AVG Win32/DH.CAFF82037E
in [Anti-Virus]
|
Prev: Dustin Cook -Admitted hacker
Next: heureuse
From: FromTheRafters on 10 Jul 2010 13:23 Thanks for the update. The value of an antivirus lies in it's support. It's good to see a support channel that works. For future reference, those file submission sites mentioned are all ones that help the participating vendors get early warning of new malware or false positive detections so that they can react to them quickly. "brianedow" <brianedow(a)gmail.com> wrote in message news:adff2b96-c7b0-470b-ac9b-2073fbe14850(a)i28g2000yqa.googlegroups.com... I got response from AVG! It appears to be a false positive! " Dear customer, Thank you for your email. Unfortunately, the previous virus database might have detected the mentioned virus on some legitimate applications. We can confirm that it was a false alarm. We have immediately released a new virus update that removes the false positive detection on this file. Please update your AVG and check your files again. If you need to restore deleted files from AVG Virus Vault you can do it this way: - Open AVG user interface. - Choose "Virus Vault" option from the "History" menu. - Locate the file that was incorrectly removed and select it (one click). - Click on the "Restore" button. We are sorry for the inconvenience. In case that we can be of any further assistance, please do not hesitate to contact us again. Thank you. Best regards, Martin Valchev AVG Customer Services" On Jul 10, 8:42 am, "David H. Lipman" <DLipman~nosp...(a)Verizon.Net> wrote: > From: "brianedow" <briane...(a)gmail.com> > > | Does anyone know about a false positive for AVG reporting Win32/ > | DH.CAFF82037E "may" "unknown" virus? > > What FromTheRafters said and... > > Please upload a copy of the suspect file > to;http://www.uploadmalware.com/ for analysis. > > Post the information from Virus Total and the fully qualified name and > path of the file > and that you uploaded it to Upload Malware. > > -- > Davehttp://www.claymania.com/removal-trojan-adware.html > Multi-AV -http://www.pctipp.ch/downloads/dl/35905.asp
From: Alan on 11 Jul 2010 17:00 On Jul 10, 10:23 am, "FromTheRafters" <erra...(a)nomail.afraid.org> wrote: > Thanks for the update. > > The value of an antivirus lies in it's support. It's good to see a > support channel that works. > > For future reference, those file submission sites mentioned are all ones > that help the participating vendors get early warning of new malware or > false positive detections so that they can react to them quickly. > > "brianedow" <briane...(a)gmail.com> wrote in message > > news:adff2b96-c7b0-470b-ac9b-2073fbe14850(a)i28g2000yqa.googlegroups.com... > I got response from AVG! It appears to be a false positive! > > " > Dear customer, > > Thank you for your email. > > Unfortunately, the previous virus database might have detected the > mentioned virus on some legitimate applications. We can confirm that > it was a false alarm. We have immediately released a new virus update > that removes the false positive detection on this file. Please update > your AVG and check your files again. > > If you need to restore deleted files from AVG Virus Vault you can do > it this way: > - Open AVG user interface. > - Choose "Virus Vault" option from the "History" menu. > - Locate the file that was incorrectly removed and select it (one > click). > - Click on the "Restore" button. > > We are sorry for the inconvenience. > > In case that we can be of any further assistance, please do not > hesitate to contact us again. > Thank you. > > Best regards, > > Martin Valchev > AVG Customer Services" > > On Jul 10, 8:42 am, "David H. Lipman" <DLipman~nosp...(a)Verizon.Net> > wrote: > > > From: "brianedow" <briane...(a)gmail.com> > > > | Does anyone know about a false positive for AVG reporting Win32/ > > | DH.CAFF82037E "may" "unknown" virus? > > > What FromTheRafters said and... > > > Please upload a copy of the suspect file > > to;http://www.uploadmalware.com/for analysis. > > > Post the information from Virus Total and the fully qualified name and > > path of the file > > and that you uploaded it to Upload Malware. > > > -- > > Davehttp://www.claymania.com/removal-trojan-adware.html > > Multi-AV -http://www.pctipp.ch/downloads/dl/35905.asp On the morning of July 10, 2010 pacific time my Free AVG version 9.0.830 conducted a scheduled scan and found two infections: one was "removed and healed" and the other was "not removed or healed". This is what is stated on "scan results": "C:\Windows\System32\svchost.exe (5860):\memory_0b990000";"May be infected by unknown virus Win32/DH.CAFF82037F";"Object is inaccessible." "C:\Windows\System32\svchost.exe (5860)";"May be infected by unknown virus Win32/DH.CAFF82037F";"". The first's "Object Type" is file and "SDK type" is Core, and the "Result" is "object is inaccessible". For the second, the "Object Type" is process and the "SDK Type" is Core. After this scan, AVG updated itself (in the afternoon of 7/10/10) Now early this afternoon (7/11/10) my AVG scheduled scan was conducted again and the same two infections showed up, one being "removed and healed" and the other "not removed or healed". Why would the same two infections show up after an update? Thank you.
