Details about Discovered False Alarms – August 2012

Details about the discovered false alarms

Please download here:
English

 

With AV testing it is important to measure not only detection capabilities but also reliability – one of reliability aspects is certainly product’s tendency to flag clean files as infected. No product is immune from false positives (FP’s) but there are differences among them and the goal is to measure them. Nobody has all legitimate files that exist and so no “ultimate” test of FP’s can be done. What can be done and is reasonable, is to create and use a set of clean files which is independent. If on such set one product has e.g. 50 FP’s and another only 10, it is likely that the first product is more prone to FP’s than the other. It doesn’t mean the product with 10 FP’s doesn’t have more than 10 FP’s globally, but important is the relative number.

All listed false alarms were reported and sent to the Anti-Virus vendors for verification and should now be already fixed. False alarms caused by unencrypted data blocks in Anti-Virus related files were not counted. If a product had several false alarms belonging to the same software, it is counted here as only one false alarm. Cracks, keygens, etc. or other highly questionable tools, including FP’s distributed primary by vendors (which may be in the several thousands) or other non independent sources are not counted here as False Positives.

In order to give more information to the users about the false alarms, we try to rate the prevalence of the false alarms. Files with valid digital signatures are considered more important. Due to that, a file with e.g. prevalence “level 1″ and a valid digital signature gets upgraded to next level (e.g. prevalence “level 2″).

The prevalence is given in 5 categories and labeled with the following colors:

Level

Presumed number of affected users

Comments

1

Probably fewer than hundred users Individual cases, old or rarely used files, unknown prevalence
2

Probably several hundreds of users Initial distribution of such files was probably higher, but current usage on actual systems is lower (despite its presence), that’s why also well-known software may now affect / have only a prevalence of some hundreds or thousands of users.
3

Probably several thousands of users
4

Probably several tens of thousands (or more) of users
5

Probably several hundred of thousands (or millions) of users Such cases are likely to be seen very less frequently in a false alarm test done at a specific time, as such files are usually either whitelisted or would be noticied and fixed very fast.

Most false alarms will probably most of the times fall into the first two levels. In our opinion Anti-Virus products should not have false alarms on any sort of clean files despite how many users are affected by them. While some AV vendors may play down the risk of false alarms and play up the risk of malware, we are not going to rate products based on what the supposed prevalence of false alarms is. Currently we already allow a certain amount (15) of false alarms inside our clean set before we start penalizing scores and in our opinion products which produce a higher amount of false alarms are also more likely to produce false alarms on more prevalent files (or in other sets of clean files). The prevalence data we give about clean files is just for informational purpose. The listed prevalence can differ inside the report depending on which file / version the false alarm occurred and/or how many files of same kind were affected.

Some products using third-party engines/signatures may have fewer or more false alarms than the licensed engine has by its own, e.g. due to different internal settings implemented, the additional checks/engines/clouds/signatures, whitelist databases, time delay between the release of the original signatures and the availability of the signatures for third-party products, additional QA of signatures before release, etc.

False Positives (FPs) are an important measurement for AV quality. One FP report from a customer can result in large amount of engineering and support work to resolve the issue. Sometimes this can even lead to important data loss or system unavailability. Even “not significant” FPs (or FP’s on old applications) deserve mention and attention because FPs are likely to be a result of principled rule detections. It just happened that the FP was on an insignificant file. The FP possibility is probably still in the product and could FP again on a more significant file. Thus, they still deserve mention and still deserve penalty.

Below you will find the false alarms we observed in our independent set of clean files. Red entries highlight false alarms on files with valid digital signatures.

 

Microsoft

Microsoft had zero false alarms over our set of clean files.

 

ESET

False alarm found in some parts of Detected as Supposed prevalence
DerLauncher package INF/Autorun.gen
RT7 package MSIL/Packed.CryptoObfuscator.F
TweakXP package NewHeur_PE
WebSiteX5Smart package MSIL/Packed.CryptoObfuscator.I

ESET had 4 false alarms.

 

Kaspersky

False alarm found in some parts of Detected as Supposed prevalence
F-Secure package HEUR:Trojan.Win32.Generic
IPTools package HEUR:Trojan.Win32.Generic
KodakEasyShare package HEUR:Trojan.Win32.Generic
Trend Micro package Backdoor.Win32.IRCBot.qoq
VirusKeeper package HEUR:Trojan.Win32.Generic

Kaspersky had 5 false alarms.

 

Trend Micro

False alarm found in some parts of Detected as Supposed prevalence
CounterStrike package TROJ_SPNR.0BJS11
Deutsch package BOOT.GENERIC
InkScapePortable package Cryp_Upack
RegistryDefrag package TROJ_GEN.FC5CBGL
Vispa package Cryp_Xed-12
WinUpack package Cryp_Xed-12
XPY package Cryp_Xed-12

Trend Micro had 7 false alarms.

