Перейти к содержимому


Фото
- - - - -

Mirekusoft False Positive

false positive

  • Please log in to reply
11 ответов в этой теме

#1 Mirekusoft

Mirekusoft

    Newbie

  • Posters
  • 6 Сообщений:

Отправлено 01 Декабрь 2016 - 18:10

I'd like to ask for your help. How do I go about removing the false positive DRWeb is giving to virustotal.com. I've already contacted virustotal and they said only drweb can remove it. I have already send our files here https://vms.drweb.com/sendvirus/?lng=en and got an email that it was fixed (see below) but DRWeb still shows false positive via virustotal. The free version of my software (32 bit, 64 bit, and XP) are all false positive. I appreciate any help on this. 

 

I tried attaching the exes here but I'm getting an error. The exes can be downloaded here - mirekusoft.com/downloads. 

 

Thanks!

 

 



#2 Dmitry_rus

Dmitry_rus

    Guru

  • Helpers
  • 3 621 Сообщений:

Отправлено 01 Декабрь 2016 - 18:27

Check your files again at http://vms.drweb.com/

Any detection?



#3 sergeyko

sergeyko

    Guru

  • Dr.Web Staff
  • 3 925 Сообщений:

Отправлено 01 Декабрь 2016 - 18:28

Please show the exact answer you've got from the VMS.
Sergey Komarov
R&D www.drweb.com

#4 Mirekusoft

Mirekusoft

    Newbie

  • Posters
  • 6 Сообщений:

Отправлено 10 Декабрь 2016 - 10:13

Here's the result from VMS. It shows "Clean". Please let me know what the next step is. 

 

 Screenshot_195.png



#5 Dmitry_rus

Dmitry_rus

    Guru

  • Helpers
  • 3 621 Сообщений:

Отправлено 10 Декабрь 2016 - 13:20

If our VMS shows that your files are clean - everything is fine. False detection removed. If not - please update your AV.



#6 Mirekusoft

Mirekusoft

    Newbie

  • Posters
  • 6 Сообщений:

Отправлено 20 Декабрь 2016 - 17:54

I can confirm that two of our versions no longer return with false positives. Thank you! Our third one though does not have a "Clean" analysis from VMS instead it returns with "Suspicious". What does this mean? Can you please tell us the process for this? Thanks again!  



#7 Mirekusoft

Mirekusoft

    Newbie

  • Posters
  • 6 Сообщений:

Отправлено 20 Декабрь 2016 - 18:42

One thing that I'd like to add though is that our XP version is basically the same as our other version except that it supports XP. I don't understand why it will have a different scan results as the other versions. Appreciate your help on this guys. 



#8 Dmitry_rus

Dmitry_rus

    Guru

  • Helpers
  • 3 621 Сообщений:

Отправлено 21 Декабрь 2016 - 01:15

Mspydll.dll probably infected with MULDROP.Trojan

If you see "probably infected", it means that it wasn't signature detection, but heuristic analisys detection.

Heuristics are complicated and sophisticated things which allow to protect users from very new and (yet) unknown viruses/trojans. Like any complex thing, heuristic analyzer can make mistakes.

Please send your file to us:

https://vms.drweb.com/sendvirus/?lng=en

Submission category: False detection by Dr.Web heuristic analyzer.

Thanks for your feedback! :)



#9 Mirekusoft

Mirekusoft

    Newbie

  • Posters
  • 6 Сообщений:

Отправлено 28 Декабрь 2016 - 08:45

Thank you sir @Dmitry_rus! You've been very responsive and helpful. I have already submitted my xp version to the URL you shared and used the same category. How long will the analysis take? 



#10 Dmitry_rus

Dmitry_rus

    Guru

  • Helpers
  • 3 621 Сообщений:

Отправлено 28 Декабрь 2016 - 13:21

About 2-3 business days. When did you send your version?



#11 Mirekusoft

Mirekusoft

    Newbie

  • Posters
  • 6 Сообщений:

Отправлено 30 Декабрь 2016 - 05:42

I sent 2 days ago, December 28, 2016. This is the assigned ID - [drweb.com #7414568]. Thanks again for the help!

 

About 2-3 business days. When did you send your version?



#12 Dmitry_rus

Dmitry_rus

    Guru

  • Helpers
  • 3 621 Сообщений:

Отправлено 30 Декабрь 2016 - 13:03

OK, I'll care about it.

Next time, if processing too long (more than 1 day), drop a message to https://forum.drweb.com/index.php?showforum=49





Also tagged with one or more of these keywords: false positive

Читают тему: 1

0 пользователей, 1 гостей, 0 скрытых