Folder AVG Forums » Other topics » Virus Removal, Tools for Removing » How To Handle Suspicious False Positive Detection?
April 1, 2009 13:28 How To Handle Suspicious False Positive Detection? #395
Top
umelec

Avatar

Administrator
Join Date: 30.3.2009
Posts: 61
Steps To Work With Suspicious False Positive (FP):

- Update your AVG and scan the file once more (right-click on the file, choose "Scan with AVG") to make sure the FP wasn't fixed yet.
- If AVG still detects file and you suspect to be a false positive, test the file at Jotti Virusscan or alternatively at VirusTotal to check for detection ratio between several AntiVirus vendors. If the result points to a possible false positive, please refer to the Report a false (incorrect) detection article.
Until a false detection will be fixed please refer to Exclude file, folder or website from AVG scanning article.

There are also other types of False Positives, than just files:

AVG Mobilation False Positives
The email address for mobile app submission is mobilemalware@avg.com
More information can be found in this FAQ article.

Website False Positives (+ AVG Toolbar False Positives)
To report a false positive for a website detection you can use this website.

Anti-Rootkit False Positives
Please be informed that AVG Anti-Rootkit detects all processes (not digitally certified by trusted authority), which are using rootkit technique to hide their actions. The detected rootkit can be a virus, as well as a part of a commercial application (more information).

In case of suspicion about a falsely detected rootkit, please create a new thread on this forum and describe the issue in details. Kindly include this information:
- What is the exact AVG program version (found in lower-left corner of the AVG user interface)?
- Include the Anti-rootkit scan result export in your post.
- Please provide a link where the respective detected application can be downloaded from (if available).
- Do you have any optical drive emulation software installed? (If unsure, please attach an msinfo output to your post.)
- If the rootkit is detected in memory section (detection looks similar to"";"<unknown>";"Corrupted section win32k.sys[.text] +0x287A, size 4 bytes";"Object is hidden") please create complete memory dump, send it to our FTP server using this service utility and tell us the name of uploaded file.



* Some folders could be hidden by default Windows settings. To view hidden files and folders please read How To Display Hidden Files And Folders