 

AVIRA

False alarm found in some parts of Detected as Supposed prevalence
BitWine package TR/Dropper.Gen
BrockHaus package TR/ATRAPS.Gen
DesktopLogo package DR/Hupigon.kbwa
GoXN package DR/Delphi.Gen
NetSupport package TR/Spy.311362
Nosferatu package TR/Agent.176128.160
RestoreNatur package TR/Gendal.2.301
TempControl package TR/Obfuscate.C.475
ThirdReich package TR/Dropper.Gen
VirtualBox package TR/Agent.26128.2

AVIRA had 10 false alarms.

 

BitDefender

False alarm found in some parts of Detected as Supposed prevalence
CTmanager package Gen:Trojan.Heur2.LVP.eCW@a0YoVkj
DiscountSurfer package Gen:Trojan.Heur.PT.nrZ@bS3yk0ji
IntraPact package Gen:Trojan.Heur.VP2.gm0@a0EXICli
jDownloader package DeepScan:Generic.Malware.P!.A89EF6E8
Kaspersky package Generic.HorstBased.623A9858
RummyRoyal package Backdoor.Generic.682752
Soleco package Gen:Trojan.Heur.PT.9qZ@bS3yk0ji
TNI package Trojan.Generic.1607609
Yes package Gen:Trojan.Heur2.LVP.bCW@aytgVjo
Zapfer package Gen:Variant.Kazy.62673

BitDefender had 10 false alarms.

 

BullGuard

False alarm found in some parts of Detected as Supposed prevalence
CTmanager package Gen:Trojan.Heur2.LVP.eCW@a0YoVkj
DiscountSurfer package Gen:Trojan.Heur.PT.nrZ@bS3yk0ji
IntraPact package Gen:Trojan.Heur.VP2.gm0@a0EXICli
jDownloader package DeepScan:Generic.Malware.P!.A89EF6E8
Kaspersky package Generic.HorstBased.623A9858
RummyRoyal package Backdoor.Generic.682752
Soleco package Gen:Trojan.Heur.PT.9qZ@bS3yk0ji
TNI package Trojan.Generic.1607609
Yes package Gen:Trojan.Heur2.LVP.bCW@aytgVjo
Zapfer package Gen:Variant.Kazy.62673

BullGuard had 10 false alarms.

 

Avast

False alarm found in some parts of Detected as Supposed prevalence
Access package MA97:ColOver
Deadlink package Win32:Malware-gen
IBM package Win32:Malware-gen
JoWood package Win32:Malware-gen
KDSaver package Win32:Malware-gen
MaxxPi package Win32:Malware-gen
RummyRoyal package Win32:Malware-gen
StarStrip package Win32:Evo-gen
Unlocker package Win32:Malware-gen
WinAmp package Win32:Malware-gen
XCleaner package Win32:Malware-gen

Avast with default settings had 11 false alarms.

 

Fortinet

False alarm found in some parts of Detected as Supposed prevalence
BSPlayer package W32/AutoRun.DD!worm
Canon package W32/AutoRun_VB.AVR
DVDPlayer package W32/Packed.2D18!tr
JoWood package W32/Inject.ALVL!tr
MediaPlayer package W32/TdlMbr.D!tr
Metin package W32/Agent.FMCS!tr.dldr
NetMeeting package W32/Yakes.QJ!tr
Nosferatu package W32/Shark.JDB!tr.bdr
StarStrip package PossibleThreat.vw
Wings package PossibleThreat
XPY package W32/PE_Patch.Z

Fortinet had 11 false alarms. As Fortinet is a product for corporate users, which computers are managed by an administrator, most of the above discovered FP’s may not be a big issue.

 

Tencent

False alarm found in some parts of Detected as Supposed prevalence
BitWine package TR/Dropper.Gen
Brockhaus package TR/ATRAPS.Gen
DesktopLogo package DR/Hupigon.kbwa
GoXN package DR/Delphi.Gen
InkScapePortable package TR/Crypt.UPKM.Gen
NetSupport package TR/Spy.311362
Nosferatu package TR/Agent.176128.160
RestoreNatur package TR/Gendal.2.301
TempControl package TR/Obfuscate.C.475
VirtualBox package TR/Agent.26128.2
XCleaner package TR/Agent.621056.6

Tencent had 11 false alarms.

