cancel
Showing results for 
Search instead for 
Did you mean: 
sizykh
Level 7

False Positive

Jump to solution

Actual Filename: ZForever.exe

Developer Name: Intellect-Service

Application Name: Best Zvit

Application Version: 8.96.000

Website: http://bestzvit.com.ua/

Application Purpose: Accounting software

Direct Setup Download for rar archive containing exe file:

McAfee5.400.0.11582011.01.13Artemis!143D1C73BEE5
McAfee-GW-Edition2010.1C2011.01.12Artemis!143D1C73BEE5

It is a false positive that this Accounting Software is a virus. It’s just a secure/packed file from not being altered.

Please take some necessary steps to make this file clear from your virus list or blacklist.

Waiting for your response.

Thanks

Message was edited by: sizykh on 1/13/11 2:43:55 AM CST

Message was edited by: Peacekeeper on 13/01/11 8:24:30 PM

Message was edited by: sizykh on 1/14/11 2:11:52 AM CST

Message was edited by: sizykh on 1/14/11 8:56:08 AM CST
0 Kudos
1 Solution

Accepted Solutions
Peacekeeper
Level 20

Re: False Positive

Jump to solution

First sorry but we do not like files posted in forum Can you please zip it and send it password protected (infected is the pssword) as follows. When they reply saying it is infected reply back asking for a review.

Submit a Virus or Malware Sample

How to Submit Virus or Malware Samples to McAfee Labs
When submitting a sample to McAfee Labs for review, you may use either of two delivery methods:

  • McAfee ServicePortal/Platinum Portal
    This is the  preferred method for McAfee Labs to receive submissions from Platinum  and Gold Customers. When you use this method we can process and respond  to samples more rapidly. You’ll find instructions for using the McAfee  ServicePortal/Platinum Portal under McAfee KnowledgeBase ID KB68030.

  • Email
    You may submit samples directly to McAfee Labs by attaching the file(s) in an email to virus_research@mcafee.com.  When submitting samples via email, you must archive them in a  password-protected Zip file with the password “infected” (all  lowercase). For instructions on how to create a Zip file and password  protect it, see these articles:

Using WinZip

Using Windows File Compression

Submission Information
To help us speed the sample review process, please provide the following information along with your sample:

  • A list of all files contained in the sample submission, including a brief description of where or how you found them
  • What symptoms cause you to suspect that the sample is malicious
  • Whether any security products find a virus (tell us the security  vendor, its product name, the version number, and the virus name  assigned to the sample)
  • Your McAfee product information (product name, engine, and .DAT version)
  • Any system details that may be relevant, including operating system and service packs

Finding Samples to Submit
McAfee KnowledgeBase Article KB53094 can assist customers in finding malicious samples on their systems.

What Not to Submit
Please do not send  screenshots, anti-virus or HijackThis logs, or prefetch files through  McAfee ServicePortal/Platinum Portal or email. Send only the suspected  malicious files.

0 Kudos
8 Replies
Peacekeeper
Level 20

Re: False Positive

Jump to solution

First sorry but we do not like files posted in forum Can you please zip it and send it password protected (infected is the pssword) as follows. When they reply saying it is infected reply back asking for a review.

Submit a Virus or Malware Sample

How to Submit Virus or Malware Samples to McAfee Labs
When submitting a sample to McAfee Labs for review, you may use either of two delivery methods:

  • McAfee ServicePortal/Platinum Portal
    This is the  preferred method for McAfee Labs to receive submissions from Platinum  and Gold Customers. When you use this method we can process and respond  to samples more rapidly. You’ll find instructions for using the McAfee  ServicePortal/Platinum Portal under McAfee KnowledgeBase ID KB68030.

  • Email
    You may submit samples directly to McAfee Labs by attaching the file(s) in an email to virus_research@mcafee.com.  When submitting samples via email, you must archive them in a  password-protected Zip file with the password “infected” (all  lowercase). For instructions on how to create a Zip file and password  protect it, see these articles:

Using WinZip

Using Windows File Compression

Submission Information
To help us speed the sample review process, please provide the following information along with your sample:

  • A list of all files contained in the sample submission, including a brief description of where or how you found them
  • What symptoms cause you to suspect that the sample is malicious
  • Whether any security products find a virus (tell us the security  vendor, its product name, the version number, and the virus name  assigned to the sample)
  • Your McAfee product information (product name, engine, and .DAT version)
  • Any system details that may be relevant, including operating system and service packs

Finding Samples to Submit
McAfee KnowledgeBase Article KB53094 can assist customers in finding malicious samples on their systems.

What Not to Submit
Please do not send  screenshots, anti-virus or HijackThis logs, or prefetch files through  McAfee ServicePortal/Platinum Portal or email. Send only the suspected  malicious files.

0 Kudos
exbrit
Level 21

Re: False Positive

Jump to solution

Moved to Artemis.

Message was edited by: Ex_Brit on 13/01/11 7:20:39 EST AM
0 Kudos
sizykh
Level 7

Re: False Positive

Jump to solution

Updated the attached file

0 Kudos
exbrit
Level 21

Re: False Positive

Jump to solution

Until someone from that department spots this you might was to send an email message to virus_research@mcafee.com headed "False Artemis!143D1C73BEE5", minus the "" of course.

You could also put an explanation in the body and a link to this thread.

0 Kudos
Peacekeeper
Level 20

Re: False Positive

Jump to solution

So did you email it?

0 Kudos
sizykh
Level 7

Re: False Positive

Jump to solution

Yes, I did. I got the answer:

>McAfee Labs - Beaverton                                                               

>Current Scan Engine Version:5400.1158                                                 

>Current DAT Version:6225.0000                                                         

>Thank you for your submission.                                                        

>

>Analysis ID: 6464777

>

>File Name            Findings                       Detection                    Type         Extra

>--------------------|------------------------------|----------------------------|------------|-----

>zforever.exe        |inconclusive                  |                            |            |no  

>

>inconclusive [zforever.exe]                                                                       

>...
But virustotal.com says:
McAfee5.400.0.11582011.01.14Artemis!143D1C73BEE5
McAfee-GW-Edition2010.1C2011.01.14Artemis!143D1C73BEE5

0 Kudos
ConorD62
Level 12

Re: False Positive

Jump to solution

Have you told them it's false?


It may take some time for the person to correct this FP.

0 Kudos
sizykh
Level 7

Re: False Positive

Jump to solution

Yes, I have told them today.

0 Kudos