False positive deletion.

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

My virus checker (F-Prot) had a false positive and deleted wextract.exe from
WinXP.
Any quick tips how to reinstall please? I have the WInXP Professional disc.
 
From: "TrevL" <[email protected]>

| My virus checker (F-Prot) had a false positive and deleted wextract.exe from
| WinXP.
| Any quick tips how to reinstall please? I have the WInXP Professional disc.
| --
| Regards,T.

Assuming the CDROM is in drive "D:", execute the following command line.

extract D:\I386\WEXTRACT.EX_ %windir%

The question is was it really a False Positive or was it a case that an infector replaced
the real version with an infected version.

After you extract the WEXTRACT.EXE file and if F-Prot falsely declares it as incfected,
submit a copy to Frisk indicating the strong possibility of the file being false declared as
being infected when it isn't.

mailto:[email protected]?subject=False%20Positive
 
David H. Lipman said:
From: "TrevL" <[email protected]>

| My virus checker (F-Prot) had a false positive and deleted
wextract.exe from
| WinXP.
| Any quick tips how to reinstall please? I have the WInXP
Professional disc.
| --
| Regards,T.

Assuming the CDROM is in drive "D:", execute the following command
line.

extract D:\I386\WEXTRACT.EX_ %windir%

The question is was it really a False Positive or was it a case that
an infector replaced
the real version with an infected version.

After you extract the WEXTRACT.EXE file and if F-Prot falsely declares
it as incfected,
submit a copy to Frisk indicating the strong possibility of the file
being false declared as
being infected when it isn't.

mailto:[email protected]?subject=False%20Positive
Click to expand...

Hmmm -- they just had the same thing a couple of weeks
ago (which I emailed them about). The confirmed it was
indeed a false positive. Maybe they need a few more test
machines to run on before they turn the new sig files loose.
Last year I had it (F-Prot) take out a number of windows
office files before they updated the sig files. Fortunately,
my other machines had not picked up the new sigs and
deleted them, so I was able to just copy them back again.

mikey
 
From: "Mike Fields" <spam_me_not_mr.gadget2@comcastDOTnet>


| Hmmm -- they just had the same thing a couple of weeks
| ago (which I emailed them about). The confirmed it was
| indeed a false positive. Maybe they need a few more test
| machines to run on before they turn the new sig files loose.
| Last year I had it (F-Prot) take out a number of windows
| office files before they updated the sig files. Fortunately,
| my other machines had not picked up the new sigs and
| deleted them, so I was able to just copy them back again.
|
| mikey

Every AV company and anti malware company has False Positives. It goes with the territory.
Unfortunately... Some more than others :-)

In this case it sounds like TrevL has old signature files if you had this problem weeks ago
it should have been corrected by now.

BTW: This is why you have the AV software quarantine, not delete, files that are infected.
This way if they are deemed to be False Positive declarations the files can be restored
after new signatures are released.
 
Dave,

Thanks very much for your help...I'll get on and fix the deletion. The
missing files do not cause day to day problems, and as I've got a bit of time
I'll sort it out. FYI F-Prot did reply to my query and apologised for the
error, they had realised the problem had been generated and fixed asap but I
had downloaded and run a scan before the next update. That's part of the game
as you say, I had the same with the MS Adware product (name escapes me) that
Defender replaced.

Best Regards,Trev.
 
Dave,

Back again...system doesn't like the command line

extract D:\I386\WEXTRACT.EX_ %windir%

What am I doing wrong? It's sure to be me.
 
From: "TrevL" <[email protected]>

| Dave,
|
| Back again...system doesn't like the command line
|
| extract D:\I386\WEXTRACT.EX_ %windir%
|
| What am I doing wrong? It's sure to be me.
|

Open a Command Prompt and try the following ...

expand D:\I386\WEXTRACT.EX_ %windir%
 
Dave,

Thanks. Yes the command worked, but when I subsequently do a search
wextract.exe does not appear in any system areas.
 
From: "TrevL" <[email protected]>

| Dave,
|
| Thanks. Yes the command worked, but when I subsequently do a search
| wextract.exe does not appear in any system areas.

It should have been extracted to the c:\windows directory or the c:\winnnt directory
depending on which named folder you are using.
 
From: "TrevL" <[email protected]>

| Thanks Dave, got it now. Many thanks for your prompt assistance.

Anytime. However realize that there are News Group specific to the discussion of viruses
and their after effects.

microsoft.public.security.virus
alt.comp.virus
alt.comp.anti-virus
 
Back
Top