Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[Oldjim]

I assume it is a false alarm but you may want to look into it

[roseway]

It's certainly a false alarm. The only function of upload**.exe is to upload data to MyDSLWebStats. If you don't use MDWS you can delete that file and DSLstats will continue to work normally.

[Ronski]

The best thing you can do is submit the file to Kaspersky, they will then check it and white list it or whatever they do to stop it being picked up incorrectly again.

[roseway]

Thanks for the suggestion. I'll see what I can do.

[jelv]

I think Ronski's post was directed to Jim.

[roseway]

Oh right, yes. I wasn't sure what to do anyway because I don't use Windows.

[Ronski]

To be honest it applies to both Jim and Roseway, the more people that submit  false positives for testing the more likely the problem will get resolved,   although in theory it should only take one person to submit it.

It seems this can be done online.

https://virusdesk.kaspersky.com

PS. As a programmer it would also be worth using www.virustotal.com to scan files and then submit to any that show problems.

[roseway]

Thanks again Ronski.

[Oldjim]

It also was unhappy with an Autodesk download dated 2001 - make of that what you will
(It does show the garbage I still have on my hard drive)_

[adrianw]

Virus detection is a black art, usually based on the content of a file rather than its age or name.
False positives from McAfee and ClamAV have caused severe problems at $JOB when they made some executables unavailable, causing service outages and necessitating whitelisting and restoration.
I have had some problems at home too.

Then there is the vast amount of effort expended in patching software bugs which would trivial in effect but for their being exploitable.
Home computer users probably do not realise how big a task this can be for organisations.

I wish the penalties for malware authors were far more severe.
Share something copyrighted by the media with a relatively few and you are likely to have to pay a lot.
Spread malware around the world and you appear to be unlikely to be caught, let alone punished.
Sometimes I even wish that the punishment for malware authors was capital, with world-wide scope.

/rant=off

[sevenlayermuddle]

I have had occasion myself to submit a 'false positive' to Kaspersky,they duly 'whitelisted' it.

Unfortunately it appeared that their whitelisting process is machine-specific, the file in question no longer triggered an alert on my system, but it still showed as a threat on everybody else's system, just not mine.  As I already knew it was false-positive, the process was rather pointless.

Even on my own PC, after copying the harmless file to another location on the same HDD, it was once again wrongly flagged as a virus.

That did not surprise me.  If AV vendors were to globally whitelist, just on the say-so of an individual user, obviously, they would soon come to grief.

[Ronski]

7LM you'll probably find you white listed it when your system detected it. AV companies don't take an EU word, they analyse the file. I believe this is why common programs have little or no problems because there are lots of users who submit false positives, but with programs like DLStats and Hg612 stats there are not many users.

I often have problems with software we use at work when I  upgrade it,  I have to remember to completely disable AVG because it takes a dislike to the downloaded update files which are always different.

[roseway]

I submitted upload14.exe to Kasperski as a false positive, and received this reply:

This message has been generated by an automatic message response system. The message contains details about verdicts that have been returned by Anti-Virus in response to the files (if any are included in the message) with the latest updates installed.   

upload14.exe - Trojan-Ransom.Win32.CryFile.wtx

New malicious software was found in this file. It's detection will be included in the next update. Thank you for your help.

Best Regards, Kaspersky Lab

"39A/3 Leningradskoe Shosse, Moscow, 125212, Russia Tel./Fax: + 7 (495) 797 8700  http://www.kaspersky.com http://www.viruslist.com"

So where do I go from here? They're wrong, but upload14.exe does contain some encrypted information which I guess could by pure chance produce a string of characters corresponding to one of their virus signatures. How on earth do I prove it?

[tbailey2]

I submitted upload14.exe to Kasperski as a false positive, and received this reply:

This message has been generated by an automatic message response system. The message contains details about verdicts that have been returned by Anti-Virus in response to the files (if any are included in the message) with the latest updates installed.   

upload14.exe - Trojan-Ransom.Win32.CryFile.wtx

New malicious software was found in this file. It's detection will be included in the next update. Thank you for your help.

Best Regards, Kaspersky Lab

"39A/3 Leningradskoe Shosse, Moscow, 125212, Russia Tel./Fax: + 7 (495) 797 8700  http://www.kaspersky.com http://www.viruslist.com"

So where do I go from here? They're wrong, but upload14.exe does contain some encrypted information which I guess could by pure chance produce a string of characters corresponding to one of their virus signatures. How on earth do I prove it?

a) Tell them their grasp of the English language is as inaccurate as their virus detection mechanism
b) Don't use Kaspersky.

Seriously, don't they have a sandbox they can actually test it in and confirm there is an active virus in there, or in this case that there is not?

Ask them if they physically tested it, tell them you are the author and what it does within your software suite. I submitted multiple versions of upload*.exe yesterday as false positives but didn't ask for a response.

[roseway]

Thanks, but it's not clear where I could address such argumentative points, and to be honest, I don't have the energy for that sort of argument. As to (b), that's not in my power of course, I'm the author, not the user.