[Solved] FreeFileSync - Is it False Positive ?

A problem using LiberKey ?
16 messages • Page 1 sur 21, 2

[Solved] FreeFileSync - Is it False Positive ?

Messagede akhouri_sarvesh » 09 Mars 2010, 15:02

Today my Avira Anti-Virus [Avira Premium Security - Product version 9.0.0.392, Search Engine version 8.02.01.180] started giving alert! for file "RealtimeSync.exe" residing inside the application folder of "FreeFileSync" as ADSPY/AdMedia.IB Adware or Spyware.

I uploaded the file to virustotal.com and got the following results 4/42 (9.53%).

The report link is here

Any Idea?? :sick: Is it a FALSE POSITIVE?? OR....
Dernière édition par akhouri_sarvesh le 12 Mars 2010, 23:05, édité 1 fois.
Avatar de l’utilisateur
akhouri_sarvesh
Senior Boarder
Senior Boarder
 
Messages: 213
Inscription: 17 Septembre 2009, 12:10

Re: FreeFileSync - Is it False Positive ?

Messagede JP4U » 09 Mars 2010, 15:16

Hello akhouri_sarvesh.

It's very certainly a false positive.Result on Virus Total indicate : Riskware, potentially unwanted program, or not a virus.

:-( When an app accesses processes near the core of Windows they are often regarded as potentially dangerous by the antivirus. The more processes are neighbors, the more they are often regarded as dangerous.


JP4U
Avatar de l’utilisateur
JP4U
Team LiberKey
Team LiberKey
 
Messages: 3012
Inscription: 30 Mars 2007, 13:58

Re: FreeFileSync - Is it False Positive ?

Messagede Dji » 09 Mars 2010, 15:19

False positive or real adware ?
Identified by Kaspersky as an Adware...
"Si boire des coups, aller au concert ou au match, ça devient un combat
Alors tremblez, terroristes !
Parce qu'on est surentraînés !"
@glecalot
Avatar de l’utilisateur
Dji
Administrator
Administrator
 
Messages: 3724
Inscription: 28 Novembre 2007, 09:57
Localisation: Quelque part entre les ombres

Re: FreeFileSync - Is it False Positive ?

Messagede skybird » 09 Mars 2010, 15:28

Issue is reported on bugs tracker page.
skybird
Gold Boarder
Gold Boarder
 
Messages: 1766
Inscription: 10 Octobre 2007, 10:45

Re: FreeFileSync - Is it False Positive ?

Messagede akhouri_sarvesh » 09 Mars 2010, 15:29

You are right. But I was little confused because although
  • aSquared detected it as Riskware.AdWare.Win32.AdMedia!IK
  • Ikarus detected it as not-a-virus:AdWare.Win32.AdMedia
  • Kaspersky detected it as not-a-virus:AdWare.Win32.AdMedia.ib
BUT
McAfee+Artemis detected it as potentially unwanted program Artemis!C4EF8C3AF93A.

It is not a virus - but could it be a adware/spyware? :whistle: still a threat !!....
Avatar de l’utilisateur
akhouri_sarvesh
Senior Boarder
Senior Boarder
 
Messages: 213
Inscription: 17 Septembre 2009, 12:10

Re: FreeFileSync - Is it False Positive ?

Messagede Dji » 09 Mars 2010, 15:34

If you want to validate if it is an adware, you can check (and clean) the admedia traces in registry and windows folder:
http://www.exterminate-it.com/malpedia/remove-admedia
"Si boire des coups, aller au concert ou au match, ça devient un combat
Alors tremblez, terroristes !
Parce qu'on est surentraînés !"
@glecalot
Avatar de l’utilisateur
Dji
Administrator
Administrator
 
Messages: 3724
Inscription: 28 Novembre 2007, 09:57
Localisation: Quelque part entre les ombres

Re: FreeFileSync - Is it False Positive ?

Messagede akhouri_sarvesh » 09 Mars 2010, 15:39

skybird a écrit:Issue is reported on bugs tracker page.

Thanks for the Info !!
Dji a écrit:If you want to validate if it is an adware, you can check (and clean) the admedia traces in registry and windows folder:
http://www.exterminate-it.com/malpedia/remove-admedia

Thanks for the link. I will try to check.
Avatar de l’utilisateur
akhouri_sarvesh
Senior Boarder
Senior Boarder
 
Messages: 213
Inscription: 17 Septembre 2009, 12:10

Re: FreeFileSync - Is it False Positive ?

Messagede skybird » 10 Mars 2010, 10:39

Hello akhouri,

Some news :
zhnmju123 (FreeFileSync Project Administrator) a écrit:Definitively a false positive:
I recompiled v3.4 again:
http://www.file-upload.net/download-233 ... c.exe.html

The total difference of v3.4 new and v3.4 official is 6 bytes! Still
totally different virus scanners suddenly find this adware. This is clearly
a heuristic failing its job:

official:
http://www.virustotal.com/analisis/8ec8 ... 1268121250
new:
http://www.virustotal.com/de/analisis/0 ... 1268157216
skybird
Gold Boarder
Gold Boarder
 
Messages: 1766
Inscription: 10 Octobre 2007, 10:45

Re: FreeFileSync - Is it False Positive ?

Messagede akhouri_sarvesh » 12 Mars 2010, 00:12

Thanks for the News !!

I will wait for the new release....

Since it is mentioned by the Author that 3.3 version also had some virus type patterns.

I am not sure WHY a virus type pattern may not be a virus indeed ? :sick:
Avatar de l’utilisateur
akhouri_sarvesh
Senior Boarder
Senior Boarder
 
Messages: 213
Inscription: 17 Septembre 2009, 12:10

Re: FreeFileSync - Is it False Positive ?

Messagede Dji » 12 Mars 2010, 09:23

heuristic detection is not an exact science ;-)
"Si boire des coups, aller au concert ou au match, ça devient un combat
Alors tremblez, terroristes !
Parce qu'on est surentraînés !"
@glecalot
Avatar de l’utilisateur
Dji
Administrator
Administrator
 
Messages: 3724
Inscription: 28 Novembre 2007, 09:57
Localisation: Quelque part entre les ombres

Suivante

16 messages • Page 1 sur 21, 2

Retourner vers Support

Qui est en ligne

Utilisateurs parcourant ce forum: Google [Bot] et 214 invités

cron