You are here

FP for trojan in notepad2 ?

8 posts / 0 new
Last post
hfelton
Offline
Last seen: 9 years 2 months ago
Joined: 2006-10-12 04:59
FP for trojan in notepad2 ?

afaict, clamav is the only antivirus that is flagging notepad2 (the paf, not the main-exe) as a trojan...

it looks like folks have checked the file (monthly?) since june of this year... see: https://www.virustotal.com/en/file/51a048bdfbe2c718312560cf49f31148ee8b7...
and my most-recent check at the other-place is at: http://virusscan.jotti.org/en/scanresult/b7a52cabc03ecbd215634ce5ece9d49...

my question, assuming that it is indeed a false-positive, has to do with why i was not able to locate any mention of it in the forums...
NADA: https://portableapps.com/search/node/trojan%20notepad2
UNRELATED: https://portableapps.com/search/node/trojan%20notepad

otoh - am i incorrect in assuming that this is a false-positive? oddly, i was surprised that the language was listed as turkish - so maybe that is the issue? idk... in case it matters, the trojan is listed as BC.Heuristic.Trojan.SusPacked.BF-6.B fwiw...

tia, h.

Gord Caswell
Gord Caswell's picture
Offline
Last seen: 5 days 2 hours ago
DeveloperModerator
Joined: 2008-07-24 18:46
Indeed a false positive

This is indeed a false positive, which is why there's nothing mentioned anywhere. You can tell it's a FP due to the fact no other antivirus vendors list it as such, as well as the fact that it is a "heuristic" result, list as "suspicious". In other words, the program is guessing.

I've submitted it to ClamAV to fix.

Gord Caswell
Gord Caswell's picture
Offline
Last seen: 5 days 2 hours ago
DeveloperModerator
Joined: 2008-07-24 18:46
Fixed by ClamAV

I just hot an email back from ClamAV, stating that this has now been fixed in their database, in daily 19529

John T. Haller
John T. Haller's picture
Online
Last seen: 20 min 11 sec ago
AdminDeveloperModeratorTranslator
Joined: 2005-11-28 22:21
Virus Total Tells The Story

Anytime you see a single antivirus engine flag a file and all others say it's clear, it's a false positive. In those cases, there's no need to even ask. You can submit the false positive to the antivirus publisher or ask us to by posting a heads up in the forums here.

Sometimes, the impossible can become possible, if you're awesome!

hfelton
Offline
Last seen: 9 years 2 months ago
Joined: 2006-10-12 04:59
submitting ?

thanx for the explanations - and to the dude who is submitting it to clam-av to fix...

i guess im a little bit shy to do so (submit a file as false-positive) since i didnt make it (the file)... also, i guess the other-folks who had been testing the file since june (it was released in april afaict) had more common-sense than i did on the subject...

so - assuming i ever notice something like this again - ill just post-here and hope the person who created-the-paf will submit it..

thx again, h. Smile

Gord Caswell
Gord Caswell's picture
Offline
Last seen: 5 days 2 hours ago
DeveloperModerator
Joined: 2008-07-24 18:46
submitted files get verified

Something to keep in mind is that when you submit a file to an antivirus company stating they've classified it as a virus falsely, they don't just take your word for it, they check the file themselves. So it doesn't matter if you built the file or not.

3D1T0R
3D1T0R's picture
Offline
Last seen: 3 years 3 months ago
Developer
Joined: 2006-12-29 23:48
As Gord Says, they test False Positives themselves.

Antivirus companies don't technically let you submit files as false positives, rather they let you submit files as possible false positives, then they check to see if you're right and add the files that they deem to be safe to their whitelist.

~3D1T0R

hfelton
Offline
Last seen: 9 years 2 months ago
Joined: 2006-10-12 04:59
so...

im grateful for all the comments and insights... ive often claimed that 'common sense' is neither necessarily common, nor sensical... Smile

so - posting here (whether id submitted-it as a potential-FP or not) is still useful...

have fun, h.

Log in or register to post comments