Hello, I'm wondering how do I submit a false positive report for a file over 10 mb?
It's about the file that downloads from here:
Link removed until deemed safe by McAfee
It's 13 mb in size
I will contact one of the Engineers from McAfee Labs on your behalf, to help assist you in submitting. Please try that FTP link David suggested. Plus VirusTotal.com and get the MD5 Hashes.
Your Escalated Ticket number is as follows Ticket #: AM000953 - Over 10 Mb
Oh, good. It's been a while since an interesting one like this has been posted here. I shall await developments with some interest but if McAfee changes its opinion of the executable I would be rather surprised.
For information, the very latest VirusTotal analysis of the file "torcoin-qt.exe" - which is the main element of the zipped file "TorCoinWindows1.0.zip" - shows that it is detected as malicious by 22 antivirus engines out of 61. The zip file itself has a detection rate of 20 out of 57
The malware description for this from many of those detections is that it is a CoinStealer Trojan.
All of these detections may of course be genuine false positives but when a sizeable percentage of the scanning engines detect a problem I am inclined to think that there may indeed be a problem. And unless one of the AV companies is prepared to do a full analysis of the code (which would probably involve them having to reverse-engineer the executable) we are unlikely to know the true situation.
We have already contacted ESET and Bitdefender which updated their signatures and no longer alert.
From smaller antiviruses Webroot and Cyren have also updated their signatures.
Regardless, please also try to submit through this link that I inserted in my post #1 Re: Submitting false positives larger than 10mb? I have provided the Hashes to David/Lead Engineer at McAfee Labs.