Some False Positives.

HeffeD · February 14, 2009, 7:52pm

This is the installer for A2 Free.
Application.Win32.FraudTool.MacroVirus.~A@2937430 C:\Downloads\ASquared\a2FreeSetup.exe
http://www.virustotal.com/analisis/38bb993b2c561929596374c3317b5212
This is not the most current version of the installer, but I’m still sure it’s not malicious.

This is the installer for Programmers Notepad
Application.Win32.FraudTool.MacroVirus.~A@2937430 C:\Downloads\ProgrammersNotepad\pn208718.exe
http://www.virustotal.com/analisis/f1faa520f563f96684c78ca3af00f3ec

Not sure what this .dll does, but only one out of the 39 scanners on VirusTotal thought it was suspicious.
Heur.Packed.Unknown C:\WINDOWS\system32\midas.dll
http://www.virustotal.com/analisis/64daf7d50d900aa57b0e1a6cb049a4fb

Ramanan · February 28, 2009, 5:18am

Hi,

This has been fixed, please update to latest CIS V477 and update virus signature database to latest.

Thanks
Ramanan

HeffeD · May 14, 2009, 7:06pm

This .dll is being picked up again…

CIS version 3.9.81003.508
Signature Database 1162

[attachment deleted by admin]

languy99 · May 14, 2009, 7:07pm

what do you have heuristics set to? Personally right now I would not set them above low, they are too prone to false positives. With the next version where CIMA comes into play they should be much better.

HeffeD · May 14, 2009, 7:19pm

They are set to low, but that shouldn’t matter as this .dll was already classified as a false positive and fixed in 3.8.

HeffeD · May 15, 2009, 4:46pm

Attaching the file as requested by PM.

[attachment deleted by admin]

sriramp · May 16, 2009, 5:13pm

Hi HeffeD,

Thankyou for submitting the file. We have fixed the false positive. Please update your AV to 1167 and confirm.

Thanks and Regards,
Sriram.P

HeffeD · May 16, 2009, 6:19pm

Thanks Sriram! 1167 comes up clean. ;D