Log in

View Full Version : False Positive Reports (A/V)


jdobbs
31st January 2014, 02:27
lol AVAST Internet security flags the latest bdrb as Win32: EVO [GEN] lolz


Already reported it as false positiveI'm sure it's a false positive, but I'll scan my system just to be sure. Since when does ASPROTECT create a condition? It is a commercial package, and the reason I use it is to prevent others from modifying the code and introducing something foreign. It does a self check.
Kaspersky Pure 3.0 on Windows 8.1 Enterprise reports INSPECT.exe as infected, but not BDRB.exe.That one doesn't even have ASPROTECT engaged.Can someone confirm that the new release no longer flags any of this? I am REALLY TIRED of getting e-mails about this nonsense.

HWK
31st January 2014, 02:37
Can someone confirm that the new release no longer flags any of this? I am REALLY TIRED of getting e-mails about this nonsense.

Would virus total report count.

jdobbs
31st January 2014, 02:45
Would virus total report count.I'm not familiar with that. It seems to only be AVAST and KASPERSKY that had an issue (false positive) -- and they didn't even agree (they flagged two different files). My own virus software (AVG) found everything clean.

I really, really, really, really hate antivirus software. They've managed to progress to a point that they can stop virtually any computer from being useful. In the future the only software that any PC will be allowed to run will be antivirus software. It's kinda' like when you cut the guts out of a shark -- and it swims around in circles consuming itself until it dies.

HWK
31st January 2014, 02:51
I agree and on that account did you consider anti-anti virus to tackle with this nuisance

Virustotal use over 50 vendors including the one giving problem to tell if there is something wrong.

Here is report of inspect.exe

https://www.virustotal.com/en/file/2b1180dd9d01c1e735c59c569b130025d42833787c4a2574c1a86253de63226d/analysis/1391133042/

jdobbs
31st January 2014, 02:56
I agree and on that account did you consider anti-anti virus to tackle with this nuisance

Virustotal use over 50 vendors including the one giving problem to tell if there is something wrong.

Here is report of inspect.exe

https://www.virustotal.com/en/file/2b1180dd9d01c1e735c59c569b130025d42833787c4a2574c1a86253de63226d/analysis/1391133042/Does that mean anything?

HWK
31st January 2014, 03:00
Does that mean anything?

I am not sure, but inspect.exe is flagged by three anti-virus

Baidu-International Worm.Win32.AutoRun.af 20140130
Kaspersky Worm.Win32.Autorun.ghjn 20140131
Panda Suspicious file 20140130

Symantec reputation

Suspicious.Insight

Based On this Avast no longer flags file with definition 20140131, does this answer your question or your still confused?

jdobbs
31st January 2014, 03:03
I am not sure, but inspect.exe is flagged by three av

Baidu-International Worm.Win32.AutoRun.af 20140130
Kaspersky Worm.Win32.Autorun.ghjn 20140131
Panda Suspicious file 20140130

Symantec reputation

Suspicious.Insight

Based On this Avast no longer flags file with definition 20140131, does this answer your question or your still confused?AVAST was flagging BDRB.EXE, not INSPECT.EXE.

The KASPERSKY flag doesn't surprise me. One of the people who sent me an e-mail apparently reported it and they said they'd add it to their "naughty list"... I may have to give it a new name in the future. Ugghhh, what a nightmare.

HWK
31st January 2014, 03:04
AVAST was flagging BDRB.EXE, not INSPECT.EXE.

I am doing right know and will post.

HWK
31st January 2014, 03:07
AVAST was flagging BDRB.EXE, not INSPECT.EXE.

The KASPERSKY flag doesn't surprise me. One of the people who sent me an e-mail apparently reported it and they said they'd add it to their "naughty list"... I may have to give it a new name in the future. Ugghhh, what a nightmare.

Antivirus Result Update

CAT-QuickHeal (Suspicious) - DNAScan 20140130
McAfee-GW-Edition Heuristic.LooksLike.Win32.Suspicious.F 20140131
Symantec WS.Reputation.1 20140131
TrendMicro-HouseCall TROJ_GEN.F47V0125 20140131

[Update]

Advanced heuristic and reputation engines

ClamAV PUA
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: http://www.clamav.net/index.php?s=pua&lang=en .

Symantec reputation Suspicious.Insight


https://www.virustotal.com/en/file/6fe31f2b0a1c812342b76023802ee5bcfbf21a44ed7ae6809a9218b2caeba55d/analysis/1391133866/

BTW: I used BD-RBV04605 for both test

jdobbs
31st January 2014, 03:11
Antivirus nonsense. I had to rename BD-RB once before because of this type of crap.

HWK
31st January 2014, 03:13
Antivirus nonsense. I had to rename BD-RB once before because of this type of crap.
I remember and as a developer which I was once with Java, working around AV is nothing short of nonsense and headache.

Ch3vr0n
31st January 2014, 06:08
46.06 was clean by AIS (temp quarantine had been removed). 46.07 is clean aswell as the virustotal report sais. They fixed it in a VPS update shortly after i reported the issue. All is well again

jdobbs
31st January 2014, 06:45
TrendMicro-HouseCall TROJ_GEN.F47V0125 20140131
I just ran Trend MicroHouse Call with the latest updates, just to see what it says... and it tells me all the files in v0.46.05 are clean. So I don't believe this report is accurate.

jdobbs
31st January 2014, 06:48
46.06 was clean by AIS (temp quarantine had been removed). 46.07 is clean aswell as the virustotal report sais. They fixed it in a VPS update shortly after i reported the issue. All is well againCool.

HWK
31st January 2014, 07:45
I just ran Trend MicroHouse Call with the latest updates, just to see what it says... and it tells me all the files in v0.46.05 are clean. So I don't believe this report is accurate.

hmm, maybe it is just virustotal service being flaky.

Ghitulescu
31st January 2014, 08:00
This is why I insist on having my video computer disconnected from the internet (actually never connected to). Therefore any video-solution that requires non-stop internet connection (like the newer video suites from Adobe and the like) are a no go for me. No virus, no antivirus :) Elementary audio/video data cannot carry a virus.

inge70
31st January 2014, 15:35
first thanks for the great job @ Jdobbs

but be of version 46.05 is the inspect.exe deleted immediately either as Worm.Win32.Autorun.ghjn or now recognized in version 46.07 as Trojan.Win32.Generetic and KAV2014.

The program itself is available.

Have now 2 times written to Kaspersky and said inspect.exe then dispatch, so that finally adapt their database, because until version 46.03, there was the never.

enclosed by the nice messages of KAV2014 for each inspect.exe. Unfortunately, you can not use the current BD_Rebuilder older inspect.exe because then x264, etc. do not recognize

http://imagizer.imageshack.us/v2/640x480q90/850/urpz.jpg

http://imagizer.imageshack.us/v2/640x480q90/850/wkyz.jpg

http://imagizer.imageshack.us/v2/640x480q90/593/3skf.jpg

http://imagizer.imageshack.us/v2/640x480q90/827/q5ie.jpg

Ch3vr0n
31st January 2014, 15:47
just exclude the folder from virus check till they fix it

jdobbs
31st January 2014, 15:52
Please refrain from further posts of this type in the bug thread.

Instead, perhaps you should open a bug thread at Kaspersky's forum and tell them to get their stuff together. I can't fix their software -- but I can definitely suggest you dump it and get something else that doesn't stop you from using your computer. The only way these antivirus hacks will ever learn is when their income stops coming in. Money talks, BS walks.

Reputation? That program has never... not even once... had a trojan or virus associated with it (at least not when it is downloaded from my site).

I wonder how they might feel if every time BD-RB executes it would bring up a message explaining how Kaspersky is a virus? IMHO any software that stops you from effectively using your computer is a virus -- and they've certainly done that.

inge70
31st January 2014, 16:26
I BD_Rebuilder always loaded on your part and to v.46.03 there was never any warnings or the like. which only began with v.46.05. Whatever the reason.

