ATTENTION: You are viewing a page formatted for mobile devices; to view the full web page, click HERE.

Main Area and Open Discussion > Living Room

How's *that* for a false positive? And is it? (Avira AV)

(1/4) > >>

tranglos:
My XP doesn't have that much life left in it before I upgrade to 7, so, out of boredom and sheer malice, I re-enabled Windows Update after a long hiatus, to see what gifts it would bring. And lo, I am bored no longer!



I got three such screens in sequence. I am of course assuming it is a false positive, but I still clicked Deny, because (unlike UAC :) ) anti-virus software is often useful and I won't ignore its advice blindly. AV heuristics is off, by the way, so Avira must have seen something it knows to be wicked.

What to do, what to do? Trust that no-one hacked into Windows Update servers and placed a trojan there, or trust Avira knows a trojan when it sees one? It's almost like Russian Roulette, isn't it?






mouser:
What you do is go track down that file, and upload it to a site that will scan it with lots of antivirus programs, like http://www.virustotal.com/
Then you'll have a second and third and fourth opinion.

mouser:
And you also search for information on the reported malware found, in your case "tr_crypt.xpack.gen", and when you do you realize the "gen" stands for generic, which is your first signal that this is probably a false positive.  more info:
http://www.avira.com/en/threats/section/fulldetails/id_vir/3488/tr_crypt.xpack.gen.html

i have written over and over again, and am getting sick of repeating myself, that antivirus companies MUST STOP this ridiculous behavior where they report wild guesses as confident detections.  it is absolutely inexcusable.

tranglos:
The file is no longer there - as you can see from the filename, it was a temporary file. Either it got successfully renamed to who-knows-what, or Avira prevented storing the file, or it was a "system temp" file and got automatically unlinked as soon as the downloader closed it.

i have written over and over again, and am getting sick of repeating myself, that antivirus companies MUST STOP this ridiculous behavior where they report wild guesses as confident detections.  it is absolutely inexcusable.
-mouser (November 30, 2009, 05:00 PM)
--- End quote ---

No, it's all just harmless fun! :)

mouser:
this is another pet peeve i have, antivirus alert windows that dont show you the full filename of the detected file. these companies seem so damned determined to not let the user figure out what is going on.

Navigation

[0] Message Index

[#] Next page

Go to full version