 

McAfee

False alarm found in some parts of Detected as Supposed prevalence
Atelier package Artemis!B55974978EA9
BigKahunaReef package Artemis!714749875DCD
Desert package Artemis!1E919086C022
DVDShrink package Artemis!48DFC7B2654F
DVR-StudioPro package Artemis!2E530BE7130D
FLEXnet package Generic.dx!bdlt
Flux package Generic.evx!bs
Profe package Artemis!23AAFC6A3224
RestoreNatur package Artemis!1E919086C022
RummyRoyal package Artemis!80DD9BD1B336
SumatraPDF package Artemis!AEB6A6F42B56
TNI package Artemis!226329CE6C6A

McAfee had 12 false alarms.

 

eScan

False alarm found in some parts of Detected as Supposed prevalence
CTmanager package Gen:Trojan.Heur2.LVP.eCW@a0YoVkj
CyberLink package Win32/NSAnti (ES)
DiscountSurfer package Gen:Trojan.Heur.PT.nrZ@bS3yk0ji
GetIt package Trojan.ADH.2 (ES)
IntraPact package Gen:Trojan.Heur.VP2.gm0@a0EXICli
jDownloader package DeepScan:Generic.Malware.P!.A89EF6E8
Kaspersky package Generic.HorstBased.623A9858
OEconfig package BDS/Hupigon.ljqv (ES)
RummyRoyal package Backdoor.Generic.682752
Soleco package Gen:Trojan.Heur.PT.9qZ@bS3yk0ji
Userlex package TR/Spy.36864.20 (ES)
Win7InABox package Trojan-Dropper.Win32.Pich (ES)
Yes package Gen:Trojan.Heur2.LVP.bCW@aytgVjo
Zapfer package Gen:Variant.Kazy.62673

eScan had 14 false alarms.

 

F-Secure

False alarm found in some parts of Detected as Supposed prevalence
Auftrag package Suspicious:W32/Malware.bf4a3f!Online
BrandAwareness package Gen:Trojan.Heur.VP.bm0@ama!WCii
CTmanager package Gen:Trojan.Heur2.LVP.eCW@a0YoVkj
DiscountSurfer package Gen:Trojan.Heur.PT.nrZ@bS3yk0ji
InstantBar package Suspicious:W32/Malware.858d3f!Online
IntraPact package Suspicious:W32/Malware.77a1f8!Online
JkDefrag package Suspicious:W32/Malware.7fe264!Online
Kaspersky package Generic.HorstBased.623A9858
PacManiac package Suspicious:W32/Malware.ee3852!Online
Quark package Suspicious:W32/Malware.59395f!Online
RummyRoyal package Suspicious:W32/Malware.486709!Online
Soleco package Gen:Trojan.Heur.PT.9qZ@bS3yk0ji
XPY package Suspicious:W32/Malware.190c30!Online
Yes package Gen:Trojan.Heur2.LVP.bCW@aytgVjo
Zapfer package Gen:Variant.Kazy.62673

F-Secure with default settings had 15 false alarms.

 

PC Tools

False alarm found in some parts of Detected as Supposed prevalence
Amok package Trojan-PSW.Gampass
Audatex package Trojan-Downloader.CodecPack
AutoHotKey package Trojan.Gen
Brockhaus package Trojan.Generic
Creek package Trojan.Generic
Ewido package Trojan.ADH
GSpawn package Trojan.Downloader
Kaspersky package Trojan.Downloader!ct
OEconfig package Trojan.ADH
Oreans package Rootkit.Agent
RestoreNatur package Trojan.Gen
UniversalTranslator package HeurEngine.MaliciousPacker
VirtualBox package HeurEngine.MaliciousPacker
Vispa package Trojan-PSW.Gampass
XPY package HeurEngine.MaliciousPacker

PC Tools had 15 false alarms.

 

Sophos

False alarm found in some parts of Detected as Supposed prevalence
Arcade package Mal/FakeAV-KL
Calliou package Mal/EncPk-NS
CutAssistant package Mal/Generic-L
Deluxanoid package Mal/Generic-S
DivxCreate package Mal/Generic-L
Druckerei package Mal/Generic-L
DVDIdentifier package Mal/Generic-L
Gentlemen package Mal/Generic-L
IndustrieGigant package Mal/Generic-L
JkDefrag package Mal/Generic-L
Kaspersky package Mal/Behav-156
NetView package Mal/Generic-L
ParentsFriend package Mal/Behav-141
PC Tools package Mal/Generic-L
Problemsolver package Mal/MSIL-BZ
Streamware package Mal/Generic-S
SynchPST package Mal/Generic-S
VistaStartMenu package Mal/Generic-L
Webswatch package Mal/Generic-L

Sophos had 19 false alarms with default settings. As Sophos is a product for corporate users, which computers are managed by an administrator, most of the above discovered FP’s may not be a big issue.

