You are here

Home » Forums » Support Forums » Other Apps Support (Deprecated)

FP for trojan in notepad2 ?

8 posts / 0 new
Log in or register to post comments
Last post
September 6, 2014 - 1:13pm
#1
hfelton
Offline
Last seen: 8 years 1 month ago
Joined: 2006-10-12 04:59
FP for trojan in notepad2 ?

afaict, clamav is the only antivirus that is flagging notepad2 (the paf, not the main-exe) as a trojan...

it looks like folks have checked the file (monthly?) since june of this year... see: https://www.virustotal.com/en/file/51a048bdfbe2c718312560cf49f31148ee8b7...
and my most-recent check at the other-place is at: http://virusscan.jotti.org/en/scanresult/b7a52cabc03ecbd215634ce5ece9d49...

my question, assuming that it is indeed a false-positive, has to do with why i was not able to locate any mention of it in the forums...
NADA: https://portableapps.com/search/node/trojan%20notepad2
UNRELATED: https://portableapps.com/search/node/trojan%20notepad

otoh - am i incorrect in assuming that this is a false-positive? oddly, i was surprised that the language was listed as turkish - so maybe that is the issue? idk... in case it matters, the trojan is listed as BC.Heuristic.Trojan.SusPacked.BF-6.B fwiw...

tia, h.

Top
September 6, 2014 - 1:38pm
Gord Caswell
Gord Caswell's picture
Offline
Last seen: 1 day 27 min ago
DeveloperModerator
Joined: 2008-07-24 18:46
Indeed a false positive

This is indeed a false positive, which is why there's nothing mentioned anywhere. You can tell it's a FP due to the fact no other antivirus vendors list it as such, as well as the fact that it is a "heuristic" result, list as "suspicious". In other words, the program is guessing.

I've submitted it to ClamAV to fix.

Top
October 23, 2014 - 5:48pm
(Reply to #2)
Gord Caswell
Gord Caswell's picture
Offline
Last seen: 1 day 27 min ago
DeveloperModerator
Joined: 2008-07-24 18:46
Fixed by ClamAV

I just hot an email back from ClamAV, stating that this has now been fixed in their database, in daily 19529

Top
September 6, 2014 - 1:47pm
John T. Haller
John T. Haller's picture
Online
Last seen: 44 sec ago
AdminDeveloperModeratorTranslator
Joined: 2005-11-28 22:21
Virus Total Tells The Story

Anytime you see a single antivirus engine flag a file and all others say it's clear, it's a false positive. In those cases, there's no need to even ask. You can submit the false positive to the antivirus publisher or ask us to by posting a heads up in the forums here.

Sometimes, the impossible can become possible, if you're awesome!

Top
September 6, 2014 - 2:01pm
(Reply to #4)
hfelton
Offline
Last seen: 8 years 1 month ago
Joined: 2006-10-12 04:59
submitting ?

thanx for the explanations - and to the dude who is submitting it to clam-av to fix...

i guess im a little bit shy to do so (submit a file as false-positive) since i didnt make it (the file)... also, i guess the other-folks who had been testing the file since june (it was released in april afaict) had more common-sense than i did on the subject...

so - assuming i ever notice something like this again - ill just post-here and hope the person who created-the-paf will submit it..

thx again, h. Smile

Top
September 6, 2014 - 2:11pm
(Reply to #5)
Gord Caswell
Gord Caswell's picture
Offline
Last seen: 1 day 27 min ago
DeveloperModerator
Joined: 2008-07-24 18:46
submitted files get verified

Something to keep in mind is that when you submit a file to an antivirus company stating they've classified it as a virus falsely, they don't just take your word for it, they check the file themselves. So it doesn't matter if you built the file or not.

Top
September 6, 2014 - 4:45pm
(Reply to #6)
3D1T0R
3D1T0R's picture
Offline
Last seen: 2 years 2 months ago
Developer
Joined: 2006-12-29 23:48
As Gord Says, they test False Positives themselves.

Antivirus companies don't technically let you submit files as false positives, rather they let you submit files as possible false positives, then they check to see if you're right and add the files that they deem to be safe to their whitelist.

~3D1T0R

Top
September 7, 2014 - 10:54pm
(Reply to #7)
hfelton
Offline
Last seen: 8 years 1 month ago
Joined: 2006-10-12 04:59
so...

im grateful for all the comments and insights... ive often claimed that 'common sense' is neither necessarily common, nor sensical... Smile

so - posting here (whether id submitted-it as a potential-FP or not) is still useful...

have fun, h.

Top
Log in or register to post comments