8 Replies Latest reply on Jan 14, 2011 9:25 AM by sizykh

    False Positive

      Actual Filename: ZForever.exe

       

      Developer Name: Intellect-Service

       

      Application Name: Best Zvit

       

      Application Version: 8.96.000

       

      Website: http://bestzvit.com.ua/

       

      Application Purpose: Accounting software

       

      Direct Setup Download for rar archive containing exe file:

       

      McAfee5.400.0.11582011.01.13Artemis!143D1C73BEE5
      McAfee-GW-Edition2010.1C2011.01.12Artemis!143D1C73BEE5

      It is a false positive that this Accounting Software is a virus. It’s just a secure/packed file from not being altered.

       

      Please take some necessary steps to make this file clear from your virus list or blacklist.

       

      Waiting for your response.

       

      Thanks

       

       

      Message was edited by: sizykh on 1/13/11 2:43:55 AM CST

       

       

      Message was edited by: Peacekeeper on 13/01/11 8:24:30 PM

       

       

      Message was edited by: sizykh on 1/14/11 2:11:52 AM CST

       

       

      Message was edited by: sizykh on 1/14/11 8:56:08 AM CST
        • 1. Re: False Positive
          Peacekeeper

          First sorry but we do not like files posted in forum Can you please zip it and send it password protected (infected is the pssword) as follows. When they reply saying it is infected reply back asking for a review.

          Submit a Virus or Malware Sample

          How to Submit Virus or Malware Samples to McAfee Labs
          When submitting a sample to McAfee Labs for review, you may use either of two delivery methods:

          • McAfee ServicePortal/Platinum Portal
            This is the  preferred method for McAfee Labs to receive submissions from Platinum  and Gold Customers. When you use this method we can process and respond  to samples more rapidly. You’ll find instructions for using the McAfee  ServicePortal/Platinum Portal under McAfee KnowledgeBase ID KB68030.

          • Email
            You may submit samples directly to McAfee Labs by attaching the file(s) in an email to virus_research@mcafee.com.  When submitting samples via email, you must archive them in a  password-protected Zip file with the password “infected” (all  lowercase). For instructions on how to create a Zip file and password  protect it, see these articles:

          Using WinZip

          Using Windows File Compression

          Submission Information
          To help us speed the sample review process, please provide the following information along with your sample:

          • A list of all files contained in the sample submission, including a brief description of where or how you found them
          • What symptoms cause you to suspect that the sample is malicious
          • Whether any security products find a virus (tell us the security  vendor, its product name, the version number, and the virus name  assigned to the sample)
          • Your McAfee product information (product name, engine, and .DAT version)
          • Any system details that may be relevant, including operating system and service packs

          Finding Samples to Submit
          McAfee KnowledgeBase Article KB53094 can assist customers in finding malicious samples on their systems.

          What Not to Submit
          Please do not send  screenshots, anti-virus or HijackThis logs, or prefetch files through  McAfee ServicePortal/Platinum Portal or email. Send only the suspected  malicious files.

          • 2. Re: False Positive
            exbrit

            Moved to Artemis.

             

             

            Message was edited by: Ex_Brit on 13/01/11 7:20:39 EST AM
            • 3. Re: False Positive

              Updated the attached file

              • 4. Re: False Positive
                exbrit

                Until someone from that department spots this you might was to send an email message to virus_research@mcafee.com headed "False Artemis!143D1C73BEE5", minus the "" of course.

                 

                You could also put an explanation in the body and a link to this thread.

                1 of 1 people found this helpful
                • 5. Re: False Positive
                  Peacekeeper

                  So did you email it?

                  • 6. Re: False Positive

                    Yes, I did. I got the answer:

                     

                    >McAfee Labs - Beaverton                                                               

                    >Current Scan Engine Version:5400.1158                                                 

                    >Current DAT Version:6225.0000                                                         

                    >Thank you for your submission.                                                        

                    >

                    >Analysis ID: 6464777

                    >

                    >File Name            Findings                       Detection                    Type         Extra

                    >--------------------|------------------------------|--------------------------- -|------------|-----

                    >zforever.exe        |inconclusive                  |                            |            |no  

                    >

                    >inconclusive [zforever.exe]                                                                        

                    >...
                    But virustotal.com says:
                    McAfee5.400.0.11582011.01.14Artemis!143D1C73BEE5
                    McAfee-GW-Edition2010.1C2011.01.14Artemis!143D1C73BEE5

                    • 7. Re: False Positive
                      ConorD62

                      Have you told them it's false?


                      It may take some time for the person to correct this FP.

                      • 8. Re: False Positive

                        Yes, I have told them today.