 

AhnLab

False alarm found in some parts of Detected as Supposed prevalence
Aquadiax package Trojan/Win32.StartPage
Audiggle package Trojan/Win32.Buzus
AudioVideo2Exe package Packed/Upack
Clara package Trojan/Win32.Xema
DesktopLogo package Trojan/Win32.Hupigon
DriverScanner package Downloader/Win32.Agent
EasyBurn package Packed/Upack
FireStorm package Trojan/Win32.Xema
Fotograf package Trojan/Win32.Xema
Helium package Trojan/Win32.Xema
InkScapePortable package Packed/Upack
Joshua package Win32/ExprPacked.suspicious
LogView package Trojan/Win32.HDC
Microsoft package Packed/Win32.Katusha
ThemePatcher package Trojan/Win32.HDC
TransportGigant package Win-Trojan/Inject.2297856.B
Uninstaller package Trojan/Win32.Agent
Vispa package Packed/Upack
XPUsermanager package Trojan/Win32.Agent
ZTV package Win-Trojan/Adspy.1212928

AhnLab had 20 false alarms.

 

Panda

False alarm found in some parts of Detected as Supposed prevalence
Acer package Trojan
Amok package Suspicious
Auftrag package Suspicious
BrandAwareness package Suspicious
Computec package Suspicious
CounterStrike package Trojan
Creek package Trj/CI.A
IBM package Suspicious
InkScapePortable package Trj/CI.A
Kuping package Suspicious
Lazarus package Suspicious
RegistryFirstAid package Suspicious
SMP package Trojan
SPSS package Suspicious
Vispa package Trj/Pupack.A
VorlagenExplorer package Suspicious
WinAmp package Suspicious
XPTweaker package Suspicious
XPY package Trj/Pupack.A
ZWetter package Suspicious

Panda had 20 false alarms.

 

G DATA

False alarm found in some parts of Detected as Supposed prevalence
Access package MA97:ColOver
Bot package Win32:Malware-gen
CTmanager package Gen:Trojan.Heur2.LVP.eCW@a0YoVkj
Deadlink package Win32:Malware-gen
DiscountSurfer package Gen:Trojan.Heur.PT.nrZ@bS3yk0ji
FastStone package Win32:Malware-gen
IBM package Win32:Malware-gen
IntraPact package Gen:Trojan.Heur.VP2.gm0@a0EXICli
jDownloader package DeepScan:Generic.Malware.P!.A89EF6E8
JoWood package Win32:Malware-gen
Kaspersky package Generic.HorstBased.623A9858
KDSaver package Win32:Malware-gen
MaxxPi package Win32:Malware-gen
MediaCell package Win32:Malware-gen
Regain package Java:CVE-2012-1723-AI
RummyRoyal package Backdoor.Generic.682752
Soleco package Gen:Trojan.Heur.PT.9qZ@bS3yk0ji
Unlocker package Win32:Malware-gen
WinAmp package Win32:Malware-gen
WinnerTw package Win32:Malware-gen
XCleaner package Win32:Malware-gen
Yes package Gen:Trojan.Heur2.LVP.bCW@aytgVjo
Zapfer package Gen:Variant.Kazy.62673

G DATA had 23 false alarms.

 

GFI

False alarm found in some parts of Detected as Supposed prevalence
Acer package Trojan.Win32.Malware.a
ArchiCrypt package BehavesLike.Win32.Malware.klt (mx-v)
AutoHotKey package Trojan.Win32.Generic!BT
BackupExec package BehavesLike.Win32.Malware.wlk (mx-v)
Bot package Trojan.Win32.Generic!BT
Brockhaus package Trojan.Win32.Generic!BT
Burn4Free package Trojan.Win32.Generic!BT
CounterStrike package Trojan.Win32.Generic!BT
DriverView package Worm.Win32.AutoRun
Euro package BehavesLike.Win32.Malware.wsc (mx-v)
F1 package LooksLike.Win32.Malware!vb (v)
GDATA package Trojan-Downloader.Win32.Femad.gen (fs)
HalfLife package Trojan.Win32.Generic!BT
InkScapePortable package Packed.Win32.Upack (v)
Joshua package Trojan.Win32.Packer.eXPressorv1.2 (ep)
JoWood package Trojan.Win32.Generic!BT
Kaspersky package Rootkit.Win32.Agent.GeN
MS Office package Trojan.Win32.Generic!BT
Nosferatu package Trojan.Win32.Generic!BT
PacManiac package Trojan.Win32.Generic!BT
Penguin package Trojan.Win32.Generic!BT
PEView package Trojan.Win32.Generic.pak!cobra
Rev package Trojan.Win32.Generic!BT
RummyRoyal package Trojan.Win32.Generic.pak!cobra
SecretMaker package Trojan.Win32.Packer.UPX-ScramblerRCv1.x (ep)
Tierpension package Trojan.Win32.Generic!BT
Ulead package Trojan-Dropper.Gen
VirtualBox package Trojan.Win32.Generic!BT
Vispa package Trojan.Win32.Packer.Upack0.3.9 (ep)
WinAmp package Trojan-Downloader.Win32.Agent
Windows package Trojan.Win32.Generic!BT
WinUpack package LooksLike.Win32.KryptPck!a (v)
WinZip package Trojan.Win32.Generic.pak!cobra
XPY package Trojan.Win32.Packer.Upack0.3.9 (ep)

GFI had 34 false alarms.

