False positive

ReviewsAntivirus · June 25, 2014, 7:55am

c777c1f4c6938e364c0a0d63fca14140af62d58f

spywar · June 25, 2014, 7:59am

Are you sure for this one ?

yuvarajm · June 25, 2014, 8:51am

Hi malware1,

Thank you for reporting this.
We’ll check it and get back to you soon.

Regards,
Yuvaraj M

ReviewsAntivirus · June 25, 2014, 8:58am

Seems clean, what malicious have you identified? Some vendors confirm it’s safe.

ESET:

Dear Malware000,
Thank you for your submission.

As we haven’t found any unequivocally malicious functionality in the submitted file(s), they will not be detected as malware.

Our standpoint can be reconsidered if you provide us more information about the submitted file(s).

Regards,

ESET Malware Response Team

Dear malware000,
Your submission has been analyzed. This file presents no threat to your system.

Thank you for the cooperation.

Чтобы получать оповещения на русском языке, отправьте пустое сообщение на адрес lang[at]rt-web.dev.drweb.com

but Avira says it’s malicious:

Dear Sir or Madam,
Thank you for your email to Avira’s virus lab.
Tracking number: INC01690955.

We received the following archive files:

File ID Filename Size (Byte) Result
28172818 4f6e1e5924901340a…4a.zip 667.51 KB OK

A listing of files contained inside archives alongside their results can be found below:
File ID Filename Size (Byte) Result
28172819 4f6e1e5924901340a…4a.exe 979.44 KB MALWARE

Please find a detailed report concerning each individual sample below:
Filename Result
4f6e1e5924901340a…4a.exe MALWARE

The file ‘4f6e1e5924901340ac8493f2acf40f4a.exe’ has been determined to be ‘MALWARE’. Our analysts named the threat TR/AutoIt.aqonra. The term “TR/” denotes a trojan horse that is able to spy out data, to violate your privacy or carry out unwanted modifications to the system. Detection will be added to our virus definition file (VDF) with one of the next updates.

Alternatively you can see the analysis result here:
http://analysis.avira.com/en/status?uniqueid=F74zKbvYHp491yPH50LsEPK3H9rpGD2g&incidentid=1690955

An overview of all your submissions can be found here:
http://analysis.avira.com/en/overview?uniqueid=F74zKbvYHp491yPH50LsEPK3H9rpGD2g

We recommend to use our upload form for further submissions. In case the result is known it will be shown in realtime to you. Furthermore files which are considered to be false positive suspictions can only be submitted using this method. http://analysis.avira.com/samples/index.php?lang=en

Please note: If you have specific questions, please visit our website http://www.avira.com/en/support for further details.

Kind regards
Avira Virus Lab

Avira Operations GmbH & Co. KG
Kaplaneiweg 1, 88069 Tettnang, Germany
Phone: +49 (0) 7542-500 0
Fax: +49 (0) 7542-500 3000
Internet: http://www.avira.com

CEO: Travis Witteveen
Headquarter: Tettnang
Commercial register: AG Ulm HRB 630992
---------------------------------------------

qiuhui · June 26, 2014, 12:35am

Hi malware1,

This is to inform you that false-positive has been fixed.
You can update to AV database Version <18670> of Comodo Internet Security Version<7.0.317799.4142> and confirm it.

Best regards
Qiuhui.■■■■