1 Reply Latest reply on Mar 26, 2009 4:23 PM by Grif

    Exploit-ObscuredHtml false positive in SRWare Iron

      My company is running McAfee VirusScan Enterprise & Anti Spyware Enterprise 8.5.0i.
      Current DAT is 5559.

      For the second time in two weeks real time analysis has alerted me on the presence of Exploit-ObscuredHtml in Google Chrome´s user data\default folder (I´m running SRWare Iron as browser, a Chrome clone).

      I have submitted the suspected file to virustotal.com and it appears to be completely clean (0/40, including mcafee claims it to be clean).

      A false positive that you can take care of?

      Thanks.

      Moved to desktop & Server for better attention - MOD
        • 1. RE: Exploit-ObscuredHtml false positive in SRWare Iron
          No one here can fix false positives but the Avert link below should help you out:

          How to submit a sample to AVERT

          If the file has been placed in Quarantine, you'll have to temporarily disable VirusScan and then reinstate the items and send them to Avert.

          Send the file to Avert for analysis:
          http://vil.nai.com/vil/submit-sample.aspx
          or
          https://www.webimmune.net/default.asp
          or
          Email file to: [EMAIL="virus_research@avertlabs.com"]virus_research@avertlabs.com
          When submitting samples via E-mail all samples must be packaged in a .ZIP file. When creating this .ZIP file, it is important to understand that the .ZIP can be no more than 3 megabytes in size and can contain no more than 30 files. Additionally, any .ZIP file created must be password-protected using the password "infected" (minus the ""). Failure to follow these guidelines will cause your submission to be rejected.

          Hope this helps.

          Grif