Terms of Use For FixedByVonnie

By proceeding to access fixedByVonnie.com, you expressly acknowledge, and agree to, all of the following:

fixedByVonnie.com is a personal website and blog owned by Security Plus Pro LLC, which is being presented for informational purposes only. The views on this website are solely those of the website owner (and not those of any employer or of any professional associations affiliated with the website owner).  Any views expressed in this website and any information presented on this website, or in any of its blog entries, should not be relied on for any purpose whatsoever other than as the personal opinions of the website owner.  The website owner expressly disclaims any and all liability for any information presented on this site.  The owner of this website and its blog posts shall not be held liable, and shall be held harmless, for any errors or omissions in any information or representations contained in this website, or in any of its blog entries.  The website owner also expressly disclaims any liability for the current or future availability of any such information. The website owner makes no representations as to the accuracy or completeness of any information on this website or which may be found by following any link on this website. The website owner shall not be held liable for any losses, injuries, damages, claims, or causes of action, from the display or use of any information on this website or in any of its blog entries. If you use the information on this website, or on any of its blog entries, you do so solely at your own risk.

Do I really have a virus or is it just a false positive? - fixedByVonnie

Do I really have a virus or is it just a false positive?

A false positive is simply a diagnosis mistake.  In the context of malware, it refers to the occasional case where anti-malware applications flag benign files as dangerous.

Today I want to show you two things:

  • How to tell if your antivirus software made a mistake
  • Reporting the false positives to the vendors

Let’s get right to it.

Where did the file come from?

We need to start with the obvious stuff first:

Where did the file come from?

If it came from your imperturbable boss who is constantly paranoid about viruses then the file is probably safe.

Conversely, if it came from the turbid waters of BitTorrent then the software pirates sailing those seas probably attached a few nasty Trojans for you.

It really boils down to trust.

If the file source seems the least bit nebulous or unsavory then stop and think about why.

Did it come from your skittish aunt who blithely opens every attachment she receives?  Or maybe it came from your ex-wife moments before the divorce?  Or maybe you downloaded it from a reputable website but something about the file makes you feel weird.

Was the installer replete with annoying offers?  Are you sure that website was really official and not masquerading as the real thing?

Also be wary of those annoying download bars rampant on freeware sites.  We often have to weave our way through the labyrinth of advertisements and “fake” download buttons just to get to the software we want.

Some sites such as snapfiles.com don’t have the duplicity to trick you with silly “look-alike” buttons but everyone isn’t so nice.

Download files from Spencer

Majorgeeks.com, for example, requires your full attention.

You need to carefully navigate the ad maze to find the real download button.

Hint: It’s not the big green Download Now button, the real button is actually further down under DOWNLOAD LOCATIONS.

Download files from Majorgeeks

Watch out for stuff like that.

See what the other guys say

Let’s say the check engine light on your car suddenly lights up one morning.

The way I see it – there are two possibilities here – either:

  • The warning light is broken and your engine is actually fine or
  • The engine really has a problem

So how would you figure this out?

You could take it to the unscrupulous mechanic down the street and give credence to his opinion that you need a new transmission.

But you wouldn’t trust this mechanic on his word alone.  After all, your trusty Dad had nothing but pejorative things to say about that dump hole.

So what do you do?

You drive up the road to Sal’s Spiffy Lube.  He has a five star reputation in town and is known for being both competent and cordial.

When you pull up to the station, the mechanic inspects your car and immediately realizes the root problem is a short in your electrical system.

You then take your car to a third mechanic for a final opinion and he corroborates Sal’s diagnosis.

This is a similar procedure to follow when figuring out if a file is actually infected.

Don’t speculate; get the facts.

I suggest scanning the file with 53 concurrent antivirus engines at VirusTotal.

You can either download the VirusTotal uploader and install the application or upload your file directly through the browser (just make sure it’s less than 64MB)

I wrote about VirusTotal a few days ago and listed it as one of my top two programs to get this summer.  It’s a great resource and is not only perfect for discerning false positives but also for making sure suspicious file are truly aseptic.


My VirusTotal rationale is if the file infection is dubious then only a few virus vendors will flag the alarm.  For example, AVG might report the file as infected; however, the other 52 antivirus engines might show that you’re in the clear.

Anubis is also a good service for analyzing freaky files but it isn’t as robust as VirusTotal.


Now here’s the thing: after using VirusTotal and Anubis the file still could be infected but at least you’ll have a good reason to believe that AVG is responsible for the false positive.

In that case, we can report the false positive so the antivirus makers can augment their databases.

You can ZIP up the potential virus and email all the big guys at once or take a more focused approach by sending it directly to the relevant vendors:

Here’s how to report false positives to a few of the big guys:

To be extra sure I would throw the alleged virus name into Google to read what other people have said about it.  If it’s been around for a while and is actually a false positive then you’ll get corroboration online.

You can also try hunting down the developer contact to ask them if the file is legit.

The Bottom Line

No computer user is impervious to computer viruses.  Your experience and software protection stack is irrelevant: everyone is susceptible to being infected.

The real question is whether or not the alleged infection is valid.

The best way to ascertain the legitimacy of a file is to think about its source.  Pay attention to the files origin.

Also, using tools such as VirusTotal and Anubis can either corrobrate or contradict your suspicion.

So what do you guys think?  Have you had any false positives recently?  Please share in the comments section below!

About

Connect with Vonnie on Twitter

Posted in Windows, Windows 7, Windows 8, Windows 8.1 Tagged with: , , ,