Heur.Packed.Unknown - few FP

fOrTy_7 · May 16, 2009, 3:09pm

CIS version: 3.9.95478.509
DB version: 1164

I’ve just scanned my PC with heuristic set to High and CIS found few files as Heur.Packed.Unknown which are FP.

Edit: Since all of FPs have been fixed with DB 1174 I removed unnecessary links which made this post huge.

Heur.Packed.Unknown RADVideo\radana.exe
Heur.Packed.Unknown VSD Software\GoOff!\gooff.exe
Heur.Packed.Unknown WapSter AQQ\System\DelZip179.dll
Heur.Packed.Unknown WinRAR\Default.SFX
Heur.Packed.Unknown WinRAR\WinCon.SFX
Heur.Packed.Unknown WinRAR\Zip.SFX
Heur.Packed.Unknown DPT.exe
Heur.Packed.Unknown HD_Speed 1.5.2\HD_Speed_ENG.zip|hd_speed.exe
Heur.Packed.Unknown wyklad_6_-_przyklady.exe

sriramp · May 16, 2009, 5:37pm

Hi fOrTy_7,

Thankyou for reporting the false positive. We shall get back to you after investigation.

Regards,
Sriram.P

llama · May 17, 2009, 8:43am

CIS version: 3.9.95478.509
DB: 1168
Windows XP SP3 French
Heuristic set to high

same false positive on:

/windows/system32/adortl70.bpl
/windows/system32/inet70.bpl

verified on virustotal

edit: seems fixed now

gmohan · May 17, 2009, 8:53am

hi llama,

We will have a look at it, We will get back to you after investigation

Regards,
-Chandra Mohan

fOrTy_7 · May 18, 2009, 6:27pm

I removed from the list the FP which have been fixed with virus database 1172 from my previous post. Two new FP have been introduced.

[tr]
[td]Malware name[/td]
[td]Filename[/td]
[td]Status(virustotal.com)[/td]
[/tr]
[tr]
[td]Heur.Packed.Unknown[/td]
[td]bass_ape.dll[/td]
[td]Scan results[/td]
[/tr]
[tr]
[td]Heur.Packed.Unknown[/td]
[td]bass_cda.dll[/td]
[td]Scan results[/td]
[/tr]

These two DLLs and the other files which haven’t been fixed yet are attached to this post as a zip archive.

[attachment deleted by admin]

gmohan · May 19, 2009, 5:58am

Hi fOrTy_7,

Thanks for FP reporting
We will get back to you when it will be fixed.

Regards,
-Chandra Mohan

fOrTy_7 · May 19, 2009, 3:53pm

After database update to version 1174, only BASS DLLs have left. All other FP have been fixed. Thanks guys for your hard work. :-TU

fOrTy_7 · May 19, 2009, 7:24pm

CIS version: 3.9.95478.509
DB version: 1174

[tr]
[td]Malware name[/td]
[td]Filename[/td]
[td]Status(virustotal.com)[/td]
[/tr]
[tr]
[td]Heur.Packed.Unknown[/td]
[td]p.exe[/td]
[td]Scan results[/td]
[/tr]

[attachment deleted by admin]

vector.x86 · May 19, 2009, 10:29pm

HI
i use Miranda IM Client and my CIS (3.8.64263.468)
false scan alert by ‘Heur.Packed.Unknown’
but VT show 0\34 result. =
what does it mean ??
Thx…

gmohan · May 20, 2009, 5:11am

Hi fOrTy_7,

The reported FP is under our consideration,
We will get back to you after investigation,
Thanks for reporting.

-Chandra Mohan

gmohan · May 20, 2009, 6:21am

Hi vector.x86,

Please update your Product as well as database.
Check the detection and let us know.

The latest is as on May-20-2009
Product version : 3.9
Database version: 1176

Regards,
-Chandra Mohan

gmohan · May 20, 2009, 8:27am

Hi llama,

Thanks for confirming.

Regards,
-Chandra Mohan

gmohan · May 20, 2009, 8:57am

Hi fOrTy_7,

Thanks for confirming with DB 1174.
FP regarding BASS DLLs will be fixed in few updates.

Regards,
-Chandra Mohan

gmohan · May 20, 2009, 1:34pm

Hi fOrTy_7,

Mentioned FP is fixed DB 1177.
Please verify.

Regards,
-Chandra Mohan

fOrTy_7 · May 20, 2009, 5:09pm

Yes, p.exe FP has been fixed. Thanks.

gmohan · May 21, 2009, 8:06am

Hi fOrTy_7,

Mentioned FP has been fixed in DB v1179
Please update your database and confirm.

Regards,
-Chandra Mohan

fOrTy_7 · May 21, 2009, 12:25pm

Yes, those have been fixed in DB 1179. Thank you.