kinda worried

okay, i got a friend bringing his laptop for a CMOS battery installation and a clean-up, so in prep i go round to my favorite sites and snag a bunch of my old faithful favorite tools. MBAM install, Combofix, SmitfraudFix, HJT, GMER, and a few others. I only get CF and SFF from bleepingcomputer, and for the very first time my AVG identity protector threw a warning on SFF. claimed Win32/Shutdown.NAA was a PUP.

i've dug around for awhile but i can't find any reference to Win32/Shutdown.NAA outside logs from various tools which may or may not have deleted it. SystemLookup has no idea and i can't find anything decisive on the thing.

so i submit my question thusly: what d'ya think? bleepingcomp is trustworthy, smitfraudfix is too, has the download been gimped? is AVG throwing a false positive? am I being a noob? :confused

thanks in advance Major Geeks,
rock on
Magical2099

 

From Personal Expierence a Website i have Been Using for WELL over 2 YEars fpr Watching Japanese Animé on Has Recently Started Showing This Attack Site Crap WHen i Know ITs Safe I Thinks IT Certain People Abuse The Report Site Functions on Anti Viruses and The case may be the same for you.. Not Gaurenteed but just an opnion

 

close leslie, but no cigar. I know what ya mean though and yeah alotta folks do abuse those things. what i'm asking about isn't voted on by the public though, generally only malware fighters and system analysts. the file is part of a specialty malware removal tool geared towards rouge antiviruses. what worries me is that a trusted tool like this one is showing a PUP- potentially unwanted program status. doesn't mean its bad, per-say, just means its capable of doing bad things. normally with a tool this well known and made by a guy that does so much against malware they get ignored.

thanks for the reply! good luck with your site!

 

Just an anecdote, not from any specific testing, but I've stopped using AVG due to false positives....

You can get a "second opinion" on the suspect files by running them through an online scanner, such as Kaspersky's File Scanner, and maybe it will give you some peace of mind.

 

i've run an updated MBAM and HJT with no threats found, but i also haven't run the fresh DL of SFF either, so that doesn't guarantee anything. if it is a false positive, it'll be the first i've had out of AVG, but hey nobody's perfect.

 

I'd say its a false positive.
Upload to Jotti or Virus total.

http://www.virustotal.com/
http://virusscan.jotti.org/en

Some may flag, but it will have to be an educated, guess! I'd still go with FP since you got it from BC.

Cheers..

Cheers.

 

http://www.virustotal.com/analisis/...13b0b8ce2f57e587d55444ab61eadc535a-1269337227

http://virusscan.jotti.org/en/scanr...fa48/549417890032ca7b001276534eafafb86aaa88ab

first time i've used either sikvik and i don't know if these results make me feel better or not. low low ratios but the bad are claiming nasty things for sure

 

It could be the intrusive nature of the scanner. I'd go for it.. but that's me. If BC is half as diligent in hosting downloads as MG's, I'd run the installer LOL

 

thanks Doc, sikvik. i've dealt with false positives before, but i guess this one just made me nervous. it was a double first: a warning on anything from bleeping and a warning from AVG on a program that it has never flagged before. i guess what i was looking for in this thread was someone else who had received the same and knew it for a FA.

on a completely unrelated note: did i break any kinda help-forum taboo by asking here? from what i've read, so long as i don't train or help with malware on another site i'm fine. if i'm wrong in that, the sooner i know the better :major

 

yes ma'am i've dealt with double dippers in the real world too, makes it even more annoying when its people ya know lol, i'm gonna make a thread over at geekU with a link to this one and ask one of the instructors to look at it and see if i've broken any of their rules. :cool

 

Nope, you have not broken any rules on the Terms of use on Geeks to Go, even if you are in geekU. geekU only ask you not to have a running Malware removal thread - in G2G when you sign up for geekU.
Cheers..