 

AVG

False alarm found in some parts of Detected as Supposed prevalence
Acer package Generic_c.AAYD
AirCombat package Generic29.XNR
BackOffice package Win32/DH{bQ}
CDRecord package Win32/DH{AFgSaGc1}
Corel package Win32/DH{QUVnBg}
DropHead package Win32/Heur
Empires package Win32/Heur
eMusic package Win32/DH{AFgSICQiJQ}
Firefox package Luhe.Fiha.A
F-Secure package Win32/DH{IFhpABIDDw}
GDATA package Win32/DH{AFgSaGc1}
HardwareSensors package Win32/Heur
ImageBase package Luhe.Fiha.B
Intel package Generic29.AHLV
InterAct package Win32/DH{bQ}
JoWood package Win32/Heur
Lesewelt package Win32/Heur
Lycos package Win32/DH{AFg1Emc}
Metin package Generic29.SVC
Microsoft package Win32/Heur
Nosferatu package BackDoor.Generic15.BPGQ
PCW package JS/Heur
QuickTime package Win32/DH{WBIANQ8}
RocketLife package Win32/DH{JVdO}
SisTray package Generic17.ADXC
SPSS package Generic_s.GQ
TextAdventure package Luhe.Fiha.B
Tierpension package SHeur4.ACGQ
T-Online package Win32/DH{AFhiNQ}
TweakGui package Win32/DH{QQA1ICU}
Video4IM package Win32/DH{EwBYNS4S}
VMXBuilder package Luhe.Fiha.B
WifiRadio package Win32/DH{bQ}
WinAmp package Generic_s.FG
XCleaner package Generic29.HLA
XPTweak package Luhe.Fiha.A

AVG had 36 false alarms.

 

Qihoo

False alarm found in some parts of Detected as Supposed prevalence
Abbyy package Win32/Trojan.a45
Addon package HEUR/Malware.QVM19.Gen
AdNuke package Trojan.Generic
Adobe package Suspicious
Alienstars package WORM.Rbot.541696.36
Audiggle package Suspicious
Backoffice package Suspicious
Bacula package Win32/Trojan.5f5
BarTweaker package HEUR/Malware.QVM20.Gen
BitWine package TR.Dropper.Gen
Brockhaus package TR.ATRAPS.Gen
Brother package HEUR/Malware.QVM06.Gen
ClipInc package HEUR/Malware.QVM20.Gen
ColdFusion package Suspicious
ContextMenu package HEUR/Malware.QVM05.Gen
Corel package Suspicious
CPU package Suspicious
CTmanager package Gen:Trojan.Heur2.LVP.eCW@a0YoVkj
Daphne package Suspicious
DesktopLogo package DR.Hupigon.kbwa
DigiBin package Win32/Trojan.fc0
DiscountSurfer package Gen:Trojan.Heur.PT.nrZ@bS3yk0ji
DupeWipe package HEUR/Malware.QVM14.Gen
EasyWrite package Suspicious
eBookOrganizer package Win32/Trojan.694
Eigenheimplaner package Suspicious
EuroRoute package Suspicious
ExtensionManager package Suspicious
FarCry package HEUR/Malware.QVM06.Gen
Firefox package Win32/Trojan.26d
Fujitsu package Suspicious
GhostTyper package HEUR/Malware.QVM05.Gen
GuiPDF package HEUR/Malware.QVM14.Gen
Hausdesign package Suspicious
HP package Suspicious
ImagePag package Win32/Trojan.Delf.575
InkscapePortable package TR.Crypt.UPKM.Gen
IntraPact package Gen:Trojan.Heur.VP2.gm0@a0EXICli
iTunes package Suspicious
jDownloader package DeepScan:Generic.Malware.P!.A89EF6E8
JoWood package HEUR/Malware.QVM19.Gen
Kaspersky package Generic.HorstBased.623A9858
Keerun package HEUR/Malware.QVM11.Gen
Lenovo package Suspicious
LogiTech package Suspicious
Lotus package Suspicious
Macromedia package Suspicious
ManualFix package Win32/Trojan.5f5
McAfee package HEUR/Malware.QVM03.Gen
MSI package Suspicious
MS Intellipoint package Suspicious
MS InternetExplorer package TR.Crypt.XPACK.Gen
MS Windows 2000 SP2 package Suspicious
MS Windows 2000 SP3 package Suspicious
MS Windows 2000 SP4 package Suspicious
MS Windows 95 package Suspicious
MS Windows 98 package Suspicious
MS Windows ME package Trojan.Generic
MS Windows NT SP1 package Suspicious
MS Windows NT SP2 package Suspicious
MS Windows NT SP3 package Suspicious
MS Windows XP SP1 package Suspicious
MS Windows XP SP2 package Suspicious
MS Windows XP SP3 package Suspicious
MS Windows 2002 package Suspicious
MS Windows 2003 package Suspicious
MusicAlm package Win32/Trojan.PSW.ff8
OpenOffice package Suspicious
Pamela package HEUR/Malware.QVM20.Gen
Panda package Win32/Trojan.dc2
PCG package HEUR/Malware.QVM06.Gen
Phoenix package Win32/Trojan.b7f
Prestazioni package Suspicious
RestoreNatur package TR.Gendal.2.301
ROL package Suspicious
RummyRoyal package Backdoor.Generic.682752
SafeNetwork package Suspicious
SimplyZip package Win32/Trojan.ea0
SmartTool package Suspicious
SpywareCop package Suspicious
StartupCPL package HEUR/Malware.QVM06.Gen
SuperMicro package Win32/Trojan.Downloader.728
Symantec package HEUR/Malware.QVM00.Gen
SysReport package HEUR/Malware.QVM11.Gen
T-Online package Suspicious
ThirdReich package TR.Dropper.Gen
ThumbView package Win32/Trojan.Downloader.41b
Traumhaus package Suspicious
TweakPower package HEUR/Malware.QVM11.Gen
Ulead package Suspicious
VideoTool package Suspicious
VirtualBox package TR.Agent.26128.2
VOptimizer package Trojan.Win32.dao.rgrk
Vprot package Suspicious
VS2000 package HEUR/Malware.QVM31.Gen
Webcam package Win32/Trojan.00f
WebLCR package Gen:Trojan.Heur.PT.9qZ@bS3yk0ji
WinnerTw package Trojan/Win32.Generic.11EDBD62
WinRAR package Win32/Trojan.Chifrax.733
WinShake package Suspicious
WinStyler package Suspicious
WISO package Suspicious
Worms package Win32/Trojan.Dropper.b73
XCleaner package TR.Agent.621056.6
XPY package Win32/Trojan.e9e
Yahoo package Win32/Trojan.PSW.ff8
Yes package Suspicious
YX package Suspicious
Zapfer package Gen:Variant.Kazy.62673

