Jump to content

Malware.Heuristic.1003 detected in IrfanView by Virus Total


Recommended Posts

Happens for all x64 installers/ZIPs of IrfanView x64 4.57 - which is new (did not happen for 4.54) and should be a false positive.

https://www.virustotal.com/gui/file/f709e499ed13e497c89204a059a8e4d0cb8f9fad2035fbd5973cf16b7cb74d90/detection
https://www.virustotal.com/gui/file/60c9a9c12ac1d071da4d405b0b545dd1bcad59f86f132f9dc73fb8ccd9252709/detection

Link to post
Share on other sites
  • Staff

Hi,

Our engine format and configuration in VirusTotal is different than our consumer and corporate products’ default configuration. In VirusTotal we use a command-line engine with different configuration and detection techniques/heuristics which might detect more than the commercial product. There are also false-positive suppression mechanisms in the commercial product which are not present in the command-line engine in VirusTotal.

This file has been whitelisted for our commercial products already and it is not detected anymore. This will eventually fix itself in Virustotal as well, as we don't have control over this.

  • Like 1
Link to post
Share on other sites
  • 4 weeks later...
1 minute ago, Mumio said:

Hi there.

I have 63 files quarantined for Malware.Heuristic.1003 from 4/30/21. All were located in C:\Windows\assembly\temp . Are these files malware or not? Thank you.

 

Should also have noted they are quarantined in Malwarebytes (to be clear).

Link to post
Share on other sites

Hi,

Do you have "Use expert system algorithms to identify malicious files" enabled? It is located in Settings > Security> Scan option.

Please turn it off and restore the files from Quarantine and re-scan.

It is to detect malformed files but sometimes legit files use protection that make them malformed. Malwarebytes is still tweaking the algorithms that is why it’s off by default. If you switch it on it is assumed you are able to tell the difference between a FP and a legit detection. 

And if you keep it on I suggest also turn off auto quarantine. Gives you the time to report FP's and not go thru the extra step to have to restore from quarantine.

Also please provide the detection log so it can be fixed for the future.

Edited by Porthos
  • Like 1
Link to post
Share on other sites

Thanks for your help Porthos. I suppose I could have turned that on but I am not a tech person and don't know enough about these things to fiddle around with them. I have no recollection of turning this on. Anyway, it is off now and will stay off. I have attached the file you asked for but have one other question: I have 2 other files detected on 5/6/21 in quarantine and I think based on what was said elsewhere on this forum that they were false positives. I am not sure if I should also restore them too or not....the action was noted as "replaced" both times?

detection log.txt

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.