Page 1 of 4 1234 LastLast
Results 1 to 10 of 33

Thread: False Positive with Adobe Flash from file name ...Flash10b.ocx ?

  1. #1
    chaddoman Guest

    Default False Positive with Adobe Flash from file name ...Flash10b.ocx ?

    I installed the most current Adobe Flash player avialable, 10.0.22.87, within the last few days on both of my two computers on a network.Both computers find a Trojan W32.lhdyzz when running a Spyware scan. After deleting the Trojan, the computer reboots and subsequently when another Spyware scan is performed, the Trojan is again reported. Removing the file, pointed to in the scan results, cures the problem, but of course renders the Flash Player inoperative.The file name is: C:\WINDOWS\system3MacromeFlash\Flash10b.ocx
    I have removed and reinstalled the Adobe Flash player to no avail.
    I believe this to be a 'false positive'. Both of my systems respond alike.
    Both System configurations:Windows XP Pro with all current Windows Updates applied.
    ZoneAlarm Internet Security Suite: 8.0.298.000
    I have been unable to email Tech. Support with this problem all day.


    spywarefeedback@us.checkpoint.com

    Permanent Failure: Other address status

    Delivery last attempted at Mon, 9 Mar 2009 17:54:05 -0000
    Has anyone had this problem?

    Operating System:Windows XP Pro
    Software Version:8.0
    Product Name:ZoneAlarm Internet Security Suite

  2. #2
    stoneil Guest

    Default Re: False Positive with Adobe Flash from file name ...Flash10b.ocx ?

    Yes I too have suffered this false positive
    I can only assume that the data base has found that the active x has changed size fromthe previous version and therefore thrown it up as a Trojan.
    Hope they fix it quick

  3. #3
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,289

    Default Re: False Positive with Adobe Flash from file name ...Flash10b.ocx ?

    Hi!please report to ZA technical support: www.zonealarm.com/tsform and provide as much information as possible so ZAlabs can fic the false positive rapidly.Cheers,Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  4. #4
    za_avastfan Guest

    Default Re: False Positive with Adobe Flash from file name ...Flash10b.ocx ?

    Dear ZA Forum,

    I too just picked up exactly the same 'detection' with the anti-spyware function in ZA Pro.

    This is most likely a false positive.

    I uploaded the file to virustotal.com and 39 different virus scanners all found NOTHING! :-)

    Hopefully this will be fixed in the next update.

    ZA_avastfan

  5. #5
    chaddoman Guest

    Default Re: False Positive with Adobe Flash from file name ...Flash10b.ocx ?

    I have reported this via the link in Guru's message. Hopefully it will be fixed soon.Thanks.
    Chad

  6. #6
    chaddoman Guest

    Default Re: False Positive with Adobe Flash from file name ...Flash10b.ocx ?

    Many thanks to others who responded to my original message in support of identifying the problem.Thanks for speaking up.
    Chad

  7. #7
    ananda Guest

    Default Re: False Positive with Adobe Flash from file name ...Flash10b.ocx ?

    Hi, Guru Fax
    Got the same problem last night.
    How/when will we know this has been fixed? Will there be a message here or will it be by installing things again and see what gives?
    Thanks for your precious time.
    Kind regards,
    Ananda

    Message Edited by Ananda on 03-10-2009 10:19 AM

  8. #8
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,289

    Default Re: False Positive with Adobe Flash from file name ...Flash10b.ocx ?

    Hi!please report to ZA technical support...They will help you on the issue.Cheers,Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  9. #9
    chaddoman Guest

    Default Re: False Positive with Adobe Flash from file name ...Flash10b.ocx ?

    Fax Guru,
    If you believe the following is not an appropriate response, please feel free to criticize, omit or disclaim it.
    Ananda, I'm responding to your message to 'Fax Guru' above. Please keep in mind that my suggestions below are not from 'Fax Guru' or anyone else from ZoneAlarm. I share your concerns expressed within your message, of course. Heres my 'work-around' to this problem:
    For each time the Spyware Scan is run and I am able to view the results in the Scanning Status window, when I observe an occurence for the Win32.lhdyzz Trojan I:
    1. Verify that this particular occurrence is pointing to the same file: C:\WINDOWS\system32\Macromed\Flash\Flash10b.ocx. (See 'Detail' field, where it names the file.)2. If it is the same file, I elect to choose "Ignore Once' from the drop-down menu under the 'Treatment' column heading. Then click ' Apply'. 'Ignore Once' is then shown in the Treatment column for this Trojan occurrence.
    With these choices, after I click 'Done' the windows closes and ZoneAlarm does not recommend a system boot. I believe it's important to remember that each time Spyware Scan is run, the user should carefully verify the selections above are made only for this particular occurrence of the Win32.lhdyzz Trojan, relating only to this particular Flash file. Any other occurrence of this Trojan relating to another file in your system should be carefully considered before selecting an option in the drop-down window.
    The method I've described above avoids having to boot the system each time this particular Trojan occurrence is observed in the Scan Results if one selects 'Delete' from the drop-down menu. My work-around is based on the assumption that we believe this particular Trojan to be a 'false positive'. In deed, it appears that another of the contributers has already had the file tested for a virus/Trojan and it seems to be benign.
    I know that ZoneAlarm will likely fix this problem soon and it will no longer be showing up on the Scan Results. They work pretty hard
    to providie a robust, full-featured
    product.
    Again, the method I've chosen to address this particular problem is my own. Each reader should make his/her own decision as to how they will address their own particular problem or set of circumstances.
    Best regards,
    Chaddoman

  10. #10
    ananda Guest

    Default Re: False Positive with Adobe Flash from file name ...Flash10b.ocx ?

    Hello Chaddoman
    I do understand both
    your concern and your suggestions. I addressed Fax as I understand she knows more about one thing and another than we, the users, do. Else any response from gurus would be sort of nonsense, would it not?

    Meanwhile, I have discovered how to inform the Kaspersky people
    about a possible false positive:<blockquote>

    A. Put the suspected virus in a password-protected zip or rar file.
    B. Compose an email message (only short description) and attach the zip file.
    C. Include the password in the body/subject of the email. If you suspect a false positive, then include &quot;Possible false positive&quot; in the subjectline.
    D. Send the zip/rar file to newvirus@kaspersky.com</blockquote>

    You get an answer before the day is over.
    I have not done this yet, as I discovered this after I had removed Flash.<p align="left">I understand you still have Flash on your computer, so perhaps you may do so, and let me know the result?
    If impossible, okay.<p align="left">Kind regards,

    Ananda

    Message Edited by Ananda on 03-10-2009 02:58 PM

Page 1 of 4 1234 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •