Author Topic: False positive for virus in download?  (Read 9124 times)

0 Members and 1 Guest are viewing this topic.

Offline The_Brush_Geek

  • Newbie
  • *
  • Join Date: Sep 2015
  • Posts: 2
  • Karma: 0
    • View Profile
False positive for virus in download?
« on: September 28, 2015, 05:17:50 pm »
I'm stuck on version 3.2.3.

Whenever I download a file I ALWAYS scan that file before running it. Each time I've tried to update my version of Windows Repair Tool on various newer versions, my anti-malware software (Command Anti-Malware, CSAM) reports an infection and removes the file. The reported infection is W32/GenBI.8ACC50F0!Olympus (the numbers between "GenBI" and "!Olympus") seem to change from release to release but otherwise the reported infection is the same. It does not seem to matter whether I download the file from your site or from Bleeping Computer I always get this same infection reported. I'll see about sending them the file to see if they can determine the problem as well but in the meantime I'm wondering how can I tell that I'm getting a clean download of a non-infected file?   :confused:

Thanks!

Offline Julian

  • "Professional Googler"
  • Global Moderator
  • Hero Member
  • *****
  • Join Date: Jun 2015
  • Posts: 1325
  • Location: USA, New Mexico
  • Karma: 38
    • View Profile
Re: False positive for virus in download?
« Reply #1 on: September 28, 2015, 07:21:03 pm »
Turn off av download the file from here
http://www.tweaking.com/files/setups/tweaking.com_windows_repair_aio_setup.exe
submit to your av it's a false positive.
« Last Edit: September 28, 2015, 07:29:56 pm by Julian »
Julian

Offline The_Brush_Geek

  • Newbie
  • *
  • Join Date: Sep 2015
  • Posts: 2
  • Karma: 0
    • View Profile
Re: False positive for virus in download?
« Reply #2 on: September 29, 2015, 08:07:17 am »
Thanks, Julian, for your quick response. I did not mention that I was attempting to download the portable (.zip) version but substituted that extension in the URL you gave me and got the correct file. It still tests as positive by my AV. I've contacted them to see how to submit a sample file and am still waiting on their response but based on your assurances I'll use this update. Have a good day!

Offline Shane

  • Administrator
  • Hero Member
  • *****
  • Join Date: Sep 2011
  • Posts: 9281
  • Location: USA
  • Karma: 137
  • "Knowledge should be shared not hidden."
    • View Profile
Re: False positive for virus in download?
« Reply #3 on: October 08, 2015, 11:17:41 pm »
Yes, just submit the file to them, that would be very helpful, they will see it is a false positive and remove it.

Almost 99% of anything detected as a "GEN" which stands for generic is a false positive. My stuff constantly gets flagged as a GEN, files I haven't updated in years will get it someday and I am having to always send the files to them to remove the false positive. it is a pain in the butt and the amount of false positives is insane lol

Basically a GEN detection is a "Hey, this file has some bits about it that are close to the bits of a certain virus, even though it isnt the virus we will still falg it"

This is their "Detect new and unknown viruses" scan, which is crap and always have been lol

My programs are made in old school VB6, and so any virus ever written in VB6 causes any small vb6 app to get flagged at some point. As a test I took a new VB6 project, not a single line of code, complied it and uploaded it to virustotal.com and 35 antivirues flagged that empty exe as a GEN virus of all different types. Thats when I knew their scans where crap lol

Then I took the same exe and had VB6 compile it as P-code instead of native code, uploaded it and only 8 flagged it.

So never trust what your AV says right off the bat. And if you ever want to know for sure then upload the file to virustotal.com and see what other AVs say. You will see a lot of times only 1 or 2 flag it while no others do, thats when it is a good chance it is a false positive.

Also keep in mind a lot of AV's share their virus defs. Bitdefender defs seem to be shared the most, so if bitdefender flags something then you will have at least 8 or more on virustotal flag it as the same gen virus as well since they all use the same defs.

Shane