Advice Request False postive from VirusTotal?

Please provide comments and solutions that are helpful to the author of this topic.
fabiobr

fabiobr

Level 12
Thread author
Verified
Top Poster
Well-known
Forum Veteran
Mar 28, 2019
569
3,506
1,070
Brazil
Detecção-Kaspersky-VirusTotal.png

I was on Malware Hub seeing the VirusTotal page and Kaspersky pop up with this, why that happened? Someone knows why?

Download blocked, Object detected.
 
  • Like
  • Wow
Reactions: Protomartyr, upnorth and silversurfer
fabiobr said:
I was on Malware Hub seeing the VirusTotal page and Kaspersky pop up with this, why that happened? Someone knows why?

Download blocked, Object detected.
Click to expand...
Looks like the hash/VT link of my latest sample #Qbot

Kaspersky detection on your screenshot is the same than on VT:
HEUR:Trojan.PowerShell.Generic

Weird, that block still happening or just once before?
 
  • Like
Reactions: Protomartyr, upnorth and harlan4096
I tried to talk to live chat but they ask me if I'm working with an infected bin I should not do it and therefore that's an infection, I tried to say that I'm not working on it and it's just an upload on VT which I just see it, I didn't make the upload, but they don't understand it. 🤣🤣🤣🤣
 
  • HaHa
  • Like
  • Wow
Reactions: Protomartyr, upnorth and struppigel
struppigel said:
Do you have VT intelligence and can see the content tab?
Because that shows the malicious powershell string. I assume they see that string in the browser. It's an FP in the sense that it detects the string in the wrong context.

View attachment 244680
Click to expand...
I'm not logged in, it's for logged users only or only on paid version?
 
  • Like
Reactions: Protomartyr and upnorth
struppigel said:
They should easily be able to replicate the FP by just browsing the same VT page while logged in with an Intelligence account.
Click to expand...
Yes, but I didn't know why this is showing to me if I not have such account. Maybe it's hidden?
 
  • Like
Reactions: Protomartyr

You may also like...