Dr Web shows a false positive or real?

Donny90

Level 1
Thread author
Jul 29, 2017
3
Hello Guys. I scanned an executable a friend unpacked and repacked on virustotal. From 64 av engines only 4 of them shows possible treath. Dr Web concerns me the most with is Backdoor Comet.

Avira (no cloud) BDS/Comet.fexqd 20170729
Cylance Unsafe 20170729
DrWeb BackDoor.Comet.3204 20170729
WhiteArmor Malware.HighConfidence 20170728


Is it a false positive or a real treath?
 
  • Like
Reactions: Sunshine-boy

AlanOstaszewski

Level 16
Verified
Top Poster
Malware Hunter
Jul 27, 2017
775
Hello Guys. I scanned an executable a friend unpacked and repacked on virustotal. From 64 av engines only 4 of them shows possible treath. Dr Web concerns me the most with is Backdoor Comet.

Avira (no cloud) BDS/Comet.fexqd 20170729
Cylance Unsafe 20170729
DrWeb BackDoor.Comet.3204 20170729
WhiteArmor Malware.HighConfidence 20170728


Is it a false positive or a real treath?

Don't run this file. Yes of course! It can be possible that this is a Virus that your friend created. You can send this file to me. I will check it in a VirtalBox.
 
  • Like
Reactions: Sunshine-boy

Parsh

Level 25
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Dec 27, 2016
1,480
Hello Guys. I scanned an executable a friend unpacked and repacked on virustotal. From 64 av engines only 4 of them shows possible treath. Dr Web concerns me the most with is Backdoor Comet.

Avira (no cloud) BDS/Comet.fexqd 20170729
Cylance Unsafe 20170729
DrWeb BackDoor.Comet.3204 20170729
WhiteArmor Malware.HighConfidence 20170728
Is it a false positive or a real treath?
Mostly, the ML based engines are detecting the threat. Though there are occasional FPs seen in cases of backdoor-like programs (potential malware), it is better not to execute it. If it is important for you to check out, run the program in a sandbox or in a Virtual Machine in VirtualBox or VMPlayer (using a VPN always).
 

AlanOstaszewski

Level 16
Verified
Top Poster
Malware Hunter
Jul 27, 2017
775

Parsh

Level 25
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Dec 27, 2016
1,480
There are many chances that the file may be clean since its a cheat. However it is advised here to not run cheats because most of the ones available on the internet are duplicates or modified. This happens for cheats of various kinds of programs.
I suggest you to avoid running it on your main system (ofcourse you cannot benefit from running cheats virtually). Someone has added his name to the file, that could have been to gain trust as a friend during the first exchange of the cheat file.

Once you trust it and install it (through your AV's warnings), the cheat might work as you expected to, but there is nothing you will be able to do then if the cheat is stealing chunks of data from your system or has modified your system for any sort of compromise.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top