Re: HEUR / malware??


Puzzlemuscle wrote:
Lou wrote:
Puzzlemuscle wrote:
Hi Lou,

I think the article you read is
http://forums.miranda-im.org/showthread.php?t=10519
As I have mentioned in some threads , Antivir is well known for its
False Positive.

But I still like Antivir because after you send the False Positive
Files, they will take away the detection in a short time, 2-3 days ,
may be several hours for serious cases.After all, users can enjoy high
heuristic detection for free from antivir to detect unknown virus.

In your case ( and many others as you read,actually one of my friends
has the same problem too ), may take a longer time since it is not a
signature detection, it is a heurisitic detection which concerning the
scan engine.

Antivir had just updated its Engine in 30/8/06 when the potential false
positives took place, I think they added two problemic heuristic
detections including
HEUR/ Malware and DR/Delphi.gen .

I hope they will fix their engine soon.

Concerning A0040283.dll , I guess it is a file under System Volume
Information which is the file that Backups for System Restore.You are
doing the right thing, by choosing "ignore". Viruses there can not
function.They will do no harm even if you do not delete them. But once
you restore your system to those restore points, you may make them live
again.


Thanks for all the help. Now that I understand how to make exceptions I
am going to stay with antivir. Also knowing that ignore is OK is
helpful for those items that turn up just once in a while.

Lou
Education is about knowing where to look for answers.


Hi Lou,

For "those items that turn up just once in a while",we should choose
"ignore" Only when:
1. the virus( suspicious file) is located under System Volume
Information folder.
(if you want to clean up the viruses there, you have to disable
System Restore function and then re-enable it.By doing this, all your
system restore points will be lost.)

2. we strongly believe a file is clean and will do no harm to our
computer. i.e. Antivir is making false alarm
The drawback of heuristic detection is making false positive, if
AntiVir alerts you about a virus infection , and the virus name has
HEUR/- prefix or -.Gen suffix , it is possible that the file
is not infected. In this case, you should submit the files to Avira for
further checking, so that they can improve their engine/signature or
add new virus sighnature to the database.

If you do not know whether the files detected with heuristics are clean
or not, you should choose "quarantine".
For 4 reasons:
1. You can restore them and send the suspicious files to Antivir Lab

2. Restore the files to original places if Antivir tell you it is not a
virus at all.

3. If it is a virus. it cannot harm your computer.

4. Restore them and Scan the files in muti-av-scanner websites, such as

http://www.virustotal.com
http://virusscan.jotti.org
http://scanner.virus.org

to see what other av-scanners find about the file.

In other "those items that turn up just once in a while" situations, we
should choose "quarantine" or "delete" , when detections with the virus
names do not contain HEUR/- prefix or -.Gen suffix. e.g.
TR/Spy.Banker.anv


Puzzlemuscle

Finally I want to apologise for any inconvenience caused when reading
my replys.
English is not my mother tongue and there are some typing mistakes.

Puzzlmuscle

.

Loading