Sign in to follow this  
gszakacs

False positive on jpgm.exe from Momentum Data Systems

Recommended Posts

I would love to upload the actual files, but after telling adaware to ignore them, I can no

longer find them in the browser. The files are apparently still there, because if I re-run

the same scan it will find them again. This whole process makes it very hard to

use a false positive file. I wanted to add the files to the "ignore list" (why doesn't choosing

"ignore" do this automatically?), but there is no way to browse to them to add them to

the list.

20130319160629.zip

Share this post


Link to post
Share on other sites

Hi gszakacs,

 

Thanks for your report. Unfortunately there is no information in the log file that tells me what file was detected.

 

I downloaded, installed and scanned all the software I could locate from from Momentum Data Systems's site at http://www.mds.com/downloads but nothing was detected.

 

If you could provide the log file of the scan that detected the file, the download location of the installer or any other information that would give me access to the file or information about the file, I can investigate further.

 

Andy

Lavasoft Malware Labs

Share this post


Link to post
Share on other sites

The strange thing is that although the file doesn't show up in the report, it is listed in the results within Adaware. The

only report I can find with the file name in it is from the AutoProtect, which seems to have quarantined one copy

of this file without asking me. One other remark: the original scan found seven copies of the file, and I told it to

ignore all of them. Later scans still show six copies. There is nothing in the "Ignore List". I'm attaching the

AutoProtect scan report.

AP27D6BAD4-89C5-4C22-96C3-B14B6BE08EA8.zip

Share this post


Link to post
Share on other sites

Finally I managed to turn off all protections and restore one copy of the file (zipped and attached). I

have to say that this behavior is very irritating. I placed the file in the "Ignore" list and it still got re-quarantined

when I tried to zip it until I shut off active protection.

jpgm.zip

Share this post


Link to post
Share on other sites

Hi gszakacs,

 

Thanks for providing the additional info. This detection is a false positive. It will no longer be detected as of an update to be released later today.

 

Regards,

 

Andy

Lavasoft Malware Lab

Share this post


Link to post
Share on other sites

Thanks for your help. By the way, this same file has created false positives on other antivirus software as well.

Share this post


Link to post
Share on other sites

O.K. Now the files are no longer seen as threats, but the six copies that I originally ignored are still

not visible from the file browser (Windows explorer). The one that I had quarantined I was able

to restore, but the other six are either invisible or gone. Re-scanning the section of my drive no

longer finds threats, nor does it make the files visible. Is there some trick to getting them back?

Share this post


Link to post
Share on other sites

Once the files have been deleted you can try to use a tool for recovering deleted files (unfortunately probability of successful recover is low).

Share this post


Link to post
Share on other sites

Were they deleted? That makes no sense. When I did the original scans I set the "clean" method to "Ignore."

Although ignored, they still seemed to be there because the subsequent scans found them again although

they seemed to be hidden from the browser. If I had the old definitions, I might be able to see if they still

show up in the threats list. In any case, they were all copies of the same file, I just don't remember all of the

folders that had such a copy. I was hoping that I could get them back more easily than researching the original

reports and placing a new copy in each location.

Share this post


Link to post
Share on other sites

Well, in the end I copied the files back to the original places. I see we're getting a bit off topic here,

so I'll ask my question about "ignoring" threats in the Adaware 10.x forum.

Share this post


Link to post
Share on other sites
Sign in to follow this