Author Topic: Ignore False Positive (Read 3954 times)

mikel108 · « **on:** November 14, 2004, 05:04:34 PM »

Hi,
I searched for this in the forums, but could not find a match.

Avast 4.5 found a FP(I have already checked to make sure that is what is was).

I would like to know how I exlude this false positive file from future scans.

I have only been using the program for 1 day and it seems great. I have 1 year left on a paid AVG 7 pro subscription, but it was constantly letting me down, so..good-bye Grisoft.

Eddy · « **Reply #1 on:** November 14, 2004, 05:08:49 PM »

What file do you think is a false positive? (and what is its location?)
How did you checked it?
Have you submit it to JOTTI?

techie101 · « **Reply #2 on:** November 14, 2004, 05:12:46 PM »

It might help us if you give us the name of the "false postive" so we can research it.

Include your OS please and whether you have Avast 4.5 Home or Pro.

Thanks

mikel108 · « **Reply #3 on:** November 14, 2004, 05:25:27 PM »

It was file C/System32/TFTP3296

I sent it to jotti, did a panda/trend/and Symantec scan which all said it was clean. Have not heard back from Avast. I did a search and it is a Trivial File Transfer Protocal from MS.

It said it was a W32:Dabber (Wrm).

Eddy · « **Reply #4 on:** November 14, 2004, 05:36:52 PM »

Please send the file in a pasword protected zip to virus@avast.com. Mention in the mail that you think it is a false postive and the password ofcourse.

In the mean time you can add that file to Avast's exclusion list.

bob3160 · « **Reply #5 on:** November 14, 2004, 05:40:02 PM »

mikel108
I'd wait till you get a definite answer before trying to isolate it.
eScan reports it as a virus:
File C:\WINDOWS\System32\TFTP3296 infected by "Worm.Win32.Lovesan.a" Virus. Action Taken: No Action Taken.

mikel108 · « **Reply #6 on:** November 14, 2004, 05:57:22 PM »

Hi Eddy,
I sent the file yesterday(about 24hrs ago). When the file came up it suggested that I put it in the vault, which I did. I had not seen anything running in processes, or on the firewall before that.

techie101 · « **Reply #7 on:** November 14, 2004, 06:21:06 PM »

There are conflicting reports on whether the TFTP is a worm or not.

For now the safest course of action is to isolate the file in the chest until Avast Team can check it out.

POST any further information you may receive for us.

I am running A-2 (A Squared Anti Trojan scanner) to see if it picks up anything. Will post later.

Thanks.

A2 Results: It did not detect TFTP as a worm or trojan.

mikel108 · « **Reply #8 on:** November 14, 2004, 06:47:58 PM »

Add Kav Online Scanner to the list saying it is clean.

My ISP does work on the email on Sunday mornings. I will resend the file when they are up and running.

mikel108 · « **Reply #9 on:** November 16, 2004, 02:43:25 AM »

Well I recieved a response from Avast. Vladimir Cernik emailed me back and said that he thought that the file was corrupted, and to move it to chest and delete.

Their program, so I will trust them and follow instructions.

Thanks for everyone's help and concern.

Author Topic: Ignore False Positive (Read 3954 times)

mikel108

Ignore False Positive

Eddy

Re:Ignore False Positive

techie101

Re:Ignore False Positive

mikel108

Re:Ignore False Positive

Eddy

Re:Ignore False Positive

bob3160

Re:Ignore False Positive

mikel108

Re:Ignore False Positive

techie101

Re:Ignore False Positive

mikel108

Re:Ignore False Positive

mikel108

Re:Ignore False Positive