Qihoo had 109 false alarms.

 

Webroot

False alarm found in some parts of Detected as Supposed prevalence
0190warn package W32.Malware.Gen
7zip package W32.Malware.Gen
Abbyy package W32.Malware.Gen
Abiword package W32.Malware.Gen
Acer package W32.Malware.Gen
ActiveSmart package W32.Malware.Gen
Adobe Dreamweaver package W32.Malware.Gen
Adobe Premiere package W32.Worm.Morto.A
AMD package W32.Trojan.Downloader.Mufanom
Antispamware package W32.Trojan.Gen
AntiTwin package W32.Trojan.Gen
Armagetron package W32.Malware.Gen
ATI package W32.Trojan.Gen
Audiggle package W32.Malware.Gen
AutoHotKey package W32.Malware.Gen
AutoLauncher package W32.Malware.Gen
Avast package W32.Malware.Gen
BackTec package W32.Allaple.Gen
BartPE package W32.Malware.Gen
BestMovie package W32.Malware.Gen
Bewerbungsmaster package W32.Allaple.Gen
BigFix package W32.Trojan.Gen
Blender package W32.Malware.Gen
Bordasch package W32.Malware.Gen
Brainspeeder package W32.Malware.Gen
Calcutor package W32.Malware.Gen
Canon package W32.Worm.Gen
CapTest package W32.Malware.Gen
CDWriter package W32.Malware.Gen
Charnley package W32.Allaple.Gen
Clara package W32.Malware.Gen
CNCgraf package W32.Malware.Gen
ComputerBild package W32.Malware.Gen
Conferendum package W32.Pdf.Exploit
CopyPod package W32.Malware.Gen
Ctnotw package W32.Malware.Gen
DB2EXE package W32.Malware.Gen
DeapSea package W32.Malware.Gen
Desert package W32.Malware.Gen
DiaShow package W32.Rogue.Gen
DigitalTheatre package W32.Malware.Gen
DinerDash package W32.Malware.Gen
DriverCleaner package W32.Malware.Gen
DriverGenius package W32.Malware.Gen
DVBViewer package W32.Malware.Gen
DVDauthor package W32.Trojan.Gen
DVDnextcopy package W32.Malware.Gen
DVRstudio package W32.Malware.Gen
EasyBurn package W32.Malware.Gen
Ebdac package W32.Allaple.Gen
eBook package W32.Malware.Gen
EFcommander package W32.Malware.Gen
Elements package W32.Ramnit.Gen
F-Prot package W32.Malware.Gen
FinalBurner package W32.Rbot.Gen
Finger package W32.Malware.Gen
Flock package W32.Malware.Gen
Forefront package W32.Malware.Gen
FreePDF package W32.Malware.Gen
FreshDevices package W32.Trojan.Gen
GDATA package W32.Rogue.Gen
GetIP package W32.Allaple.Gen
GetIt package W32.Malware.Gen
GMX package W32.Malware.Gen
GnuCash package W32.Malware.Gen
GoogleToolbar package W32.Malware.Gen
GoPal package W32.Malware.Gen
Gridinsoft package W32.Malware.Gen
GroundTrue package W32.Malware.Gen
Guardian package W32.Malware.Gen
HP package W32.Malware.Gen
HyCD package W32.Trojan.Gen
IDA package W32.Malware.Gen
IndustrieGigant package W32.Trojan.Inject.Alvl
InternetProtector package W32.Malware.Gen
InternetRadio package W32.Malware.Gen
iTunesGenreManager package W32.Malware.Gen
JewelQuest package W32.Malware.Gen
JkDefrag package W32.Malware.Gen
JoinAir package W32.Malware.Gen
Joshua package W32.Malware.Gen
Kaspersky package W32.Allaple.Gen
Kindergarten package W32.Malware.Gen
Kitty package W32.FakeAlert.Gen
Kochmedia package W32.Malware.Gen
Krypter package W32.Malware.Gen
Kuaizip package W32.Trojan.Gen
Kuebler package W32.Worm.Gen
Kuping package W32.Malware.Gen
LapLink package W32.Rogue.Gen
Lastpass package W32.Malware.Gen
Lavagame package W32.Malware.Gen
Lazarus package W32.Malware.Gen
Leserbefragung package W32.Rogue.Gen
LightShip package W32.Trojan.Gen
LinkGenerator package W32.Malware.Gen
Linkman package W32.Malware.Gen
LogMon package W32.Malware.Gen
Magix package W32.Malware.Gen
Mahjongg package W32.Malware.Gen
Maulwurfsmover package W32.Trojan.Gen
McAfee package W32.Malware.Gen
MiniApps package W32.Allaple.Gen
Minutema package W32.Rogue.Gen
