i send file for false positive from week
i see this reply
Thank you for your submission.
Analysis ID: 8033737
File Name Findings Detection Type Extra
asrar_2.exe |inconclusive | | |no
Automated analysis was not able to determine that this file is malware. This file is
being sent for further processing and the DAT files will potentially be updated if
detection of this sample is warranted.
Due to the prevalence of network gateway AV products, it is important that all
submissions be zipped and the zip file password-protected (password - infected). Some
products will reject an email that contains a virus that is not sent in this way. In
addition, often we receive a file that appears not to have been infected, to find
later that the file was infected when it left the sender, and was cleaned somewhere
along the line.
i need to know
how i can check again
and delete false positive
Please don't attach samples of possible malware. As you don't indicate the name of the detection and whether or not this is while using Consumer or Enterprise software I've moved this provisionally to Malware Discussion > Home User Assistance. Hopefully someone will pick it up.
Here's an article I did on this situation: https://community.mcafee.com/thread/2016
Message was edited by: Ex_Brit on 21/03/14 6:43:32 EDT PM
I am inclined to agree with Ex_Brit, until the here-in mentioned file has been cleared, it is not wise to post the "Possible" infection. I say this due to the fact, after doing some searching using the above "Supposedly False Positive"
I got some hits that were detected as various realtionships with the "Sasser Worm" Dating as far back as 2004. This infection(if it actually is) hides with-in the "lsass.exe" process, and can also be present when the normal Windows process(services.exe) displays.
One primary Red Flag, is if you notice that the "Services.exe" is spelled "ServiceS.exe" It spreads thoughout the system and infiltrates and infects other users through (Emails). Rather than giving the name,I will insert a link , that Security Vendors list their individual names for the detection, to include McAfee if in case this is the same process in Question.
I might add that this primarily effects Windows XP...
Here is the Link: http://www.threatexpert.com/threats/w32-bobax-dr.html