PDA

View Full Version : probable false positive


I I I I
03-04-2009, 10:12 AM
Hi all.

I have PC Tools Antivirus 6,and I'm using it from some months, without any problem.

Today it detect this file : C:\PROGRAMMI\MICROSOFT\SEARCH ENHANCEMENT PACK\SEASHADOW\SEASHADO.DLL

as Trojan.CDur .

The report is that :

PC Tools AntiVirus Activity Report
Generated on: 04/03/2009 7.32.06

Scan Information:


Object Name Status Action Infection Date and Time


C:\PROGRAMMI\MICROSOFT\SEARCH ENHANCEMENT PACK\SEASHADOW\SEASHADO.DLL Infected Quarantined Trojan.CDur 04/03/2009 7.32.11







C:\PROGRAMMI\MICROSOFT\SEARCH ENHANCEMENT PACK\SEASHADOW\SEASHADO.DLL Infected Quarantined Trojan.CDur 04/03/2009 7.32.11







C:\PROGRAMMI\MICROSOFT\SEARCH ENHANCEMENT PACK\SEASHADOW\SEASHADO.DLL Infected Quarantined Trojan.CDur 04/03/2009 7.32.12


Probably it is a false positive, because only PC Tools Antivirus detect it :

http://www.virustotal.com/it/analisis/d448de2568fd5e00511dba2679719224

I have restored the file from the quarantine,and save the log of PC Tools Antivirus. Now I'm going to uninstall all the antivirus and the firewall in my pc in order to do a system restore point (for a my little problem with a software) and then I will reinstall PC Tools Antivirus and PC Tools firewall.

Could you fix the false positive?
fblais
03-05-2009, 01:30 AM
If it's a FP, why do all this?
You just need to send it to PCTools for analysis.
From the Quarantine folder, there's a function for that, if I recall correctly.
AChen
03-05-2009, 04:00 AM
Hi Guys,

This is a FP and we are currently looking into this and will resolve the issue shortly.
I I I I
03-05-2009, 01:44 PM
Hi Guys,

This is a FP and we are currently looking into this and will resolve the issue shortly.


Ok,Thank you very much! Now,with the last update, the FP is resolved :) ! http://www.virustotal.com/it/analisis/599413f9b41aa6fb8d0acd93c62b74f5

very good.






If it's a FP, why do all this?
You just need to send it to PCTools for analysis.
From the Quarantine folder, there's a function for that, if I recall correctly.

Where ? Where I can Send a suspicious file from the quarantine?

http://www.mediafire.com/imageview.php?quickkey=mtkwje1y33z&thumb=4

And where i can send it for analisys? it is not a "suspected spyware sample" ( http://www.pctools.com/it/mrc/submit/ ), but a FP.
AChen
03-05-2009, 11:15 PM
Ok,Thank you very much! Now,with the last update, the FP is resolved :) ! http://www.virustotal.com/it/analisis/599413f9b41aa6fb8d0acd93c62b74f5

very good.

Where ? Where I can Send a suspicious file from the quarantine?

http://www.mediafire.com/imageview.php?quickkey=mtkwje1y33z&thumb=4

And where i can send it for analisys? it is not a "suspected spyware sample" ( http://www.pctools.com/it/mrc/submit/ ), but a FP.

Could you please send the file seashado.dll to my email address. I sent you a PM with the details :)
I I I I
03-07-2009, 12:05 PM
Could you please send the file seashado.dll to my email address. I sent you a PM with the details :)

Ok, I send the file. :)

But I saw that since thursday the Fp is resolved.