Checking if False Positive

[Rex's Mom]

while running a², Avast lept up with a warning about a
program in the A² Archive folder. Then while running Avast,
it (Avast) complained about something in a².

should one investigate (and what's the best way to do that?)
or should one just accept 'their' word for it and quarantine?
--

Rex's Mom

[David H. Lipman]

From: "Rex's Mom" <labsrgreat@invalid.com>

| while running a², Avast lept up with a warning about a
| program in the A² Archive folder. Then while running Avast,
| it (Avast) complained about something in a².
|
| should one investigate (and what's the best way to do that?)
| or should one just accept 'their' word for it and quarantine?

Quarantines *should* be encrypted to avoid other anti malware utilities from flagging what
is found within the respective vendor's quarantine. However, this isn't always the case.

If you are unsure if a file has been unjustly quarantined, submit a sample to a given
qurantined item to Virus Total. If it is well recognized, purge that quarantined item from
the cache/folder. If it is NOT well recognized, wait several days, a week or more and
resubmit it. If it remains not well recognized or unrecognized then it may be a False
Positive and you should contact the anti malware vendor of the software which quarantined
the suspect. If it is a False Positive, it can the be restored from quarantine.


Please submit a sample to Virus Total --
http://www.virustotal.com/flash/index_en.html
The submission will then be tested against many different AV vendor's scanners.
That will give you an idea what it is and who recognizes it. In addition, unless told
otherwise, Virus Total will provide the sample to all participating vendors.

You can also submit a suspect, one at a time, via the following email URL...
mailto:scan@virustotal.com?subject=SCAN

When you get the report, please post back the exact results.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

[Rex's Mom]

David H. Lipman wrote:

> From: "Rex's Mom" <labsrgreat@invalid.com>
>
> | while running a², Avast lept up with a warning about a
> | program in the A² Archive folder. Then while running Avast,
> | it (Avast) complained about something in a².
> |
> | should one investigate (and what's the best way to do that?)
> | or should one just accept 'their' word for it and quarantine?
>
> Quarantines *should* be encrypted to avoid other anti malware utilities from flagging what
> is found within the respective vendor's quarantine. However, this isn't always the case.
>
> If you are unsure if a file has been unjustly quarantined, submit a sample to a given
> qurantined item to Virus Total. If it is well recognized, purge that quarantined item from
> the cache/folder. If it is NOT well recognized, wait several days, a week or more and
> resubmit it. If it remains not well recognized or unrecognized then it may be a False
> Positive and you should contact the anti malware vendor of the software which quarantined
> the suspect. If it is a False Positive, it can the be restored from quarantine.
>
>
> Please submit a sample to Virus Total --
> http://www.virustotal.com/flash/index_en.html
> The submission will then be tested against many different AV vendor's scanners.
> That will give you an idea what it is and who recognizes it. In addition, unless told
> otherwise, Virus Total will provide the sample to all participating vendors.
>
> You can also submit a suspect, one at a time, via the following email URL...
> mailto:scan@virustotal.com?subject=SCAN
>
> When you get the report, please post back the exact results.
>
thank you...will get on it in the next day or so and post back

--

Rex's Mom