From: FromTheRafters on 11 Jul 2010 18:33
"Alan" <alanpan8(a)gmail.com> wrote in message news:71af2742-d75c-41f4-a154-5110ea5564b1(a)x24g2000pro.googlegroups.com... On Jul 10, 10:23 am, "FromTheRafters" <erra...(a)nomail.afraid.org> wrote: > Thanks for the update. > > The value of an antivirus lies in it's support. It's good to see a > support channel that works. > > For future reference, those file submission sites mentioned are all > ones > that help the participating vendors get early warning of new malware > or > false positive detections so that they can react to them quickly. > > "brianedow" <briane...(a)gmail.com> wrote in message > > news:adff2b96-c7b0-470b-ac9b-2073fbe14850(a)i28g2000yqa.googlegroups.com... > I got response from AVG! It appears to be a false positive! > > " > Dear customer, > > Thank you for your email. > > Unfortunately, the previous virus database might have detected the > mentioned virus on some legitimate applications. We can confirm that > it was a false alarm. We have immediately released a new virus update > that removes the false positive detection on this file. Please update > your AVG and check your files again. > > If you need to restore deleted files from AVG Virus Vault you can do > it this way: > - Open AVG user interface. > - Choose "Virus Vault" option from the "History" menu. > - Locate the file that was incorrectly removed and select it (one > click). > - Click on the "Restore" button. > > We are sorry for the inconvenience. > > In case that we can be of any further assistance, please do not > hesitate to contact us again. > Thank you. > > Best regards, > > Martin Valchev > AVG Customer Services" > > On Jul 10, 8:42 am, "David H. Lipman" <DLipman~nosp...(a)Verizon.Net> > wrote: > > > From: "brianedow" <briane...(a)gmail.com> > > > | Does anyone know about a false positive for AVG reporting Win32/ > > | DH.CAFF82037E "may" "unknown" virus? > > > What FromTheRafters said and... > > > Please upload a copy of the suspect file > > to;http://www.uploadmalware.com/for analysis. > > > Post the information from Virus Total and the fully qualified name > > and > > path of the file > > and that you uploaded it to Upload Malware. > > > -- > > Davehttp://www.claymania.com/removal-trojan-adware.html > > Multi-AV -http://www.pctipp.ch/downloads/dl/35905.asp On the morning of July 10, 2010 pacific time my Free AVG version 9.0.830 conducted a scheduled scan and found two infections: one was "removed and healed" and the other was "not removed or healed". This is what is stated on "scan results": "C:\Windows\System32\svchost.exe (5860):\memory_0b990000";"May be infected by unknown virus Win32/DH.CAFF82037F";"Object is inaccessible." "C:\Windows\System32\svchost.exe (5860)";"May be infected by unknown virus Win32/DH.CAFF82037F";"". The first's "Object Type" is file and "SDK type" is Core, and the "Result" is "object is inaccessible". For the second, the "Object Type" is process and the "SDK Type" is Core. After this scan, AVG updated itself (in the afternoon of 7/10/10) Now early this afternoon (7/11/10) my AVG scheduled scan was conducted again and the same two infections showed up, one being "removed and healed" and the other "not removed or healed". Why would the same two infections show up after an update? Thank you. *** Maybe you need *another* update. *** |