Did the kaspersky types the inspect.exe sent, so that finally adapt their databases again, because it not is virus or trojan. Was so far not the case.

Therefore, it surprised me just why now all of a sudden.

jdobbs
31st January 2014, 16:39
Heuristics. That compile must have randomly had a string of bytes that matched something in their database. That part doesn't really bother me, because it is random chance. The unforgivable part is when they are too lazy to recognize their mistake and do what needs to be done.

I'm seriously thinking about adding a check of the registry -- and refusing to operate on a computer that has Kaspersky installed.

inge70
31st January 2014, 17:18
if they think that they have to exclude user who use kaspersky on their PC's, then they do it. but that fixes the problem, unfortunately, is not in itself. especially since it is "only" around the inspect.exe goes. everything else is so great, as it always was.

Here the problem is with Kaspersky and other antivirus vendors and over which the Report and can inform you about you not as a user.
I've sent it to kaspersky types. more you can do, especially since I'm a donor for your software, as it is unique as a user.

well, let's wait if kaspersky aäußert itself. I'll post it here accordingly.

until then, a nice weekend

jdobbs
31st January 2014, 18:35
if they think that they have to exclude user who use kaspersky on their PC's, then they do it. but that fixes the problem, unfortunately, is not in itself. especially since it is "only" around the inspect.exe goes. everything else is so great, as it always was.

Here the problem is with Kaspersky and other antivirus vendors and over which the Report and can inform you about you not as a user.
I've sent it to kaspersky types. more you can do, especially since I'm a donor for your software, as it is unique as a user.

well, let's wait if kaspersky aäußert itself. I'll post it here accordingly.

until then, a nice weekendIn the meantime you can probably just rename the file.

inge70
31st January 2014, 19:33
rename itself unfortunately does nothing. the kaspersky deletes it then also. but no matter
I just left the inspect.exe away until kaspersky sees finally that there is no virus or trojan file .. ;)

the program BD_Rebuilder still run fine. as always, clean work. THX :)

Goodyear2001
2nd February 2014, 14:33
I have a big problem when uncompress BDRebuilder 4607 on my desktop. Kaspersky Internet Security 2013 reports inspect.exe as a Worm.Win32.autorun.ghml, and will be deleted immediately! In earlier versions from BDRebuilder, I do not have this problem.

Sorry for my bad Englisch !

Ch3vr0n
2nd February 2014, 14:46
thats a false positive, its kaspersky screwing up, you need to contact them. In the mean time simply add the bdrb to your virus scanners exclusion list (list with files/folders NOT TO SCAN)

laserfan
2nd February 2014, 14:49
I have a big problem when uncompress BDRebuilder 4607 on my desktop. Kaspersky Internet Security 2013 reports inspect.exe as a Worm.Win32.autorun.ghml, and will be deleted immediately! In earlier versions from BDRebuilder, I do not have this problem.

Sorry for my bad Englisch !

Goodyear2001 yours is not a BD-RB problem but rather a Kaspersky problem. You need either to disable it altogether or find a way to get Kaspersky to ignore the BD-RB executables.

inge70
2nd February 2014, 16:15
I have sent this same problem and inspect.exe already kaspersky. apparently the a few days ago their database have fed on garbage and now comes this wrong message. This message appears since version 46.05. but only at inspect.exe.
BD_rebuilder you can still use it without problems.

Now wait until the kaspersky types to Flag it. until then I use BD just without the inspect.exe :)

Jdobbs can not help it, but Kaspersky.

jdobbs
2nd February 2014, 17:33
I guess the question is: Why do you spend money on a package that causes you these kinds of headaches? I'd dump Kaspersky, and tell them why. There are plenty of better A/V packages out there. AVG even has a free one.

