cancel
Showing results for 
Search instead for 
Did you mean: 
hypogaea
Level 7

False positive? "Win32:Malware-gen"

Jump to solution

Programa:

Removed link

Scan:

https://www.virustotal.com/pt/file/261110e5d8e616bfab7ee9d9f0307696d844d3ef5faf536e0c24db82d4e1ab9e/...

Message was edited by: Peace Keeper
Link to possible infected file removed

0 Kudos
1 Solution

Accepted Solutions
dmeier
Level 13

Re: False positive? "Win32:Malware-gen"

Jump to solution

The file has been marked as clean, and updated in all the necessary places. 

- David

0 Kudos
6 Replies
Highlighted
Peacekeeper
Level 20

Re: False positive? "Win32:Malware-gen"

Jump to solution

First we have to remove the file links as it is not allowed to link to possible infected files,

submit the files as per

You will get an immediate analysis id in the reply post that here and if no fix in 3 days post back and I will escalate it.

0 Kudos
catdaddy
Level 20

Re: False positive? "Win32:Malware-gen"

Jump to solution

Successfully moved from Community Support to Artemis Discussion  >  Discussions

Cliff
McAfee Volunteer
0 Kudos
catdaddy
Level 20

Re: False positive? "Win32:Malware-gen"

Jump to solution

Unmarked the thread as 'Assumed Answered' until the detections have been suppressed.

Cliff
McAfee Volunteer
0 Kudos
dmeier
Level 13

Re: False positive? "Win32:Malware-gen"

Jump to solution

Looks like the link uploaded to VT  (which doesn't guarantee we have the sample, but we did this time)  is a zip file, when extracted shows these files.

Analysis ID: 10334814

File Name Findings Detection Type Extra

--------------------|------------------------------|----------------------------|------------|-----

eavesdrop.dll |no malware | | |no

eavesdrop.xml |no malware | | |no

flashinspect.dll |no malware | | |no

flashinspect.xml |no malware | | |no

makecert.exe |no malware | | |no

sulakore.dll |no malware | | |no

sulakore.xml |no malware | | |no

tangine.dll |inconclusive | | |no

tangine.xml |no malware | | |no

tanji.exe |current detection |genericrxah-tb!ef46ffe1be8d |Trojan |no

Of the 10 files, seems there is one that is detected.  I'll get the lot of them reviewed.

Are you the developer of the tool?

- David

0 Kudos
dmeier
Level 13

Re: False positive? "Win32:Malware-gen"

Jump to solution

The file has been marked as clean, and updated in all the necessary places. 

- David

0 Kudos
catdaddy
Level 20

Re: False positive? "Win32:Malware-gen"

Jump to solution

Thank you David   Marking this as 'Correctly Answered'.

Cliff
McAfee Volunteer
0 Kudos