Does anyone know about a false positive for AVG reporting Win32/
DH.CAFF82037E "may" "unknown" virus?

"brianedow" <(E-Mail Removed)> wrote in message
news:0725e289-367d-41ea-a1ed-(E-Mail Removed)...
> Does anyone know about a false positive for AVG reporting Win32/
> DH.CAFF82037E "may" "unknown" virus?

Submit the file to virustotal.com, jotti.org, or virscan.org to see what
other scanner's report.

Also, it is important to know the filename and the location in which it
was found (full path).

From: "brianedow" <(E-Mail Removed)>

| Does anyone know about a false positive for AVG reporting Win32/
| DH.CAFF82037E "may" "unknown" virus?

What FromTheRafters said and...

Please upload a copy of the suspect file to; http://www.uploadmalware.com/ for analysis.

Post the information from Virus Total and the fully qualified name and path of the file
and that you uploaded it to Upload Malware.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

I got response from AVG! It appears to be a false positive!

"
Dear customer,

Thank you for your email.

Unfortunately, the previous virus database might have detected the
mentioned virus on some legitimate applications. We can confirm that
it was a false alarm. We have immediately released a new virus update
that removes the false positive detection on this file. Please update
your AVG and check your files again.

If you need to restore deleted files from AVG Virus Vault you can do
it this way:
- Open AVG user interface.
- Choose "Virus Vault" option from the "History" menu.
- Locate the file that was incorrectly removed and select it (one
click).
- Click on the "Restore" button.

We are sorry for the inconvenience.

In case that we can be of any further assistance, please do not
hesitate to contact us again.
Thank you.

Best regards,

Martin Valchev
AVG Customer Services"


On Jul 10, 8:42*am, "David H. Lipman" <DLipman~nosp...@Verizon.Net>
wrote:
> From: "brianedow" <briane...@gmail.com>
>
> | Does anyone know about a false positive for AVG reporting Win32/
> | DH.CAFF82037E "may" "unknown" virus?
>
> What FromTheRafters said and...
>
> Please upload a copy of the suspect file to;http://www.uploadmalware.com/*for analysis.
>
> Post the information from Virus Total and the fully qualified name and path of the file
> and that you uploaded it to Upload Malware.
>
> --
> Davehttp://www.claymania.com/removal-trojan-adware.html
> Multi-AV -http://www.pctipp.ch/downloads/dl/35905.asp

From: "brianedow" <(E-Mail Removed)>

| I got response from AVG! It appears to be a false positive!

| "
| Dear customer,

| Thank you for your email.

| Unfortunately, the previous virus database might have detected the
| mentioned virus on some legitimate applications. We can confirm that
| it was a false alarm. We have immediately released a new virus update
| that removes the false positive detection on this file. Please update
| your AVG and check your files again.

Well that's that.... :-)

Thank you for the update.


--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

Thanks for the update.

The value of an antivirus lies in it's support. It's good to see a
support channel that works.

For future reference, those file submission sites mentioned are all ones
that help the participating vendors get early warning of new malware or
false positive detections so that they can react to them quickly.

"brianedow" <(E-Mail Removed)> wrote in message
news:adff2b96-c7b0-470b-ac9b-(E-Mail Removed)...
I got response from AVG! It appears to be a false positive!

"
Dear customer,

Thank you for your email.

Unfortunately, the previous virus database might have detected the
mentioned virus on some legitimate applications. We can confirm that
it was a false alarm. We have immediately released a new virus update
that removes the false positive detection on this file. Please update
your AVG and check your files again.

If you need to restore deleted files from AVG Virus Vault you can do
it this way:
- Open AVG user interface.
- Choose "Virus Vault" option from the "History" menu.
- Locate the file that was incorrectly removed and select it (one
click).
- Click on the "Restore" button.

We are sorry for the inconvenience.

In case that we can be of any further assistance, please do not
hesitate to contact us again.
Thank you.

Best regards,

Martin Valchev
AVG Customer Services"


On Jul 10, 8:42 am, "David H. Lipman" <DLipman~nosp...@Verizon.Net>
wrote:
> From: "brianedow" <briane...@gmail.com>
>
> | Does anyone know about a false positive for AVG reporting Win32/
> | DH.CAFF82037E "may" "unknown" virus?
>
> What FromTheRafters said and...
>
> Please upload a copy of the suspect file
> to;http://www.uploadmalware.com/ for analysis.
>
> Post the information from Virus Total and the fully qualified name and
> path of the file
> and that you uploaded it to Upload Malware.
>
> --
> Davehttp://www.claymania.com/removal-trojan-adware.html
> Multi-AV -http://www.pctipp.ch/downloads/dl/35905.asp

