[ilko_t]

Another response, few weeks later, from GData:

Quote

Dear customer,

thank you for your request.

The 2 files, you send to as, are no longer detected as virus.

Please update your virus signatures.

Please refer your ticket-number 0000477284 when contacting us again regarding this matter.

With best regards

G Data-ServiceTeam

G Data Service GmbH * Kцnigsallee 178a
D-44799 Bochum, Germany * http://www.gdata.uk

[ilko_t]

Respect to the response time from Avira, 3 months and a half later

Quote

Dear Sir or Madam,

Thank you for your email to Avira's virus lab.
Tracking number: INC00450039.

A listing of files alongside their results can be found below:
File ID Filename Size (Byte) Result
25587751 setup_dbg.ex_ 2.45 KB CLEAN


Please find a detailed report concerning each individual sample below:
Filename Result
setup_dbg.ex_ CLEAN

The file 'setup_dbg.ex_' has been determined to be 'CLEAN'. Our analysts did not discover any malicious content.

Quote

Dear Sir or Madam,

Thank you for your email to Avira's virus lab.
Tracking number: INC00450038.

A listing of files alongside their results can be found below:
File ID Filename Size (Byte) Result
25587750 setup.ex_ 2.44 KB CLEAN


Please find a detailed report concerning each individual sample below:
Filename Result
setup.ex_ CLEAN

The file 'setup.ex_' has been determined to be 'CLEAN'. Our analysts did not discover any malicious content.

[ilko_t]

It turned out quite tricky to contact and report for a false positive some AV vendors. Currently at virustotal 19/43 still detect setup.exe as a virus:
http://www.virustota...4671-1288529982

Just got a response from Panda AV, waiting for the rest 18:

Quote

Dear customer,

After checking in our laboratory the message you submit, we inform you it contains no virus. The detection was caused due to a string coincidence.

The incidence is already solved in a Beta version of our Signature File (PAV.SIG), that you can download from the following URL:http://www.pandasecurity.com/homeusers/security-info/disclaimer/disclaimer

* If you have CloudAV, you don’t need to download the Beta version of our signature file (PAVSIG), it will be automatically updated in a few hours

We hope this answer has been helpful and do not hesitate to contact us should you need any suspicious file analyzed in future.

Best regards,

PandaLabs
virus@pandasecurity.com

[Sp0iLedBrAt]

And yet, using database 7.10.13.74 (29Oct2010) from 2 days ago, I get this:
 Avira Personal.JPG (14.57K)
Number of downloads: 1

[ilko_t]

Go figure...



http://analysis.avira.com/samples/

[ilko_t]

Does anyone have a registered McAfee AV? Would someone contact them and report for a false positive?

It's probably 10th email going back and forth and they keep asking me for registration email to move further on, although I keep explaining in those semi-automatic emails what the case is. Next I get referred to a web page to submit the sample, which web page doesn't re-analyse it as most other AV vendors did, but rather scans it using current signatures and supposedly gets detected.
Then I reply with the results to the semi-automatic email, where yet another guy puts his name on top of a similar answer and asks me again for registration

At least there is some progress, 19/43 a few days ago, now 13/43:
http://www.virustota...4671-1288757982

[ilko_t]

Moving forward, slowly, but moving , AVG and Ikarus replied, awaiting Sophos, Symantec and the troublesome McAfee.

[jaclaz]

@ilko_t

If, for any reason, you don't do your computer properly seated on a chair , please do take one and seat comfortably on it before accessing this :
http://downloadcente...ols/foundstone/

Directory on McAfee site where free tools are available.

I was there getting a fresh copy of the excellent BinText utility (BinText303.zip) today, and noticed file (near the bottom of the list/page): warning.txt

I had a look at it:

Quote

PACKER DETECTION ALERT

The anti-virus scanner has detected a packer program. The file was not cleaned and has been removed.
Context: 'SharePointDiscovery.exe'
Detection(s): 'PE_Patch.Stolen.d (compressed file)'
See your system administrator for further information. Copyright 1999-2007 McAfee, Inc.All Rights Reserved.http://www.mcafee.com

Their Anti-virus detected a packer inside their own file!

...and obviously did NOT delete it as file SharePointDiscovery.exe has the same timestamp 21-Oct-2010 09:04 of warning.txt ...





jaclaz

[ilko_t]

Wow, well done McAfee, guess next step is the scanner to detect itself as a packer

For reference I am posting a link to one of the numerous attempts to report false positive to McAfee:
https://community.mc...om/thread/29747

[gangbang]

where is the download file.

[jaclaz]

gangbang, on 03 December 2011 - 03:18 AM, said:

where is the download file.

WHICH "download file"?

The XP_INST_v04.7z?

Here:
http://www.msfn.org/...aded-iso-image/

jaclaz