Detected trojan : Win32.Troj.Kryptic.a (kcloud)

[hpchavaz]

I just updated FARR and got a trojan detected warning from Kingsoft Pc Doctor :
Win32.Troj.Kryptic.a (kcloud) for FindAndRunRobot.exe

[KynloStephen66515]

Did you download Direct from here at DonationCoder? - If so, please provide the link you used.

NB: If it WAS from here at DC, then there is a 99.99% that this, is a false-positive

[hpchavaz]

I updated via DcUpdater.

Microsoft Security Essentials finds nothing.

[KynloStephen66515]

Yeah, I am 99.99% sure this is a false positive.

False Positive? Whats One Of Those???

A false positive, also known as a false detection or false alarm, occurs when an antivirus program detects a known virus string in an uninfected file. The file, while not infected with an actual virus, does contain a string of characters that matches a string from an actual virus.

A false positive can also occur when a program performs an action, which appears to the antivirus program to be a virus-like activity.

Examples of such activity can include, but are not limited to, writing to the master boot record of the hard disk, making changes to a system file, or running a custom macro in a program such as Microsoft Word.

False detections, once confirmed by the security company in question, are usually corrected as soon as possible

Thank you for pointing this out

[Ath]

trojan detected warning from Kingsoft Pc Doctor

-hpchavaz (March 05, 2012, 04:00 PM)

What's a "Kingsoft Pc Doctor"? Eatable? Or the local PC guru?

If uncertain, at least ask Jotti or and another on-line scan service.

[hpchavaz]

ok next time I will jotti.

[KynloStephen66515]

ok next time I will jotti.

-hpchavaz (March 05, 2012, 04:46 PM)

If you get any more reports of this, please let us know ASAP

It is NEVER bad to report anything like this, here

Thanks again

[db90h]

And when people eventually grow weary of reporting false positives individually, all over the net, perhaps hundreds a day, then you can visit http://falsepositivereport.org . I doubt the site will ever take off, to be honest. However, it is monitored by representatives of the major security industry products, and almost all reports have led to timely fixes (though that isn't guaranteed).

Some may call it 'shame and name', and indeed we must document occurrences like this in an effort to DETER them. Else, they become another way to scare users into purchasing security software.

As for how to check a detection, the best service remains http://virustotal.com . Any time you have a detection, run it through that site, and it will give you the results of over 40 different security software suites. A false positive would typically show up in 1-5 of them (as some use the same engine, especially the smaller vendors). A real detection is more likely to show up on almost all of them.