Solved

Possible false positives?

  • 17 October 2012
  • 7 replies
  • 164 views

Userlevel 1
After an un-attended scan, ver# 8.0.2.27 on Windows XP Pro SP3, detected "c:program fileswinrarwinrar v3.41 final trial to full by great elmo!!.exe" and a subsequent scan found "c:windowssystem32cmdlineext03.dll". First file was cleaned but the second I searched and suspect this may be a false positive. I removed the winrar exe positive as I never use it anyway, but still suspect a false positive.
 
Malwarebytes and AVG have not tugged at these files ever. Just finished scans with these other two protectors came up clean, zero infections or malware.
 
Any conformation or clarification is appreciated.
icon

Best answer by jbiel 18 October 2012, 03:20

View original

7 replies

Userlevel 7
Badge +4
Thanks for posting the reply. Glad everything was sorted out!
Userlevel 7
Hello jbiel, Welcome to the Webroot Community Forum. :D
Thank you for posting the reply from the Webroot Threat Research Team. 😉
Userlevel 1
Fast turnaround with the support. Resolved as follows.

Hello,
The winrar v3.41 final trial to full by great elmo!!.exe file is a crack/patch/keygen file which we do not normally detect. The detection on that file has been reversed, but due to the nature of the file we would not consider that to be a False Positive in the traditional sense.

The c:windowssystem32cmdlineext03.dll file is a suspicious file, but does appear to be a false positive, and the detection has been reversed.

Thanks,

Webroot Threat Research

Posted for others that may see these pop.

Many thanks.
Userlevel 1
I will open a support ticket.

Thanks for pointing me to the right direction
Userlevel 1
Not sure where or when I got this zip utility. Haven't used it in ages. That's why I had no issue removing the possible infection. Was just suprised that it was flagged.
Userlevel 7
Badge +56
Hello jbiel and Welcome to the Webroot Community Forums!
 
May I ask where you got v3.41 as on my PC and there Website shows v4.20 why would you use such an older version?
 
TH
 
EDIT: I see that you really don't use it sorry!
Userlevel 7
Hey jbiel,
 
Welcome to the Webroot Community and thanks for posting! :D
 
The best way to find out it if a file in question is a false positive is to open a support ticket so our Threat Research team can look into it and double check for you. Not only will you get a definite answer, but also, if it is a false positive, we can whitelist the file so it won't show up as a threat anymore for any other Webroot SecureAnywhere user either!
 
Just follow the aforementioned link and follow the prompts to submit the ticket. You can just copy and paste your post and title it something like "Possible False Positive" and select "Threat Found-False Positive" for the category to ensure it gets over to the right place faster!
 
Let me know if you have any more questions!

Reply