Is this a False (Infostealer.bancos) Trojan alert?

Duis mollis, est non commodo luctus, nisi erat porttitor ligula, eget lacinia odio sem nec elit. Sed posuere consectetur est at lobortis. Vestibulum id ligula porta felis euismod semper. Donec ullamcorper nulla non metus auctor fringilla. Aenean lacinia bibendum nulla sed consectetur. Cras justo odio, dapibus ac facilisis in, egestas eget quam. Cras mattis consectetur purus sit amet fermentum. Morbi leo risus, porta ac consectetur ac, vestibulum at eros. Sed posuere consectetur est at lobortis. Etiam porta sem malesuada magna mollis euismod. Cum sociis natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus. Duis mollis, est non commodo luctus, nisi erat porttitor ligula, eget lacinia odio sem nec elit. Cras justo odio, dapibus ac facilisis in, egestas eget quam. Aenean eu leo quam. Pellentesque ornare sem lacinia quam venenatis vestibulum. Curabitur blandit tempus porttitor. Sed posuere consectetur est at lobortis.

tested it and it looks safe. Other vendors also tell me so

Hello Tyro,

 

Sorry to hear of your problems with the false positive detection on DIYPack25ep.zip.

We have investigated this detection and found that the file involved (fixhex2.exe) is indeed clean and have subsequently removed our detection for it.

 

You should download the latest Rapid Release Virus Defintion (Sequence 84326,  20080804.020 or higher) files from this location:

ftp://ftp.symantec.com/public/english_us_canada/antivirus_definitions/norton_antivirus/rapidrelease/symrapidreleasedefsi32.exe

 

I trust that this should resolve this problem for you.

 

Regards,

 

Hon 

 

 

 

Thanks a lot Stu and  hon_lau, you have been prompt and have offered a solution. This should help Frank and his team at DIY Electronics who have been flooded with numerous messages on this subject. Mr. Jim Robertson of Newfound Electronics must be equally pleased that his his work is not labelled as Virus creation.

 

Hats off to all you guys for replying so promptly and sharing your valuable time for making our work and hobbies easier.. Frank (DIY Electronics), I feel you should post similar enquiries (on virus) in future to such Forum so third party certification may remove all doubts and save you valuable time in open software.

 

Sorry for being a bother to Frank, Stu and hon_lau.

I request one more help on the same subject. I understand from Frank that another file in this zipped file is also reporting false virus alerts in different AV's. The file is microbrn.exe. If hon_lau or Stu can confirm that this file is also virus free it would be a great help to people like Frank who spend their valuable time helping others much like Stu and hon_lau.

 

Sorry for being a bother to you guys.

Please send this file to Symantec. Malware Submission

Some vendors do find something.  http://www.virustotal.com/nl/analisis/33756a0b6e445dd01990f15bc9e82b24

 

I will send the file to some other vendors and see what happens.

4 Likes

Stu, thanks. The file was submitted today.Let’s await the results?::smileysurprised::


Tyro wrote:
Stu, thanks. The file was submitted today.Let's await the results?::smileysurprised::

Please post the Symantec reference number for your malware submission here. It will be easier to track the submission and results. Thanks!

Tracking #9795126

The free online scanner at http://security.symantec.com/sscv6/home.asp? still shows the fixhex2.exe as a virus! It needs to be updated I suppose.

Tyro,

 

The file you submitted to us wasn't being detected by Symantec. It has been analyzed and deemed clean.

 

When is the last time you performed an online scan and saw fixhex2.exe being detected? I tried scanning the file with definitions from today (7th August 2008) and the file wasn't detected. I also performed an online scan with the file on my computer and couldn't reproduce the detection you mention. Please post your experience whatever the result may be.

 

Regards,

- DesiT

 

Yesterday I tried the online scanner and it reported virus in the fixhex2.exe. The file I submitted was microbrn.exe, is it the file you are saying is clean? Can you please clarify? Thanks a lot to all of you folks!

Yes, the file you submitted (submission #9795126) had an MD5 hash equal to 0x0fe62a97a08e2e75ab395b1562b6d7d0. It's name is 'microbrn.exe'. This file is clean.

 

Please try using the online scanner for fixhex2.exe and let us know the outcome.

 

Regards,

- DesiT

Thanks Desi and the entire Symantec team. Frank and his team can heave a sigh of relief and need not keep answering the same query on microbrn.exe and fixhex2.exe that they are indeed clean. I hope everyone using their extremely useful programming kit gets assured that Frank is indeed frank when he certifies their program is clean.

 

Thanks a lot to you folks at Symantec for the time and effort spent. Am purchasing the NAV2009 as soon as it is available for release.

Why not buy N.I.S. 2009 upon Release as it will better-protect you because some features of N.I.S. 2009 will not be in N.AV 2009?