Aller au contenu principal

False positive

Commentaires

14 commentaires

  • Customer

    Does anyone know how to add a program to the whitelist manually? Instead of using the browse function? thanks.

    0
  • Customer

    I have exactly the same problem with the blizzard launcher for SC2...and Steam...and most of my Dell drivers..I haven't really gotten a good answer from support other than add them to the whitelist...which doesn't work for me..

     

    I added the program file folder to the whitelist by using windows explorer and copying and pasting the filepath directly into the whitelist (press add, and then paste in the field)...I would love to hear if support gives you any advice...

    0
  • Support

    Hi poepouri and msalt0,

    Please, follow the guide http://www.lavasoftsupport.com/index.php?showtopic=18033 to give Lavasoft all the information they need to be able to investigate if it is a false positive.

    0
  • Customer

    As requested

     

    Hi poepouri and msalt0,

    Please, follow the guide http://www.lavasoftsupport.com/index.php?showtopic=18033 to give Lavasoft all the information they need to be able to investigate if it is a false positive.


    Hi CeciliaB, I have uploaded the documents including logs, report, screenshot of file paths and one of the filesadaware11.zip

    0
  • Customer

    Hi msalt0,

     

    Thanks for uploading the file. At first glance the fixdamage.exe detection looks like an FP, but I'll investigate further.

     

    Would it be possible to upload the other detected files also?

     

    Regards,

     

    Andy

    Lavasoft Malware Lab

    0
  • Customer

    Hi poepouri,

     

    Same question to you - can you upload the detected files here?

     

    Andy

    0
  • Customer

    To Whom it May concern,

     

    I figured the issue out. Blizzard's updater creates a tempory update file called wow.exe.temp. It exists for a few seconds than vanishes, and only exists when the launcher is updating. I can't upload it because again, it vanishes very quickly. It can be avoided by excluding the world of warcraft folder (something the guy i called on the phone from support really should have known . .). My guess is like many things Blizzard does, it's one of many security measures they use to ensure their software isn't hacked or if it is, they know what's doing it. The issue is fixed now, but thank you for responding.

    0
  • Customer

    @ msalt0,

     

    The file contains code that is consistent with the Win32.Expiro.BK virus family. According to the log file there are several files detected with the same name - it appears that quite a few legitimate files on your machine have been infected by the virus. The detection of the file you uploaded (BTW, thank you - it made investigation much easier) is not a false positive. Hope this helps.

     

    Regards,

     

    Andy

    Lavsoft Malware Lab

    0
  • Customer

    Hi Andy,

     

    Thanks for letting me know - the interesting thing is that I just re-downloaded the startcraft files and it immediately happens (the files are all quarantined) when I try to launch the files - so it does not seem to matter if I allow ad-aware to clean the files, I cannot re-download them without the same issue occurring. I am a little confused on how to proceed: I can let ad-aware clean the files, but then the programs become unusable (the blizzard launcher/updater, etc.)

     

    Advice? Should I upload the blizzard files as well to check?

    0
  • Support

    Hi msalt0,

     

    It's probably good if you can provide Andy with as many files as possible.

    0
  • Customer

    as requested, I have uploaded more files - any help in identifying if I really have true or false positives would be great. there is a large file (55mb) that I cannot upload due to size limitsadaware11.zip

    0
  • Customer

    New folder (2).zipadditional files - I update steam and as they downloaded via steam update they were quarantined.

    0
  • Support

    Sorry, for the late reply but Lavasoft is still investigating this issue.

     

    Thank you for all your files

    0
  • Support

    Sorry msalt0, but you have a file infector malware in the computer. Win32/Expiro is a virus that infects all program files in all drives and collects passwords etc. It also opens a backdoor to the computer to let someone control the computer from internet, and lowers Internet Explorer security settings. If you have several computers in a local network, it will try to spread to the other computers through shared folders. You can read about it on http://www.lavasoft.com/mylavasoft/malware-descriptions/blog/viruswin32expironab .

     

    The recommendation is that you reinstall Windows, since no program file can be trusted, every tool you download will be infected and it's possible that Ad-Aware files are infected, too, and therefore Ad-Aware can't be trusted to detect or remove it. Since the infection steels passwords, certificates (e.g. for accessing banks), it's necessary to change all passwords you use on different websites from a clean computer and contact your bank.

     

    AVG has a tool that tries to disinfect the files, by running it you maybe can use the computer enough to be able to take backups of files you want to keep. Note, you can't backup any program files, if you run them after the reinstallation of Windows, they will infect the computer again. You only can backup documents, photos and films etc.

    AVG Tool: http://free.avg.com/us-en/remove-win32-expiro

    0

Vous devez vous connecter pour laisser un commentaire.