Solved

Unusual False Positive

  • 22 June 2012
  • 3 replies
  • 107 views

I'm currently running trial version 8.0.1.193 and today had my download of OpenOffice 3.4 stopped (via Firefox download). 

 

It's something I've been having troubles with these last few days where downloads or page loading in Firefox is being reset, initially I pinned the blame on my generic router but I can see now in the threat log it was Webroot that caused this latest occurrence.  Unfortunately repeated attempts to reproduce the issue are seeing the download continue just fine.  

 

My Threat Log reads :



Automated Cleanup Engine

Starting Cleanup at 22/06/2012 - 01:52:24 GMT



Starting Routine> Removing c:users

usticdogdownloadsapache_openoffice_incubating_3.4.0_win_x86_install_en-us.exe.part...#(PX5: 7BDC821BB0ADC4FAA05304EF10ECCF006E61FEC1 - MD5: 451CF77F5FAAE701D0D70B4BE172B75D)...

Deleting File> c:users

usticdogdownloadsapache_openoffice_incubating_3.4.0_win_x86_install_en-us.exe.part

Closing Handle> 3656 - PID: 988 - C:Users

usticdogDownloadsApache_OpenOffice_incubating_3.4.0_Win_x86_install_en-US.exe.part

 



Edit : Found this in logs too :

Fri 22-06-2012 13:52:24.0568    Infection detected: c:users

usticdogdownloadsapache_openoffice_incubating_3.4.0_win_x86_install_en-us.exe.part [MD5: 451CF77F5FAAE701D0D70B4BE172B75D] [3/00080000] [TROJAN.PROXY.G]

Fri 22-06-2012 13:52:24.0568    File blocked in realtime: c:users

usticdogdownloadsapache_openoffice_incubating_3.4.0_win_x86_install_en-us.exe.part [MD5: 451CF77F5FAAE701D0D70B4BE172B75D, Size: 303280 bytes] [524288/00000003] [TROJAN.PROXY.G]

Fri 22-06-2012 13:52:24.0570    Determination flags modified: c:users

usticdogdownloadsapache_openoffice_incubating_3.4.0_win_x86_install_en-us.exe.part - MD5: 451CF77F5FAAE701D0D70B4BE172B75D, Size: 303280 bytes, Flags: 00000020

 

 

 
icon

Best answer by YegorP 22 June 2012, 17:21

View original

3 replies

Userlevel 7
Hey rusticdog,

 

First of all, welcome to the Webroot Community and thanks for posting on the forums! :D

 

Sorry to hear about your troubles! I'd like to help you get this resolved ASAP so you can run OpenOffice and SecureAnywhere with no conflicts.

 

I'd like you to open a support ticket from the computer that you're having the issue as we'll have to examine the log files that come through when you send in the ticket.

 

Please let me know that you've sent the ticket. When the issue is resolved, I'll post the solution back here on the thread!

 

Thanks,
No, it's fine. I can download the file, it was just that one time it decided the file part contained a Trojan, which is what I found unusual. If it were truly a false positive then I should have seen repeated blocks rather than this as a one off...or that's what I'd expect.
Userlevel 7
Hi rusticdog,

 

That's fine and I'm glad you could get the file downloaded.

 

Regarding the file in question, it looks like it was blacklisted on your computer and placed in quarantine. Right now, we're keeping a close eye on the file, which is currently set to an 'unknown' status, and will wait and see how it behaves before making a surefire decision one way or the other. In the meantime, you can remove the file from your quarantine and restore it if you'd like. 

 

Make sure to check back on the Community and let us know if you have any other questions!

Reply