AVG Win32/DH.CAFF82037E

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View


Does anyone know about a false positive for AVG reporting Win32/
DH.CAFF82037E "may" "unknown" virus?

Re: AVG Win32/DH.CAFF82037E



Quoted text here. Click to load it

Submit the file to virustotal.com, jotti.org, or virscan.org to see what
other scanner's report.

Also, it is important to know the filename and the location in which it
was found (full path).



Re: AVG Win32/DH.CAFF82037E




| Does anyone know about a false positive for AVG reporting Win32/
| DH.CAFF82037E "may" "unknown" virus?

What FromTheRafters said and...

Please upload a copy of the suspect file to; http://www.uploadmalware.com/ for
analysis.

Post the information from Virus Total and the fully qualified name and path of
the file
and that you uploaded it to Upload Malware.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Re: AVG Win32/DH.CAFF82037E



I got response from AVG!  It appears to be a false positive!

"
Dear customer,

Thank you for your email.

Unfortunately, the previous virus database might have detected the
mentioned virus on some legitimate applications. We can confirm that
it was a false alarm. We have immediately released a new virus update
that removes the false positive detection on this file. Please update
your AVG and check your files again.

If you need to restore deleted files from AVG Virus Vault you can do
it this way:
- Open AVG user interface.
- Choose "Virus Vault" option from the "History" menu.
- Locate the file that was incorrectly removed and select it (one
click).
- Click on the "Restore" button.

We are sorry for the inconvenience.

In case that we can be of any further assistance, please do not
hesitate to contact us again.
Thank you.

Best regards,

 Martin Valchev
 AVG Customer Services"


wrote:
Quoted text here. Click to load it


Re: AVG Win32/DH.CAFF82037E




| I got response from AVG!  It appears to be a false positive!

| "
| Dear customer,

| Thank you for your email.

| Unfortunately, the previous virus database might have detected the
| mentioned virus on some legitimate applications. We can confirm that
| it was a false alarm. We have immediately released a new virus update
| that removes the false positive detection on this file. Please update
| your AVG and check your files again.

Well that's that....  :-)

Thank you for the update.


--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Re: AVG Win32/DH.CAFF82037E



Thanks for the update.

The value of an antivirus lies in it's support. It's good to see a
support channel that works.

For future reference, those file submission sites mentioned are all ones
that help the participating vendors get early warning of new malware or
false positive detections so that they can react to them quickly.

I got response from AVG!  It appears to be a false positive!

"
Dear customer,

Thank you for your email.

Unfortunately, the previous virus database might have detected the
mentioned virus on some legitimate applications. We can confirm that
it was a false alarm. We have immediately released a new virus update
that removes the false positive detection on this file. Please update
your AVG and check your files again.

If you need to restore deleted files from AVG Virus Vault you can do
it this way:
- Open AVG user interface.
- Choose "Virus Vault" option from the "History" menu.
- Locate the file that was incorrectly removed and select it (one
click).
- Click on the "Restore" button.

We are sorry for the inconvenience.

In case that we can be of any further assistance, please do not
hesitate to contact us again.
Thank you.

Best regards,

 Martin Valchev
 AVG Customer Services"


wrote:
Quoted text here. Click to load it



Re: AVG Win32/DH.CAFF82037E



wrote:
Quoted text here. Click to load it

On the morning of July 10, 2010 pacific time my Free AVG version
9.0.830 conducted a scheduled scan and found two infections: one was
"removed and healed" and the other was "not removed or healed". This
is what is stated on "scan results":

"C:\Windows\System32\svchost.exe (5860):\memory_0b990000";"May be
infected by unknown virus Win32/DH.CAFF82037F";"Object is
inaccessible."

 "C:\Windows\System32\svchost.exe (5860)";"May be infected by unknown
virus Win32/DH.CAFF82037F";"".

The first's "Object Type" is file and "SDK type" is Core, and the
"Result" is "object is inaccessible". For the second, the "Object
Type" is process and the "SDK Type" is Core.

After this scan, AVG updated itself (in the afternoon of 7/10/10)

Now early this afternoon (7/11/10) my AVG scheduled scan was conducted
again and the same two infections showed up, one being "removed and
healed" and the other "not removed or healed". Why would the same two
infections show up after an update?

Thank you.


Re: AVG Win32/DH.CAFF82037E



wrote:
Quoted text here. Click to load it

On the morning of July 10, 2010 pacific time my Free AVG version
9.0.830 conducted a scheduled scan and found two infections: one was
"removed and healed" and the other was "not removed or healed". This
is what is stated on "scan results":

"C:\Windows\System32\svchost.exe (5860):\memory_0b990000";"May be
infected by unknown virus Win32/DH.CAFF82037F";"Object is
inaccessible."

 "C:\Windows\System32\svchost.exe (5860)";"May be infected by unknown
virus Win32/DH.CAFF82037F";"".

The first's "Object Type" is file and "SDK type" is Core, and the
"Result" is "object is inaccessible". For the second, the "Object
Type" is process and the "SDK Type" is Core.

After this scan, AVG updated itself (in the afternoon of 7/10/10)

Now early this afternoon (7/11/10) my AVG scheduled scan was conducted
again and the same two infections showed up, one being "removed and
healed" and the other "not removed or healed". Why would the same two
infections show up after an update?

Thank you.

***
Maybe you need *another* update.
***



Re: AVG Win32/DH.CAFF82037E



brianedow says...
Quoted text here. Click to load it

No big surprise there.


Site Timeline