Three probable false positives (fixed)

Hi,

I scanned this morning and came up with three suspicious files. Having checked them myself, I can’t see why they would be infected. They have all been on my system for some time, and haven’t been accessed recently. I updated CIS at 13:55, Feb 28th (today) and it says I have virus sig database version 1008. After rescanning, the files are still detected. They are:

J:\HoI2 Doomsday\editor.exe (“Unclassified malware[at]8339373”)
D:\masm32\EXAMPLE1\QEXIT\QEXIT.EXE (“Unclassified malware[at]5256430”)
D:\masm32\SUBCLASS.EXE (“Unclassified malware[at]8322370”)

I have submitted the files via the “submit suspicious files” mechanism.

Keith Ballard (aka Saiph)

CIS version: 3.8.65951.477
Database version: Was 1008, now 1012.
OS: Win XP Pro sp3
Detection information is as shown above.

Hey Saiph (:WAV)

I’m not a dev, but I would recommend you edit your post to show:

CIS version
Database version
Operating System
Name of the malware that those files were detected as

This way the devs can sort out those FP’s quicker :slight_smile:

When I reported an FP recently, it was fixed in the next update, so stay tuned :wink:

Hi Saiph,

Could you please verify these FP’s with the latest update?

Thanks,
Ramanan

My virus sig database version is showing as 1025, and the falses appear to have been fixed.

Thanks Ramanan. :-TU