Folder AVG Forums » Other topics » Virus Removal, Tools for Removing » Win32/Heri Is It A False Positive?
Page 1 of 2 12››
May 22, 2011 14:21 Win32/Heri Is It A False Positive? #163337
Reply with Quote | Quick Reply | Top
rrr1ray

Avatar

Novice
Join Date: 22.5.2011
Posts: 5
Win32/Heri Is it a false positive?
May 22, 2011 14:31 Re: Win32/Heri Is It A False Positive? #163345
Reply with Quote | Quick Reply | Top
BIG AL 43

Avatar

Moderator
Join Date: 19.6.2014
Posts: 0
Have you tested the file at Jotti Virusscan or alternatively at VirusTotal to check for detection ratio between several AntiVirus vendors?....

Reporting suspected false positives to virus@avg.com.... Only option available as an AVG Free user.... Please follow these instructions What to do if you suspect a detection is a false positive.

Also if you think that a file is being detected in error, you can submit it here http://samplesubmit.avg.com/ww-en/sample-scanning on this new webpage.


AVG Free Volunteer ModeratorAVG Free Forum member since - Nov. 27, 2004My total posts on the Old AVG Free Forum - 27,063
Alan
How-To articles | FAQ
May 22, 2011 14:48 Re: Win32/Heri Is It False A Positive? #163353
Reply with Quote | Quick Reply | Top
rrr1ray

Avatar

Novice
Join Date: 22.5.2011
Posts: 5
Ran AVG which showed Win32/Heri. This was not found in AVG Virus dictionary or in a couple of other dictionaries. So just closed AVG without any action and ran AVG again. No virus was detected on the second run.
May 22, 2011 15:35 Re: Win32/Heri Is It A False Positive? #163357
Reply with Quote | Quick Reply | Top
rrr1ray

Avatar

Novice
Join Date: 22.5.2011
Posts: 5
Ran AVG a third time whence Win32/Heri was detected once. Unlike the first run when it was identified twice. The virus is in the C:\System Volume Information-restore (etc) .exe and is Access Denied. So it can't be tested as a file.
May 22, 2011 19:33 Re: Win32/Heri Is It A False Positive? #163385
Reply with Quote | Quick Reply | Top
BIG AL 43

Avatar

Moderator
Join Date: 19.6.2014
Posts: 0
The virus is in the C:\System Volume Information-restore

Have a look @ this 'How-To' link How To Remove Infection From The System Volume Information Folder.


AVG Free Volunteer ModeratorAVG Free Forum member since - Nov. 27, 2004My total posts on the Old AVG Free Forum - 27,063
Alan
How-To articles | FAQ
May 23, 2011 07:32 Re: Win32/Heri Is It A False Positive? #163447
Reply with Quote | Quick Reply | Top
rrr1ray

Avatar

Novice
Join Date: 22.5.2011
Posts: 5
I still wonder about Win32/Heri but thanks for info on System Volume Information.
May 23, 2011 10:35 Re: Win32/Heri Is It A False Positive? #163475
Reply with Quote | Quick Reply | Top
Pokornyz

Avatar

Administrator
Join Date: 29.11.2010
Posts: 8245
Hello rrr1ray,

It is probably infection detected using heuristic analysis, which is a simulation and evaluation of the scanned object's instructions in a virtual computer environment. Therefore, it can even detect malicious code not yet described in the virus database.

Thank you

___________________AVG TeamHow-To articles | FAQ
June 2, 2011 02:50 Re: Win32/Heri Is It A False Positive? #165011
Reply with Quote | Quick Reply | Top
spelingchampeon

Avatar

Novice
Join Date: 15.7.2010
Posts: 3
I ran a scan tonight, and receieved (5) positives for the same file, however they have been on my computer for over 6 month's and never got a hit before. They are in my TAW\F22\ADF folder in DLL's. I have not opened this folder, or played the game for over 2 month's, and I doubt seriously that whatever site or program installed them in this folder.
June 2, 2011 07:32 Re: Win32/Heri Is It A False Positive? #165025
Reply with Quote | Quick Reply | Top
Pokornyz

Avatar

Administrator
Join Date: 29.11.2010
Posts: 8245
Hello spelingchampeon,

It might be false positive please follow BIG_AL_43's post #163345.

Thank you

___________________AVG TeamHow-To articles | FAQ
April 8, 2014 09:51 Re: Win32/Heri Is It A False Positive? #242023
Reply with Quote | Quick Reply | Top
rihad

Avatar

Novice
Join Date: 8.4.2014
Posts: 2
huh?..

Hi, guys, Same virus threat here. Win32/Heri. As suggested in this thread I checked the file at http://virusscan.jotti.org/en and only two AV programs detected malware.

http://i031.radikal.ru/1404/7c/d15cd3ce8111.jpg


virustotal.com gave much worse results, score 9/50:
http://s019.radikal.ru/i600/1404/7b/edd9b9d592f3.jpg

I'm attaching the offending DLL.
Page 1 of 2 12››