False Positive, Posssible / Likely?

False Positive, Posssible / Likely?
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Anti-Virus Software    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
False Positive, Posssible / Likely? Poster Matt 07-24-2008
Posted by Poster Matt on July 24, 2008, 1:20 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
Hi,

I've an .exe file that I downloaded and then scanned using
virusscan.jotti.org - these are the results.

A-Squared - Found nothing
AntiVir - Found nothing
ArcaVir - Found nothing
Avast - Found nothing
AVG Antivirus - Found nothing
BitDefender - Found nothing
ClamAV - Found nothing
CPsecure - Found Troj.W32.Chifrax.a
Dr.Web - Found nothing
F-Prot Antivirus - Found nothing
F-Secure Anti-Virus - Found nothing
Fortinet - Found nothing
Ikarus - Found nothing
Kaspersky Anti-Virus - Found nothing
NOD32 - Found nothing
Norman Virus Control - Found nothing
Panda Antivirus - Found nothing
Sophos Antivirus - Found nothing
VirusBuster - Found nothing
VBA32 - Found nothing

19 clean, 1 positive !!

What are the chances of this being a false Positive? Is it posssible or
even likely given the 19 who declared it clean?

Thanks.

Posted by Art on July 24, 2008, 1:31 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
On Thu, 24 Jul 2008 17:20:31 GMT, Poster Matt

>Hi,
>
>I've an .exe file that I downloaded and then scanned using
>virusscan.jotti.org - these are the results.
>
>A-Squared - Found nothing
>AntiVir - Found nothing
>ArcaVir - Found nothing
>Avast - Found nothing
>AVG Antivirus - Found nothing
>BitDefender - Found nothing
>ClamAV - Found nothing
>CPsecure - Found Troj.W32.Chifrax.a
>Dr.Web - Found nothing
>F-Prot Antivirus - Found nothing
>F-Secure Anti-Virus - Found nothing
>Fortinet - Found nothing
>Ikarus - Found nothing
>Kaspersky Anti-Virus - Found nothing
>NOD32 - Found nothing
>Norman Virus Control - Found nothing
>Panda Antivirus - Found nothing
>Sophos Antivirus - Found nothing
>VirusBuster - Found nothing
>VBA32 - Found nothing
>
>19 clean, 1 positive !!
>
>What are the chances of this being a false Positive? Is it posssible or
>even likely given the 19 who declared it clean?

Only one way to find out for sure. Submit the file to CPsecure for
analysis. They use their own scan engine plus Kaspersky's, so
apparently it's their own scan engine that's probably false
alerting.

Art

Posted by Poster Matt on July 24, 2008, 4:18 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
Art wrote:
> On Thu, 24 Jul 2008 17:20:31 GMT, Poster Matt
>
>> Hi,
>>
>> I've an .exe file that I downloaded and then scanned using
>> virusscan.jotti.org - these are the results.
>>
>> A-Squared - Found nothing
>> AntiVir - Found nothing
>> ArcaVir - Found nothing
>> Avast - Found nothing
>> AVG Antivirus - Found nothing
>> BitDefender - Found nothing
>> ClamAV - Found nothing
>> CPsecure - Found Troj.W32.Chifrax.a
>> Dr.Web - Found nothing
>> F-Prot Antivirus - Found nothing
>> F-Secure Anti-Virus - Found nothing
>> Fortinet - Found nothing
>> Ikarus - Found nothing
>> Kaspersky Anti-Virus - Found nothing
>> NOD32 - Found nothing
>> Norman Virus Control - Found nothing
>> Panda Antivirus - Found nothing
>> Sophos Antivirus - Found nothing
>> VirusBuster - Found nothing
>> VBA32 - Found nothing
>>
>> 19 clean, 1 positive !!
>>
>> What are the chances of this being a false Positive? Is it posssible or
>> even likely given the 19 who declared it clean?
>
> Only one way to find out for sure. Submit the file to CPsecure for
> analysis. They use their own scan engine plus Kaspersky's, so
> apparently it's their own scan engine that's probably false
> alerting.
>
> Art

Thanks Art.

