False positive


Are you sure for this one ?

Hi malware1,

Thank you for reporting this.
We’ll check it and get back to you soon.

Yuvaraj M

Seems clean, what malicious have you identified? Some vendors confirm it’s safe.


Dear Malware000,

Thank you for your submission.

As we haven’t found any unequivocally malicious functionality in the submitted file(s), they will not be detected as malware.

Our standpoint can be reconsidered if you provide us more information about the submitted file(s).


ESET Malware Response Team

Dear malware000,

Your submission has been analyzed. This file presents no threat to your system.

Thank you for the cooperation.

Чтобы получать оповещения на русском языке, отправьте пустое сообщение на адрес lang[at]rt-web.dev.drweb.com

but Avira says it’s malicious:

Dear Sir or Madam,

Thank you for your email to Avira’s virus lab.
Tracking number: INC01690955.

We received the following archive files:

File ID Filename Size (Byte) Result
28172818 4f6e1e5924901340a…4a.zip 667.51 KB OK

A listing of files contained inside archives alongside their results can be found below:
File ID Filename Size (Byte) Result
28172819 4f6e1e5924901340a…4a.exe 979.44 KB MALWARE

Please find a detailed report concerning each individual sample below:
Filename Result
4f6e1e5924901340a…4a.exe MALWARE

The file ‘4f6e1e5924901340ac8493f2acf40f4a.exe’ has been determined to be ‘MALWARE’. Our analysts named the threat TR/AutoIt.aqonra. The term “TR/” denotes a trojan horse that is able to spy out data, to violate your privacy or carry out unwanted modifications to the system. Detection will be added to our virus definition file (VDF) with one of the next updates.

Alternatively you can see the analysis result here:

An overview of all your submissions can be found here:

We recommend to use our upload form for further submissions. In case the result is known it will be shown in realtime to you. Furthermore files which are considered to be false positive suspictions can only be submitted using this method. http://analysis.avira.com/samples/index.php?lang=en

Please note: If you have specific questions, please visit our website http://www.avira.com/en/support for further details.

Kind regards
Avira Virus Lab

Avira Operations GmbH & Co. KG
Kaplaneiweg 1, 88069 Tettnang, Germany
Phone: +49 (0) 7542-500 0
Fax: +49 (0) 7542-500 3000
Internet: http://www.avira.com

CEO: Travis Witteveen
Headquarter: Tettnang
Commercial register: AG Ulm HRB 630992

Hi malware1,

This is to inform you that false-positive has been fixed.
You can update to AV database Version <18670> of Comodo Internet Security Version<7.0.317799.4142> and confirm it.

Best regards