Author Topic: Build 6 virus reports  (Read 8641 times)

raypozas

  • Guest
Build 6 virus reports
« on: April 26, 2008, 10:25:29 pm »
Upgrading from build 5.9 stopped by Comodo BOClean. Submitted Bit_che.exe to jotti.org and virustotal.com

On jotti.org         VBA32 antivirus     Found Backdoor.XiaoBird.47 (paranoid heuristics) (probable variant).
On virustotal.com
AVG                       7.5.0.516        2008.04.24    found Klone
F-Secure              6.70.13260.0   2008.04.24   found Suspicious:W32/Malware!Gemini
Prevx1                       V2                  2008.04.24   Heuristic: Suspicious File With Anti-Debug Technology
VBA32                      3.12.6.5       2008.04.24   suspected of Backdoor.XiaoBird.47 (paranoid heuristics)
Webwasher-Gateway 6.6.2         2008.04.24  Win32.Malware.gen (suspicious)

Are these false positives?

Offline Quantum

  • Ascended One
  • Hero Member
  • *****
  • Posts: 782
  • Karma: +206/-0
  • Daniel Jackson is looking at you!
    • View Profile
Re: Build 6 virus reports
« Reply #1 on: April 27, 2008, 12:33:44 am »
Are these false positives?

Yes, at a guess it's to do with the new packer that Bit Che uses.
Daniel: "This tastes like chicken."
Carter: "So what's wrong with it?"
Daniel: "It's macaroni and cheese."

Offline TheHalf™

  • The"better"Half™
  • Hero Member
  • *****
  • Posts: 726
  • Karma: +166/-0
  • Road Runner H.S.I. 30Mbps/5Mbps
    • View Profile
    • Bit Che
Re: Build 6 virus reports
« Reply #2 on: April 27, 2008, 01:01:20 am »
hello everyone..  this is definitely a FALSE POSITIVE detection. Bit Che is NOT infected.

i use a file packer to keep the file size down and also to ensure that Bit Che can't be infected with a virus. the file packer checks itself to see if bit_che.exe has been modified (by a virus or anything else) and will not start up if it has been modified.

the problem is that from time to time, virus creators themselves will use similar file packers and then AntiVirus companies do their best to determine what is actually a virus and what isnt. in this case, the latest AVG updates are detecting Bit Che as infected with a virus that it IS NOT. this is actually more common than you would think with AntiVirus companies.

here is an online scan using the latest updates:

http://www.virustotal.com/analisis/cf7599bfdb5f6232befbda1f7409e035

as you can see, AVG is the only one reporting Bit Che as infected, and the 4 others are simply saying.. hey this file is suspicious (not a big deal). the 27 other virus scanners detect it as CLEAN, as it should.


so what do we do about this? well.. we need to let AVG know that they have a false positive detection.

from the FAQ for AVG:  http://www.grisoft.com/ww.faq.num-1203#faq_1203

Quote
In case AVG detects some file on your PC as infected, this file was moved to AVG Virus Vault, and you are sure that this file is correct and clean, it is possible that the detected file is a false alarm.
If so, we shall prepare the correction as soon as possible.
Unfortunately, false alarms do appear from time to time in every Anti-Virus software.

To solve the problem, please send us this file for analysis directly from the AVG program this way:

    * Open AVG User Interface.
    * Choose the "Virus Vault" option from the "History" menu.
    * Select the false positive file (one click) and click on the "Send to analysis" button.
    * Fill in your e-mail address
    * Confirm the dialog


This way file will be sent to our virus specialists for analysis and we will inform you about the result.


If all of you can please report this to AVG as soon as possible, they should remove this from their virus detection soon.


Also, I dont have AVG installed (yet), so could you guys report back if you have done the above steps to submit the file?


Thanks!

-chip


PS, if you haven't already and would like to continue using Bit Che 1.0 build 60, you can add Bit_Che.exe to your exception list to avoid having AVG detect it, until they update their definitions :)

continued...
Good news, AVG Technical Support wrote back:   :)
   

Dear Sir/Madam,

thank you for your email.

We can confirm that it was a false alarm. This false will be fixed in
next AVG update. Please make sure that your AVG is actual.

If you need to restore deleted files from AVG Virus Vault you can do
it this way:

A) Using AVG 7.5
- Open AVG Virus Vault (Start -> Programs -> AVG 7.5 -> AVG Virus
Vault).
- Locate the file that was incorrectly removed.
- Right click on it and choose the "Restore File(s)" option.

B) Using AVG 8
- Open AVG user interface.
- Choose "Virus Vault" option from the "History" menu.
- Locate the file that was incorrectly removed and select it (one
click).
- Click on the "Restore" button.

We are sorry for the inconvenience. Thank you for your cooperation.

    Best regards,

    Karel Bachura
    AVG Technical Support

website: http://www.avg.com
mailto: support@avg.com


Or just click there----> http://convivea.com/forums/index.php?topic=1068.0

TheHalf™

Offline chip!

  • Bad Ass
  • Administrator
  • Unstoppable
  • *****
  • Posts: 2301
  • Karma: +629/-6
    • View Profile
Re: Build 6 virus reports
« Reply #3 on: April 27, 2008, 03:12:39 am »
They are all false positives. I have emailed several more of those AV companies to fix the false positive detection.

For Comodo BOClean, do you remember or have a log to show what Bit Che was detected as?
  -  https://convivea.com  -   And...  boom goes the dynamite.