Miranda package W32.Malware.Gen
Mkv2Vob package W32.Malware.Gen
Morphvox package W32.Malware.Gen
MS Intellipoint package W32.Malware.Gen
MS Windows 2000 SP2 package W32.Malware.Gen
MS Windows 2000 SP4 package W32.Worm.Gen
MS Windows NT SP3 package W32.Malware.Gen
MyBook package W32.Malware.Gen
MyGallery package W32.Allaple.Gen
MyUSB package W32.Malware.Gen
No23recorder package W32.Malware.Gen
OEconfig package W32.Malware.Gen
Ontrack package Dos.Virus.Gen
OpenOffice package W32.Malware.Gen
Opera package W32.Malware.Gen
OSSDVD package W32.Trojan.Gen
Pacspam package W32.Malware.Gen
PCTools package W32.Malware.Gen
PCwizard package W32.InfoStealer.OnlineGames.Gen
PEbuilder package W32.Malware.Gen
PhotoAlbum package W32.Allaple.Gen
Photodex package W32.Malware.Gen
PhotoMatix package W32.Malware.Gen
Photoshop package W32.Suspicious.Heur
Pidgin package W32.Malware.Gen
PNotes package W32.Malware.Gen
Polstore package W32.Trojan.Downloader
PowerDVD package W32.Malware.Gen
PowerStrip package W32.Malware.Gen
Profe package W32.Malware.Gen
ProtectedSTorage package W32.Backdoor.Gen
ProzessRadar package W32.Malware.Gen
QuickPlay package W32.Malware.Gen
Quisple package W32.Malware.Gen
RealJukebox package W32.Allaple.Gen
Realtek package W32.Malware.Gen
Registryscanner package W32.Malware.Gen
RestoreNatur package W32.Malware.Gen
RNA package W32.Rogue.Gen
RSSreader package W32.Malware.Gen
RummyRoyal package W32.Malware.Gen
RunWithParameters package W32.Malware.Gen
Samsung package W32.Malware.Gen
ShowShifter package W32.Bifrose.Gen
Siege package W32.Malware.Gen
Silicon package W32.Malware.Gen
SilkyPix package W32.Malware.Gen
Skichallenge package W32.Malware.Gen
Smarty package W32.Malware.Gen
Soritong package Trojanspy:Win32/Fitmu.A
SpaceStation package W32.Suspicious.Heur
SpamAware package W32.Malware.Gen
SpamKiller package W32.Worm.Gen
SpeedCommander package W32.Malware.Gen
SpySweeper package W32.Malware.Gen
SpywareBlaster package W32.Allaple.Gen
StarOffice package W32.Malware.Gen
StartDisk package W32.Allaple.Gen
Starter package W32.Malware.Gen
StartupBooster package W32.Malware.Gen
Studio package W32.Rogue.Gen
SuperCopier package W32.Malware.Gen
Susteen package W32.Botnet.Butterfly
SysAgent package W32.Malware.Gen
SysTray package W32.Bifrose.Gen
Tauscan package W32.Malware.Gen
Technotrend package W32.Malware.Gen
TempControl package W32.Malware.Gen
TestManager package W32.Malware.Gen
Thunderbird package W32.Malware.Gen
TipToi package W32.Malware.Gen
Totem package W32.Malware.Gen
Triceris package W32.Allaple.Gen
Trusport package W32.Malware.Gen
TuneUpUtilities package W32.Malware.Gen
TurboCad package W32.Allaple.Gen
Tvd package W32.Trojan.Gen
Twain package W32.Downloader.Gen
Unlocker package W32.Malware.Gen
Updater package W32.Malware.Gen
Userlex package W32.Malware.Gen
Vcard package W32.Malware.Gen
Veritas package W32.Malware.Gen
Viag package W32.Malware.Gen
VirtualBox package W32.Malware.Gen
Vispa package W32.Heuristic.Gen
VLC package W32.Malware.Gen
Wesnoth package W32.Malware.Gen
WinAmp package W32.Malware.Gen
Wincon package W32.Malware.Gen
WinnieWorks package W32.Allaple.Gen
WinUpack package W32.Malware.Gen
WinWD package W32.Malware.Gen
WinZip package W32.Malware.Gen
WISO package W32.Malware.Gen
WordAddon package W32.Trojan.Gen
WordTime package W32.Worm.Gen
Xelerator package W32.Malware.Gen
XFImode package W32.Malware.Gen
XPantispy package W32.Malware.Gen
XPclean package W32.Malware.Gen
Zdefrag package W32.Malware.Gen
ZipZag package W32.Malware.Gen
ZoneAlarm package W32.Malware.Gen
Zwecker package W32.Malware.Gen
Zwetter package W32.Allaple.Gen

