Перейти к содержимому


Фото
- - - - -

False Positive Win32.induc

Автор Aks-Labs , окт 07 2009 21:05

  • Please log in to reply
5 ответов в этой теме

#1 Aks-Labs

Aks-Labs

    Newbie

  • Members
  • 1 Сообщений:

Отправлено 07 Октябрь 2009 - 21:05

Hello

We are developers of Compare Suite application (http://comparesuite.com/), AKS-Labs team. According to your product "DrWeb" Compare Suite infected by "Win32.Induc" virus. We are absolutely sure that it's not true. We want to report you about false positive reading.
Please check it and fix.

Best Regards,
AKS-Labs Team

#2 v.martyanov

v.martyanov

    Guru

  • Virus Analysts
  • 8 308 Сообщений:

Отправлено 07 Октябрь 2009 - 21:18

Hello

We are developers of Compare Suite application (http://comparesuite.com/), AKS-Labs team. According to your product "DrWeb" Compare Suite infected by "Win32.Induc" virus. We are absolutely sure that it's not true. We want to report you about false positive reading.
Please check it and fix.

Best Regards,
AKS-Labs Team


Send file via https://vms.drweb.com/sendvirus/?lng=en and choose category "False alarm".

Write ticket number in this topic.

Личный сайт по Энкодерам - http://vmartyanov.ru/

#3 risl

risl

    Member

  • Posters
  • 228 Сообщений:

Отправлено 07 Октябрь 2009 - 21:18

https://vms.drweb.com/sendvirus/

Select "false detection" and upload the file

#4 oav

oav

    Member

  • Posters
  • 122 Сообщений:

Отправлено 08 Октябрь 2009 - 01:53

We are absolutely sure that it's not true

Unfortunately, it is the truth and "comparesuite.exe" really infected.
Read this for more information.

#5 ArD

ArD

    Member

  • Posters
  • 102 Сообщений:

Отправлено 08 Октябрь 2009 - 23:55

We are absolutely sure that it's not true

Unfortunately, it is the truth and "comparesuite.exe" really infected.
Read this for more information.

The bad thing is that Russian and German versions are also seems to be infected but not detected by Dr.Web.
Here some links:
online.drweb.com scan results - http://online.us.drweb.com/cache/?i=5ed4b7...bc2a1fe528211c6
http://online.us.drweb.com/cache/?i=204ca7...907a99eaeeed6f3

virustotal.com results for the files with same md5 http://www.virustotal.com/analisis/57e629a...dc6a-1253954587
http://www.virustotal.com/analisis/6b32a47...8b03-1255034882

It seems that fly-code fails to unpack the contents of the infected file in Russian and German versions, but successfully copes with the customised packer in English one.
I haven't checked over the French and Spanish versions though.

#6 C.S.J

C.S.J

    Member

  • Posters
  • 199 Сообщений:

Отправлено 29 Ноябрь 2009 - 03:54

We are absolutely sure that it's not true

Unfortunately, it is the truth and "comparesuite.exe" really infected.
Read this for more information.

lol, i found this quite funny to read in regards to the original post.

must be my english humor :)
Назад к Common questions (English)

Читают тему: 1

0 пользователей, 1 гостей, 0 скрытых

  1. Dr.Web forum
  2. English forums
  3. Common questions (English)
  4. Privacy Policy
  5. Terms & Rules ·