false positive virus warning in F-secure W32/Malware!Gemini

rullbandspelare · Post by **rullbandspelare** » Mon Mar 18, 2013 7:21 pm

The IT department is detecting W32/Malware!Gemini in my version14 compiled .exe via F-secure.
http://www.f-secure.com/v-descs/suspici ... mini.shtml

Any ideas on what to tell them to make them feel better?
I have asked them to turn off Heuristic Detection and try with a different anti virus program. What else?

Thanks!

Jerry Thomas · Post by **Jerry Thomas** » Mon Mar 18, 2013 9:17 pm

When we get hits on our software, the first thing I do is run through this website. They have the detection scheme for about 40 different anti virus programs (including the big names).

Then we contact the 1 or 2 companies that show a positive, ask them to check and then fix their algorithyms. MOST respond very quickly and seem glad to help. Of course there is always the occasional 'It must be bad because our software said it is, and our software NEVER makes mistakes.'

https://www.virustotal.com/en/

CyberCitizen · Post by **CyberCitizen** » Mon Mar 18, 2013 11:53 pm

Can also try changing the code eg add some comment text and re-compile see if that resolves it, or is it being detected for all MS compiled exes?

Post by **Marcus Tettmar** » Thu Mar 21, 2013 7:56 pm

As Jerry says:

1) first run through virustotal.com so you can see and show your IT dept that this is a false positive as other AV tools don't report any issue.

2) Please, please, please report a false positive to f-secure. If no one reports it they will not fix it - *THEIR* software is *WRONG* and we need to tell them so that others don't have the same problem and so that as soon as they release an update your systems will start working again.

Here's their page on false-positives with a link to a form you can fill in and upload a .exe that reproduces the problem:
http://www.f-secure.com/v-descs/false_positive.shtml

3) Make sure your AV tool is set to automatically download new definitions and updates.

Most AV vendors are pretty quick at fixing false positives.

Post by **Marcus Tettmar** » Thu Mar 21, 2013 8:16 pm

Just discovered this very useful article:

http://www.techsupportalert.com/content ... endors.htm

It lists all the AV vendor sites with links for reporting false positives. Much easier than googling.

fthomas · Post by **fthomas** » Tue Jul 30, 2013 2:57 pm

Thanks for posting the link Marcus, definitely helpful.

Frank

CyberCitizen · Post by **CyberCitizen** » Wed Jul 31, 2013 1:19 am

Thanks For That List, Also Saved It.

armsys · Post by **armsys** » Wed Jul 31, 2013 9:16 am

Try: https://www.virustotal.com/en/file/3c3a ... 375262120/
The latest version of MS passes all 46 antivirus tests.
SHA256: 3c3a8b58f844f831cf8e299331d4e9ba9385182675f426422444be0d62879ce2
SHA1: da7c702780a274ba83f1daf9884e8707f8e389da
MD5: 9008a92bd0096f72a13e8be71a7af77c
File size: 13.8 MB ( 14420200 bytes )
File name: msfullwc14.0.13.exe
File type: Win32 EXE
Detection ratio: 0 / 46
Agnitum 20130730
AhnLab-V3 20130730
AntiVir 20130731
Antiy-AVL 20130731
Avast 20130731
AVG 20130731
BitDefender 20130731
ByteHero 20130724
CAT-QuickHeal 20130731
ClamAV 20130731
Commtouch 20130731
Comodo 20130731
DrWeb 20130731
Emsisoft 20130731
ESET-NOD32 20130731
F-Prot 20130731
F-Secure 20130731
Fortinet 20130731
GData 20130731
Ikarus 20130731
Jiangmin 20130731
K7AntiVirus 20130730
K7GW 20130730
Kaspersky 20130731
Kingsoft 20130723
Malwarebytes 20130731
McAfee 20130731
McAfee-GW-Edition 20130730
Microsoft 20130731
MicroWorld-eScan 20130731
NANO-Antivirus 20130731
Norman 20130731
nProtect 20130731
Panda 20130730
PCTools 20130731
Rising 20130731
Sophos 20130731
SUPERAntiSpyware 20130731
Symantec 20130731
TheHacker 20130730
TotalDefense 20130730
TrendMicro 20130731
TrendMicro-HouseCall 20130731
VBA32 20130730
VIPRE 20130731
ViRobot 20130731