6 replies to this topic

[TeMerc]

One of my users alerted me to this one while he was clicking a link on my site. He said his avast went off, so I told him to upload it to VT:
File Download_mbam-setup.exe received on 11.10.2008 08:26:13 (CET)
Result: 1/36 (2.78%)

SecureWeb-Gateway 6.7.6 2008.11.10 Win32.Malware.dam (suspicious)

My avast went off when I downloaded it and the following is in the log report.
11/10/2008 12:34:59 AM 1226302499 SYSTEM 1480 Sign of "Win32:Downloader-BVO [Trj]" has been found in "C:\Documents and Settings\TeMerc\Desktop\Download_mbam-setup.exe" file.

avast info:
v4.8 Home Edition, compilation date of 11/09 with file version 081109-0

I've just posted @ the avast forum about it. Not sure where to go for SecureWeb, but figure you guys will know who to contact.


TeMerc

[YoKenny1]

Quote

I've just posted @ the avast forum about it. Not sure where to go for SecureWeb, but figure you guys will know who to contact.

I do not see the post?

Do you have a reference for the post?

[TeMerc]

 YoKenny1, on Nov 10 2008, 06:38 AM, said:

I do not see the post?

Do you have a reference for the post?

It's not a 'public' forum, but one that avast personnel have access to.

[JeanInMontana]

This has gone beyond F/P they are all aware that file is not malware.

[Tarun]

 JeanInMontana, on Nov 10 2008, 03:59 PM, said:

This has gone beyond F/P they are all aware that file is not malware.

Oh please. Overreact much? It's a false positive and it's not the first time a company has made a false positive.

Both jotti and VirusTotal report it's clean. Doesn't take long to check into these things.

[JeanInMontana]

Quote

Oh please. Overreact much? It's a false positive and it's not the first time a company has made a false positive.

That's my point Tarun and FYI I was not the first to take note. And it was checked on the other site. There should be a time they stop finding a well known program as malware, but they don't. Save your sarcasm.

[Tarun]

 JeanInMontana, on Nov 10 2008, 05:19 PM, said:

That's my point Tarun and FYI I was not the first to take note. And it was checked on the other site. There should be a time they stop finding a well known program as malware, but they don't. Save your sarcasm.

Considering how heuristics are made to detect all kinds of new malware it makes perfect sense that recurring false positives occur. Many AV applications try to use new detection algorithms in order to stay ahead. They change all the time and as such they can often detect some legit files falsely. They really don't have much control over it but will try to fix things as soon as possible.

You can even see it with MBAM and how it has had false positives before. Bruce quickly corrects them as does Marcin, but they can still recur. So are you saying that once they fix the issues, despite advancing the technology of MBAM it should never happen again and as such you are also criticizing the dynamic duo?