Webroot had 210 false alarms.

 

Copyright and Disclaimer

This publication is Copyright © 2012 by AV-Comparatives e.V. ®. Any use of the results, etc. in whole or in part, is ONLY permitted after the explicit written agreement of the management board of AV-Comparatives e.V., prior to any publication. AV-Comparatives e.V. and its testers cannot be held liable for any damage or loss, which might occur as result of, or in connection with, the use of the information provided in this paper. We take every possible care to ensure the correctness of the basic data, but a liability for the correctness of the test results cannot be taken by any representative of AV-Comparatives e.V. We do not give any guarantee of the correctness, completeness, or suitability for a specific purpose of any of the information/content provided at any given time. No one else involved in creating, producing or delivering test results shall be liable for any indirect, special or consequential damage, or loss of profits, arising out of, or related to, the use or inability to use, the services provided by the website, test documents or any related data. AV-Comparatives e.V. is a registered Austrian Non-Profit-Organization.

For more information about AV-Comparatives and the testing methodologies, please visit our website.

AV-Comparatives e.V. (October 2012)

 

 

 

About AV-Comparatives

AV-Comparatives is an independent organization offering systematic testing that checks whether security software, such as PC/Mac-based antivirus products and mobile security solutions, lives up to its promises. Using one of the largest sample collections worldwide, it creates a real-world environment for truly accurate testing. AV-Comparatives offers freely accessible results to individuals, news organizations and scientific institutions. Certification by AV-Comparatives provides an official seal of approval for software performance which is globally recognized. Currently, AV-Comparatives' Real-World Protection Test is the most comprehensive and complex test available when it comes to evaluating the real-life protection capabilities of antivirus software. Put simply, the test framework replicates the scenario of an everyday user in an everyday online environment – the typical situation that most of us experience when using a computer with an Internet connection. AV-Comparatives works closely with several academic institutions, especially the University of Innsbruck’s Department of Computer Science, to provide innovative scientific testing methods.
If you plan to buy an Anti-Virus, please visit the vendor's site and evaluate their software by downloading a trial version, as there are also many other features and important things for an Anti-Virus that you should evaluate by yourself. Even if quite important, the data provided in the test reports on this site are just some aspects that you should consider when buying Anti-Virus software.

AVC Analyzer

undroid