Author Topic: false positive  (Read 2566 times)

0 Members and 1 Guest are viewing this topic.

Offline h4x0r

  • Jr. Member
  • **
  • Posts: 25
false positive
« on: March 06, 2012, 08:40:24 PM »
hi, i'm a noob with avast but i think i have a false positive.

i bought a brand new laptop and the bluetooth module is being detected as a rootkit process. the program being detected is at:

C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe


win 7 home premium 64, avast free 7.0.1407, fully updated

I uploaded the program to virustotal and it comes out 0/43 clean

https://www.virustotal.com/file/bbfb0eea5464239f4a232063c656d3bb1243cc5de5ff871c91382fbb5b15e167/analysis/1331060792/

A full scan with malwarebytes also shows 0 malicious items.

how do you submit files to avast for analysis?

thanks


Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37697
  • F-Secure user
Re: false positive
« Reply #1 on: March 06, 2012, 09:14:36 PM »
Quote
how do you submit files to avast for analysis?
has avast moved the file to chest ?
right click the file in chest and upload to avast lab as False Positive...




Quote
i bought a brand new laptop and the bluetooth module is being detected as a rootkit process. the program being detected is at:
OBS: did your brand new comp come with a preinstalled AV ?
you did remember to uninstall it before installing avast!
« Last Edit: March 06, 2012, 09:16:24 PM by Pondus »

Offline h4x0r

  • Jr. Member
  • **
  • Posts: 25
Re: false positive
« Reply #2 on: March 06, 2012, 09:35:09 PM »
thanks for your reply.

i selected "do nothing" in the scan results window, so the suspect program is not in the chest. I did that because i thought that putting the program in the chest would break bluetooth.

can i email avast the program instead?

yes, i unistalled the AV that came originally (norton) and deactivated windows defender too.

thank you

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37697
  • F-Secure user
Re: false positive
« Reply #3 on: March 06, 2012, 11:44:30 PM »
Quote
can i email avast the program instead?
yes you can

put it in a password protected zip file and send to  virus @ avast.com
Password:  infected
mail subject:  false positive




Offline h4x0r

  • Jr. Member
  • **
  • Posts: 25
Re: false positive
« Reply #4 on: March 07, 2012, 01:11:54 PM »
thanks Pondus