answer.
I can imagine that "other product's virus signatures from memory" can be the issue.
First detection was after a KillSwitch being running. See snapshot.

The detection occur with the files into Chest. The files must be "corrupted" then. How?

I'm about to delete that files...
Event Trace Log (ETL) files are binary files created by Microsoft Tracelog, a program that creates logs using the events from the kernel in Microsoft operating systems; contains binary log data at the trace level, such as disk accesses or page faults; used to log high-frequency events while tracking the performance of an operating system.
http://www.fileinfo.com/extension/etl

These files could be converted to text files: http://msdn.microsoft.com/en-us/library/bb801253%28v=office.12%29.aspx