Author Topic: How to report this False possitive?  (Read 10337 times)

0 Members and 1 Guest are viewing this topic.

Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 84884
  • No support PMs thanks
Re: How to report this False possitive?
« Reply #30 on: August 25, 2011, 06:13:10 PM »
Scanning with VT is a waste of time, as it can't replicate the anti-rootkit scan, which isn't just signature based.

No scanner can do the same as you can on your system as an anti-rootkit scan compares what your windows API says is running, compared with what is actually running. It is these hidden processes/drivers that are suspicious and this which can't be replicated on a signature based scan.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.3.2459 (build 21.3.6164.561) UI 1.0.609/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Morro41

  • Jr. Member
  • **
  • Posts: 83
Re: How to report this False possitive?
« Reply #31 on: August 25, 2011, 08:01:04 PM »
Scanning with VT is a waste of time, as it can't replicate the anti-rootkit scan, which isn't just signature based.

No scanner can do the same as you can on your system as an anti-rootkit scan compares what your windows API says is running, compared with what is actually running. It is these hidden processes/drivers that are suspicious and this which can't be replicated on a signature based scan.

Well in your first post in this thread you mentioned that it was a strange thing that on the VT results avast did not detect anything. So i think you mean that the results do matter, just that it should not be trusted for 100% correct? And if so then i agree but it does give a good idea, so many scanning engine should find something i think if something was wrong with the file i mentioned on the first page, right?

Any way i just hat MBAM do a full scan of my Hard drive and it found nothing bad.

Quote
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7566

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

25-8-2011 19:47:56
mbam-log-2011-08-25 (19-47-56).txt

Scan type: Full scan (C:\|)
Objects scanned: 346368
Time elapsed: 59 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Windows 10 64bit /MSI Z370 Codex Gaming XE Desktop i5-9600K CPU 3.70GHz /16 GB DDR4 Memory /NVIDIA GeForce RTX 2070 Graphics card /256 GB SSD /1TB HDD/External 5 TB WD Elements 25A3 USB Device

Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 84884
  • No support PMs thanks
Re: How to report this False possitive?
« Reply #32 on: August 25, 2011, 08:28:18 PM »
Only because you hadn't said what scanner or scan had detected it, in the same post I also said that if it was the anti-rootkit scan, essentially VT wouldn't find anything.

Well the strange thing is that on the VT results avast doesn't detect anything.
Ensure you have the latest virus definitions update.

So what were the details of this detection, what was being reported, I suspect this was during the avast anti-rootkit scan 8 minutes after boot (otherwise the VT scan would have a hit for avast) ?
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.3.2459 (build 21.3.6164.561) UI 1.0.609/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security