[Løst]Falsk positiv fra Avira?

[madmats]

Avira fant 2 'virus/unwanted programs' ved full scan.

maskinen er gjenopprettet til fabrikkinstillinger via hp sitt recovery program nesten rett før scan.

 

utdrag ifra logg fra avira:

 

 

C:\HP\BIN\KillIt.exe

[DETECTION] Contains recognition pattern of the APPL/KillApp.A application

C:\HP\HPQWare\BTBHost\SetACL.exe

[DETECTION] Contains recognition pattern of the APPL/ACLSet application

Begin scan in 'D:\' <HP_RECOVERY>

 

Beginning disinfection:

C:\HP\BIN\KillIt.exe

[DETECTION] Contains recognition pattern of the APPL/KillApp.A application

[NOTE] The file was moved to '4a6036f3.qua'!

C:\HP\HPQWare\BTBHost\SetACL.exe

[DETECTION] Contains recognition pattern of the APPL/ACLSet application

[NOTE] The file was moved to '4a6836ef.qua'!

 

 

Kjørte og en scan med MBAM som ikke fant noe.

 

fant dette ved å google litt:

 

http://forum.avira.com/wbb/index.php?page=...d=20412&l=3

 

kanskje jeg burde poste i samme forum, men spør her tilfelle noen vet at dette er en falsk positiv

[Bruker-158599]

Kan du laste filene opp på Jotti og se om hva resultatet blir? Tror det er en falsk positiv

Endret 31. juli 2010 av riskake90

[madmats]

Scannet de to filene med Jotti og Virus Total:

 

KillIt.exe

 

Jotti:

Klikk for å se/fjerne innholdet nedenfor

A-Squared

Found nothing

AntiVir

Found APPL/KillApp.A

ArcaVir

Found nothing

Avast

Found nothing

AVG Antivirus

Found nothing

BitDefender

Found nothing

ClamAV

Found nothing

CPsecure

Found Malware.Generic

Dr.Web

Found nothing

F-Prot Antivirus

Found nothing

F-Secure Anti-Virus

Found nothing

Ikarus

Found nothing

Kaspersky Anti-Virus

Found nothing

NOD32

Found nothing

Norman Virus Control

Found nothing

Panda Antivirus

Found nothing

Quick Heal

Found Trojan.Agent.ATV

Sophos Antivirus

Found nothing

VirusBuster

Found nothing

VBA32

Found nothing

 

Virus Total:

Klikk for å se/fjerne innholdet nedenfor

a-squared 4.0.0.101 2009.04.26 -

AhnLab-V3 5.0.0.2 2009.04.26 -

AntiVir 7.9.0.156 2009.04.25 APPL/KillApp.A

Antiy-AVL 2.0.3.1 2009.04.24 -

Authentium 5.1.2.4 2009.04.25 -

Avast 4.8.1335.0 2009.04.25 -

AVG 8.5.0.287 2009.04.26 -

BitDefender 7.2 2009.04.26 -

CAT-QuickHeal 10.00 2009.04.25 Trojan.Agent.ATV

ClamAV 0.94.1 2009.04.26 -

Comodo 1135 2009.04.25 -

DrWeb 4.44.0.09170 2009.04.26 -

eSafe 7.0.17.0 2009.04.23 -

eTrust-Vet 31.6.6475 2009.04.24 -

F-Prot 4.4.4.56 2009.04.25 -

F-Secure 8.0.14470.0 2009.04.25 -

Fortinet 3.117.0.0 2009.04.26 -

GData 19 2009.04.26 -

Ikarus T3.1.1.49.0 2009.04.26 -

K7AntiVirus 7.10.716 2009.04.25 -

Kaspersky 7.0.0.125 2009.04.26 -

McAfee 5596 2009.04.25 potentially unwanted program ProcKill-BU

McAfee+Artemis 5596 2009.04.25 potentially unwanted program ProcKill-BU

McAfee-GW-Edition 6.7.6 2009.04.26 Riskware.KillApp.A

Microsoft 1.4602 2009.04.26 -

NOD32 4035 2009.04.25 -

Norman 6.00.06 2009.04.24 -

nProtect 2009.1.8.0 2009.04.26 -

Panda 10.0.0.14 2009.04.26 -

PCTools 4.4.2.0 2009.04.26 -

Prevx1 3.0 2009.04.26 Medium Risk Malware

Rising 21.26.62.00 2009.04.26 -

Sophos 4.41.0 2009.04.26 Kill It

Sunbelt 3.2.1858.2 2009.04.24 -

Symantec 1.4.4.12 2009.04.26 -

TheHacker 6.3.4.1.314 2009.04.26 -

TrendMicro 8.700.0.1004 2009.04.25 -

VBA32 3.12.10.3 2009.04.25 -

ViRobot 2009.4.24.1708 2009.04.24 -

VirusBuster 4.6.5.0 2009.04.25 -

 

