Showing results for 
Search instead for 
Did you mean: 
Level 7

false positive ticket check

hello  people

i send file for false positive from   week

i see this reply

Thank you for your submission.

Analysis ID: 8033737

File Name Findings Detection Type Extra
asrar_2.exe |inconclusive | | |no

inconclusive [asrar_2.exe]

Automated analysis was not able to determine that this file is malware. This file is
being sent for further processing and the DAT files will potentially be updated if
detection of this sample is warranted.

Note –

Due to the prevalence of network gateway AV products, it is important that all
submissions be zipped and the zip file password-protected (password - infected). Some
products will reject an email that contains a virus that is not sent in this way. In
addition, often we receive a file that appears not to have been infected, to find
later that the file was infected when it left the sender, and was cleaned somewhere
along the line.


McAfee Labs

i need to know

how i can check again

and delete false positive


Message was edited by: Ex_Brit on 21/03/14 6:37:38 EDT PM
0 Kudos
2 Replies
Level 21

Re: false positive ticket check

Please don't attach samples of possible malware.   As you don't indicate the name of the detection and whether or not this is while using Consumer or Enterprise software I've moved this provisionally to Malware Discussion > Home User Assistance.  Hopefully someone will pick it up.

Here's an article I did on this situation:


Message was edited by: Ex_Brit on 21/03/14 6:43:32 EDT PM
0 Kudos
Level 20

Re: false positive ticket check

I am inclined to agree with Ex_Brit, until the here-in mentioned file has been cleared, it is not wise to post the "Possible" infection. I say this due to the fact, after doing some searching using the above "Supposedly False Positive"

I got some hits that were detected as various realtionships with the "Sasser Worm" Dating as far back as 2004. This infection(if it actually is) hides with-in the "lsass.exe" process, and can also be present when the normal Windows process(services.exe) displays.

One primary Red Flag, is if you notice that the "Services.exe" is spelled "ServiceS.exe" It spreads thoughout the system and infiltrates and infects other users through (Emails). Rather than giving the name,I will insert a link , that Security Vendors list their individual names for the detection, to include McAfee if in case this is the same process in Question.

I might add that this primarily effects Windows XP...

Here is the Link:

McAfee Volunteer
0 Kudos