False Positive Win32.induc
#1
Отправлено 07 Октябрь 2009 - 21:05
We are developers of Compare Suite application (http://comparesuite.com/), AKS-Labs team. According to your product "DrWeb" Compare Suite infected by "Win32.Induc" virus. We are absolutely sure that it's not true. We want to report you about false positive reading.
Please check it and fix.
Best Regards,
AKS-Labs Team
#2
Отправлено 07 Октябрь 2009 - 21:18
Hello
We are developers of Compare Suite application (http://comparesuite.com/), AKS-Labs team. According to your product "DrWeb" Compare Suite infected by "Win32.Induc" virus. We are absolutely sure that it's not true. We want to report you about false positive reading.
Please check it and fix.
Best Regards,
AKS-Labs Team
Send file via https://vms.drweb.com/sendvirus/?lng=en and choose category "False alarm".
Write ticket number in this topic.
Личный сайт по Энкодерам - http://vmartyanov.ru/
#3
Отправлено 07 Октябрь 2009 - 21:18
#5
Отправлено 08 Октябрь 2009 - 23:55
The bad thing is that Russian and German versions are also seems to be infected but not detected by Dr.Web.Unfortunately, it is the truth and "comparesuite.exe" really infected.We are absolutely sure that it's not true
Read this for more information.
Here some links:
online.drweb.com scan results - http://online.us.drweb.com/cache/?i=5ed4b7...bc2a1fe528211c6
http://online.us.drweb.com/cache/?i=204ca7...907a99eaeeed6f3
virustotal.com results for the files with same md5 http://www.virustotal.com/analisis/57e629a...dc6a-1253954587
http://www.virustotal.com/analisis/6b32a47...8b03-1255034882
It seems that fly-code fails to unpack the contents of the infected file in Russian and German versions, but successfully copes with the customised packer in English one.
I haven't checked over the French and Spanish versions though.
Читают тему: 1
0 пользователей, 1 гостей, 0 скрытых