SetACL.exe

 

Jotti:

Klikk for å se/fjerne innholdet nedenfor

A-Squared

Found nothing

AntiVir

Found APPL/ACLSet

ArcaVir

Found nothing

Avast

Found nothing

AVG Antivirus

Found nothing

BitDefender

Found nothing

ClamAV

Found nothing

CPsecure

Found nothing

Dr.Web

Found nothing

F-Prot Antivirus

Found nothing

F-Secure Anti-Virus

Found nothing

Ikarus

Found nothing

Kaspersky Anti-Virus

Found nothing

NOD32

Found nothing

Norman Virus Control

Found nothing

Panda Antivirus

Found nothing

Quick Heal

Found nothing

Sophos Antivirus

Found nothing

VirusBuster

Found nothing

VBA32

Found nothing

 

Virus Total:

Klikk for å se/fjerne innholdet nedenfor

a-squared 4.0.0.101 2009.04.26 -

AhnLab-V3 5.0.0.2 2009.04.26 -

AntiVir 7.9.0.156 2009.04.25 APPL/ACLSet

Antiy-AVL 2.0.3.1 2009.04.24 -

Authentium 5.1.2.4 2009.04.25 -

Avast 4.8.1335.0 2009.04.25 -

AVG 8.5.0.287 2009.04.26 -

BitDefender 7.2 2009.04.26 -

CAT-QuickHeal 10.00 2009.04.25 -

ClamAV 0.94.1 2009.04.26 -

Comodo 1135 2009.04.25 -

DrWeb 4.44.0.09170 2009.04.26 -

eSafe 7.0.17.0 2009.04.23 -

eTrust-Vet 31.6.6475 2009.04.24 -

F-Prot 4.4.4.56 2009.04.25 -

F-Secure 8.0.14470.0 2009.04.25 -

Fortinet 3.117.0.0 2009.04.26 -

GData 19 2009.04.26 -

Ikarus T3.1.1.49.0 2009.04.26 -

K7AntiVirus 7.10.716 2009.04.25 Trojan.Win32.Malware.1

Kaspersky 7.0.0.125 2009.04.26 -

McAfee 5596 2009.04.25 -

McAfee+Artemis 5596 2009.04.25 -

McAfee-GW-Edition 6.7.6 2009.04.26 Riskware.ACLSet

Microsoft 1.4602 2009.04.26 -

NOD32 4035 2009.04.25 -

Norman 6.00.06 2009.04.24 -

nProtect 2009.1.8.0 2009.04.26 -

Panda 10.0.0.14 2009.04.26 -

PCTools 4.4.2.0 2009.04.26 -

Prevx1 3.0 2009.04.26 -

Rising 21.26.62.00 2009.04.26 -

Sophos 4.41.0 2009.04.26 -

Sunbelt 3.2.1858.2 2009.04.24 -

Symantec 1.4.4.12 2009.04.26 -

TheHacker 6.3.4.1.314 2009.04.26 -

TrendMicro 8.700.0.1004 2009.04.25 -

VBA32 3.12.10.3 2009.04.25 -

ViRobot 2009.4.24.1708 2009.04.24 -

VirusBuster 4.6.5.0 2009.04.25 -

Endret 26. april 2009 av madmats

[snippsat]

"KillIt.exe" er en Procedure Kill utility.

Den er ikke malware,blir flagget som det p.g.a at den kan bli brukt på en malicious måte.

 

SetACL.exe = ok

 

Dobbelklikk avira ikon.

configuration->guard->exception

<bla det fram til disse filer>

Da vil ikke avira varsle noe på disse.

Endret 26. april 2009 av SNIPPSAT

[madmats]

OK Takk for hjelpen.

 

tror muligens avira reagerte på filene fordi jeg huket av for 'Applications' før fullt søk (dette er ikke huket av som standard)

 

fikk lagt de til som exceptions nå (måtte huke av for 'Expert mode' for å få frem exceptions i scan)

Endret 26. april 2009 av madmats