On Jul 10, 10:23*am, "FromTheRafters" <erra...@nomail.afraid.org>
wrote:
> Thanks for the update.
>
> The value of an antivirus lies in it's support. It's good to see a
> support channel that works.
>
> For future reference, those file submission sites mentioned are all ones
> that help the participating vendors get early warning of new malware or
> false positive detections so that they can react to them quickly.
>
> "brianedow" <briane...@gmail.com> wrote in message
>
> news:adff2b96-c7b0-470b-ac9b-(E-Mail Removed)...
> I got response from AVG! *It appears to be a false positive!
>
> "
> Dear customer,
>
> Thank you for your email.
>
> Unfortunately, the previous virus database might have detected the
> mentioned virus on some legitimate applications. We can confirm that
> it was a false alarm. We have immediately released a new virus update
> that removes the false positive detection on this file. Please update
> your AVG and check your files again.
>
> If you need to restore deleted files from AVG Virus Vault you can do
> it this way:
> - Open AVG user interface.
> - Choose "Virus Vault" option from the "History" menu.
> - Locate the file that was incorrectly removed and select it (one
> click).
> - Click on the "Restore" button.
>
> We are sorry for the inconvenience.
>
> In case that we can be of any further assistance, please do not
> hesitate to contact us again.
> Thank you.
>
> Best regards,
>
> *Martin Valchev
> *AVG Customer Services"
>
> On Jul 10, 8:42 am, "David H. Lipman" <DLipman~nosp...@Verizon.Net>
> wrote:
>
> > From: "brianedow" <briane...@gmail.com>
>
> > | Does anyone know about a false positive for AVG reporting Win32/
> > | DH.CAFF82037E "may" "unknown" virus?
>
> > What FromTheRafters said and...
>
> > Please upload a copy of the suspect file
> > to;http://www.uploadmalware.com/for analysis.
>
> > Post the information from Virus Total and the fully qualified name and
> > path of the file
> > and that you uploaded it to Upload Malware.
>
> > --
> > Davehttp://www.claymania.com/removal-trojan-adware.html
> > Multi-AV -http://www.pctipp.ch/downloads/dl/35905.asp

On the morning of July 10, 2010 pacific time my Free AVG version
9.0.830 conducted a scheduled scan and found two infections: one was
"removed and healed" and the other was "not removed or healed". This
is what is stated on "scan results":

"C:\Windows\System32\svchost.exe (5860):\memory_0b990000";"May be
infected by unknown virus Win32/DH.CAFF82037F";"Object is
inaccessible."

"C:\Windows\System32\svchost.exe (5860)";"May be infected by unknown
virus Win32/DH.CAFF82037F";"".

The first's "Object Type" is file and "SDK type" is Core, and the
"Result" is "object is inaccessible". For the second, the "Object
Type" is process and the "SDK Type" is Core.

After this scan, AVG updated itself (in the afternoon of 7/10/10)

Now early this afternoon (7/11/10) my AVG scheduled scan was conducted
again and the same two infections showed up, one being "removed and
healed" and the other "not removed or healed". Why would the same two
infections show up after an update?

Thank you.

"Alan" <(E-Mail Removed)> wrote in message
news:71af2742-d75c-41f4-a154-(E-Mail Removed)...
On Jul 10, 10:23 am, "FromTheRafters" <erra...@nomail.afraid.org>
wrote:
> Thanks for the update.
>
> The value of an antivirus lies in it's support. It's good to see a
> support channel that works.
>
> For future reference, those file submission sites mentioned are all
> ones
> that help the participating vendors get early warning of new malware
> or
> false positive detections so that they can react to them quickly.
>
> "brianedow" <briane...@gmail.com> wrote in message
>
> news:adff2b96-c7b0-470b-ac9b-(E-Mail Removed)...
> I got response from AVG! It appears to be a false positive!
>
> "
> Dear customer,
>
> Thank you for your email.
>
> Unfortunately, the previous virus database might have detected the
> mentioned virus on some legitimate applications. We can confirm that
> it was a false alarm. We have immediately released a new virus update
> that removes the false positive detection on this file. Please update
> your AVG and check your files again.
>
> If you need to restore deleted files from AVG Virus Vault you can do
> it this way:
> - Open AVG user interface.
> - Choose "Virus Vault" option from the "History" menu.
> - Locate the file that was incorrectly removed and select it (one
> click).
> - Click on the "Restore" button.
>
> We are sorry for the inconvenience.
>
> In case that we can be of any further assistance, please do not
> hesitate to contact us again.
> Thank you.
>
> Best regards,
>
> Martin Valchev
> AVG Customer Services"
>
> On Jul 10, 8:42 am, "David H. Lipman" <DLipman~nosp...@Verizon.Net>
> wrote:
>
> > From: "brianedow" <briane...@gmail.com>
>
> > | Does anyone know about a false positive for AVG reporting Win32/
> > | DH.CAFF82037E "may" "unknown" virus?
>
> > What FromTheRafters said and...
>
> > Please upload a copy of the suspect file
> > to;http://www.uploadmalware.com/for analysis.
>
> > Post the information from Virus Total and the fully qualified name
> > and
> > path of the file
> > and that you uploaded it to Upload Malware.
>
> > --
> > Davehttp://www.claymania.com/removal-trojan-adware.html
> > Multi-AV -http://www.pctipp.ch/downloads/dl/35905.asp

On the morning of July 10, 2010 pacific time my Free AVG version
9.0.830 conducted a scheduled scan and found two infections: one was
"removed and healed" and the other was "not removed or healed". This
is what is stated on "scan results":

"C:\Windows\System32\svchost.exe (5860):\memory_0b990000";"May be
infected by unknown virus Win32/DH.CAFF82037F";"Object is
inaccessible."

"C:\Windows\System32\svchost.exe (5860)";"May be infected by unknown
virus Win32/DH.CAFF82037F";"".

The first's "Object Type" is file and "SDK type" is Core, and the
"Result" is "object is inaccessible". For the second, the "Object
Type" is process and the "SDK Type" is Core.

After this scan, AVG updated itself (in the afternoon of 7/10/10)

Now early this afternoon (7/11/10) my AVG scheduled scan was conducted
again and the same two infections showed up, one being "removed and
healed" and the other "not removed or healed". Why would the same two
infections show up after an update?

Thank you.

***
Maybe you need *another* update.
***

In article <adff2b96-c7b0-470b-ac9b-(E-Mail Removed)>,
brianedow says...
>
>I got response from AVG! It appears to be a false positive!

No big surprise there.