Posted by Poster Matt on July 25, 2008, 6:36 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
Poster Matt wrote:
> Art wrote:
>> On Thu, 24 Jul 2008 17:20:31 GMT, Poster Matt
>>
>>> Hi,
>>>
>>> I've an .exe file that I downloaded and then scanned using
>>> virusscan.jotti.org - these are the results.
>>>
>>> A-Squared - Found nothing
>>> AntiVir - Found nothing
>>> ArcaVir - Found nothing
>>> Avast - Found nothing
>>> AVG Antivirus - Found nothing
>>> BitDefender - Found nothing
>>> ClamAV - Found nothing
>>> CPsecure - Found Troj.W32.Chifrax.a
>>> Dr.Web - Found nothing
>>> F-Prot Antivirus - Found nothing
>>> F-Secure Anti-Virus - Found nothing
>>> Fortinet - Found nothing
>>> Ikarus - Found nothing
>>> Kaspersky Anti-Virus - Found nothing
>>> NOD32 - Found nothing
>>> Norman Virus Control - Found nothing
>>> Panda Antivirus - Found nothing
>>> Sophos Antivirus - Found nothing
>>> VirusBuster - Found nothing
>>> VBA32 - Found nothing
>>>
>>> 19 clean, 1 positive !!
>>>
>>> What are the chances of this being a false Positive? Is it posssible
>>> or even likely given the 19 who declared it clean?
>>
>> Only one way to find out for sure. Submit the file to CPsecure for
>> analysis. They use their own scan engine plus Kaspersky's, so
>> apparently it's their own scan engine that's probably false
>> alerting.
>>
>> Art
>
> Thanks Art.

It did turn out to be a false positive.

Regards, etc.

Posted by Poster Matt on July 29, 2008, 12:09 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
Poster Matt wrote:
> Poster Matt wrote:
>> Art wrote:
>>> On Thu, 24 Jul 2008 17:20:31 GMT, Poster Matt
>>>
>>>> Hi,
>>>>
>>>> I've an .exe file that I downloaded and then scanned using
>>>> virusscan.jotti.org - these are the results.
>>>>
>>>> A-Squared - Found nothing
>>>> AntiVir - Found nothing
>>>> ArcaVir - Found nothing
>>>> Avast - Found nothing
>>>> AVG Antivirus - Found nothing
>>>> BitDefender - Found nothing
>>>> ClamAV - Found nothing
>>>> CPsecure - Found Troj.W32.Chifrax.a
>>>> Dr.Web - Found nothing
>>>> F-Prot Antivirus - Found nothing
>>>> F-Secure Anti-Virus - Found nothing
>>>> Fortinet - Found nothing
>>>> Ikarus - Found nothing
>>>> Kaspersky Anti-Virus - Found nothing
>>>> NOD32 - Found nothing
>>>> Norman Virus Control - Found nothing
>>>> Panda Antivirus - Found nothing
>>>> Sophos Antivirus - Found nothing
>>>> VirusBuster - Found nothing
>>>> VBA32 - Found nothing
>>>>
>>>> 19 clean, 1 positive !!
>>>>
>>>> What are the chances of this being a false Positive? Is it posssible
>>>> or even likely given the 19 who declared it clean?
>>>
>>> Only one way to find out for sure. Submit the file to CPsecure for
>>> analysis. They use their own scan engine plus Kaspersky's, so
>>> apparently it's their own scan engine that's probably false
>>> alerting.
>>>
>>> Art
>>
>> Thanks Art.
>
> It did turn out to be a false positive.
>
> Regards, etc.

For the group's info.

File 'Default.SFX' a standard file in the WinRar
application's distribution generates a false
positive with CPsecure. Fixed as of 2008-07-29.

From: red-alert@support.cpsecure.com
[support.cpsecure.com #18822]

2008-07-28:
> it is a false positive.we will modify this bug on next version as soon
> as possible.
>
> thanks for your help
>
> Best regards.
>
> cpsecure support team

2008-07-29:
> hi,
> we had modified this false positive on the lastest pattern
> 20080728213234.
>
> thanks for your help.
> Best regards.
> Cpsecure support team

Similar ThreadsPosted
False Positive? September 10, 2005, 8:22 am
False positive? April 8, 2007, 4:28 pm
False Positive on Keylogger??? June 10, 2006, 11:38 am
Malwarebytes false positive July 14, 2008, 10:22 am
Spybot 1.4 Smitfraud-C False Positive? July 29, 2005, 11:23 pm
New False Positive from Spyware Doctor? February 1, 2007, 8:41 pm
Win32:Mhtplo-10 - False positive? November 30, 2007, 3:27 pm
PCANDIS5.sys Trojan or False Positive? June 28, 2008, 5:04 am
AVG false positive reported on user32.dll November 19, 2008, 1:01 am
likely semi-false positive"intrusion" nav05 April 8, 2006, 1:30 am

The site map in XML format XML site map

Contact Us | Privacy Policy