Three probable false positives (fixed)


I scanned this morning and came up with three suspicious files. Having checked them myself, I can’t see why they would be infected. They have all been on my system for some time, and haven’t been accessed recently. I updated CIS at 13:55, Feb 28th (today) and it says I have virus sig database version 1008. After rescanning, the files are still detected. They are:

J:\HoI2 Doomsday\editor.exe (“Unclassified malware[at]8339373”)
D:\masm32\EXAMPLE1\QEXIT\QEXIT.EXE (“Unclassified malware[at]5256430”)
D:\masm32\SUBCLASS.EXE (“Unclassified malware[at]8322370”)

I have submitted the files via the “submit suspicious files” mechanism.

Keith Ballard (aka Saiph)

CIS version: 3.8.65951.477
Database version: Was 1008, now 1012.
OS: Win XP Pro sp3
Detection information is as shown above.

Hey Saiph (:WAV)

I’m not a dev, but I would recommend you edit your post to show:

CIS version
Database version
Operating System
Name of the malware that those files were detected as

This way the devs can sort out those FP’s quicker :slight_smile:

When I reported an FP recently, it was fixed in the next update, so stay tuned :wink:

Hi Saiph,

Could you please verify these FP’s with the latest update?


My virus sig database version is showing as 1025, and the falses appear to have been fixed.

Thanks Ramanan. :-TU