Goodyear2001
3rd February 2014, 17:28
I have sent Kaspersky the file with the request to correct the error

Groucho2004
3rd February 2014, 18:22
@AV software users
Did your AV software actually ever prevent an "infection"?
I have been using the internet for about 20 years and never used AV software. I caught a worm once 12 years ago (don't remember the name but it caused a lot of havoc back then) but I sorted it out in five minutes by restoring my OS Ghost image.
Of course I use a SW firewall with proper rulesets.

Am I just incredibly lucky? Do many people need AV software because they click "OK" in every shady web dialog, download "IWillScrewUpYourComputer.exe" and run it?

laserfan
3rd February 2014, 18:47
@AV software users
Did your AV software actually ever prevent an "infection"?
I have been using the internet for about 20 years and never used AV software. I caught a worm once 12 years ago (don't remember the name but it caused a lot of havoc back then) but I sorted it out in five minutes by restoring my OS Ghost image.
Of course I use a SW firewall with proper rulesets.

Am I just incredibly lucky? Do many people need AV software because they click "OK" in every shady web dialog, download "IWillScrewUpYourComputer.exe" and run it?
My first modem was a 300 BAUD Hayes back in the late 1970s, when there wasn't much you could get into trouble with; I recall finding some BBS to comm with.

Like you I can count on one hand the number of problems I've had over the years, one really scary situation where windows started popping-open everywhere that I recall was something of a pi$$er to fix.

I started using Acronis maybe 10 years ago for backups and today do have COMODO Internet Security and WinPatrol running on my PCs, as much because I like to know exactly what-is-going-on-with-what than owing to fear of an infection or malware.

I'm irritated to no end that computer makers preinstall stuff on their PCs which novices leave there and which eventually causes trouble for them. When I'm called-in to help I always clean that stuff off their computers and usually leave them with MS Security Essentials running. Not sure how much it helps folks but it's as tame as they come from an end-user interaction perspective.

Groucho2004
3rd February 2014, 19:04
I'm irritated to no end that computer makers preinstall stuff on their PCs which novices leave there and which eventually causes trouble for them.
Ha, I didn't even consider that because I've never bought a pre-assembled PC. I always buy the parts and put them together.

laserfan
3rd February 2014, 21:07
Ha, I didn't even consider that because I've never bought a pre-assembled PC. I always buy the parts and put them together.
Me too, but I prefer to let my friends & relatives buy pre-assembled PCs (where I live they tend to buy Dells) so when they break they can call someone else!

;):D

I did buy my sister a pre-built ASUS recently as a gift, and along with that a 3-year in-home service plan. I like being the smartest-PC-guy-around but then again I don't need another career (I'm retired) and have my hands full as it is with answering questions and untangling software issues for folks...

Goodyear2001
3rd February 2014, 21:41
Here is the answer that I received from Kaspersky

New malicious software was found in this file. It's detection will be included in the next update. Thank you for your help.

What funny that Kaspersky is now no longer complains when I inspect.exe open

jdobbs
3rd February 2014, 23:50
Here is the answer that I received from Kaspersky

New malicious software was found in this file. It's detection will be included in the next update. Thank you for your help.

What funny that Kaspersky is now no longer complains when I inspect.exe open I'm deleting INSPECT from the next release. If you want to check your settings I'll make it where it is just another menu option in BD-RB.

Goodyear2001
4th February 2014, 00:04
Now I get this message from Kaspersky:

Hello,

Sorry, it was a false detection. It will be fixed in the next update.
Thank you for your help.

Best regards,

I think they know not what they do:confused::mad:

jdobbs
4th February 2014, 00:07
Now I get this message from Kaspersky:

Hello,

Sorry, it was a false detection. It will be fixed in the next update.
Thank you for your help.

Best regards,

I think they know not what they do:confused::mad:No surprise from me.

inge70
4th February 2014, 16:15
Yes, Kaspersky has fixed. inspect.exe is no more than virus detected. now everything is finally back in order. at least you have given to the error.

have fun @ all :)