Results 1 to 4 of 4

Thread: pdf2xml.exe (part of mobipocket program) looks like a false positive

  1. #1
    benreffell Guest

    Default pdf2xml.exe (part of mobipocket program) looks like a false positive

    I'm running ZASS
    version 9.1.008.0000 ,
    with anti-virus/anti-spyware
    version 8.0.2.42
    DAT file 1013005664
    it reported the following for my mobipocket (an e-reader program)

    not-a-virus:PSWTool.Win32.PdfCracker.aa
    was found in C:\Program Files\Mobipocket.com\Mobipocket Reader\pdf2xml.exe

    Ran the actual file pdf2xml.exe (768kb) through www.virustotal.com today, kasperskly was the only one that flagged it (same reason as above, not surprising since ZASS uses Kaspersky for it's anti-virus/anti-spyware)

    Thus believe it is a false positive
    (thinks it's actually Win32.PdfCracker.aa)

    results from virustotal as shown below (blank = nothing found)

    File pdf2xml.exe received on 2010.03.02 23:50:19 (UTC)

    Result: 1/42 (2.39%)

    Antivirus Version Last Update Result
    a-squared 4.5.0.50 2010.03.02 -
    AhnLab-V3 5.0.0.2 2010.03.02 -
    AntiVir 8.2.1.180 2010.03.02 -
    Antiy-AVL 2.0.3.7 2010.03.02 -
    Authentium 5.2.0.5 2010.03.02 -
    Avast 4.8.1351.0 2010.03.02 -
    Avast5 5.0.332.0 2010.03.02 -
    AVG 9.0.0.730 2010.03.02 -
    BitDefender 7.2 2010.03.02 -
    CAT-QuickHeal 10.00 2010.03.02 -
    ClamAV 0.96.0.0-git 2010.03.03 -
    Comodo 4091 2010.02.28 -
    DrWeb 5.0.1.12222 2010.03.02 -
    eSafe 7.0.17.0 2010.03.02 -
    eTrust-Vet 35.2.7336 2010.03.02 -
    F-Prot 4.5.1.85 2010.03.02 -
    F-Secure 9.0.15370.0 2010.03.02 -
    Fortinet 4.0.14.0 2010.02.28 -
    GData 19 2010.03.02 -
    Ikarus T3.1.1.80.0 2010.03.02 -
    Jiangmin 13.0.900 2010.03.02 -
    K7AntiVirus 7.10.987 2010.03.02 -
    Kaspersky 7.0.0.125 2010.03.02 not-a-virus:PSWTool.Win32.PdfCracker.aa
    McAfee 5908 2010.03.02 -
    McAfee+Artemis 5908 2010.03.02 -
    McAfee-GW-Edition 6.8.5 2010.03.02 -
    Microsoft 1.5502 2010.03.02 -
    NOD32 4910 2010.03.02 -
    Norman 6.04.08 2010.03.02 -
    nProtect 2009.1.8.0 2010.03.02 -
    Panda 10.0.2.2 2010.03.02 -
    PCTools 7.0.3.5 2010.03.02 -
    Prevx 3.0 2010.03.03 -
    Rising 22.37.01.04 2010.03.02 -
    Sophos 4.50.0 2010.03.02 -
    Sunbelt 5731 2010.03.02 -
    Symantec 20091.2.0.41 2010.03.03 -
    TheHacker 6.5.1.7.218 2010.03.03 -
    TrendMicro 9.120.0.1004 2010.03.02 -
    VBA32 3.12.12.2 2010.03.02 -
    ViRobot 2010.3.2.2208 2010.03.02 -
    VirusBuster 5.0.27.0 2010.03.02 -

    Additional information
    File size: 786432 bytes
    MD5...: d0497603191807621613d590c1e833ad
    SHA1..: b5e305853cfe95b8d829c91bf8d1cce4c433f136
    SHA256: 60afbda00a759c3842f65d71d7a0ac1f6a9d97ece395830c71 036b3940f98182
    ssdeep: 12288:0/5bUCw0JHnwXAbx4arissq17VFzVCxkFftvYTDjJm8jtzD:65b5 VJQOLb
    QxkFf6TD
    PEiD..: -
    PEInfo: PE Structure information

  2. #2
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,290

    Default Re: pdf2xml.exe (part of mobipocket program) looks like a false positive

    Hi!
    please report to kaspersky as indicated here:
    How to report antivirus/antispyware false positives

    Cheers,
    Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  3. #3
    benreffell Guest

    Default Re: pdf2xml.exe (part of mobipocket program) looks like a false positive

    Sorry should have mentioned I had already sent file to Kaspersky

    got the following answer back just now confirming it is "false positive"

    Hello,

    Sorry, it was a false detection. It will be fixed in the next update.
    Thank you for your help.

    Regards, Vitaly Yakutenko
    Virus analyst, Kaspersky Lab.

    > >From: ben
    > >Sent: 03.03.2010 3:13:00
    > >To: "New Virus" <newvirus@kaspersky.com>
    > >Subject: [VirLabSRF][False Alarm][M:1][LN:EN][L:0]
    > >
    > >
    > > LANG: en
    > > email: ben
    > > product: version 8.0.2.42 DAT file 1013005664
    > > viruses_date: 2/03/2010
    > >
    > > description:
    > > False positive : pdf2xml.exe
    > >
    > > I"m running ZASS
    > > version 9.1.008.0000 ,
    > > with anti-virus/anti-spyware
    > > version 8.0.2.42
    > > DAT file 1013005664
    > > it reported the following for my mobipocket (e-reader program)
    > >
    > > not-a-virus:PSWTool.Win32.PdfCracker.aa was found in C:\Program Files\Mobipocket.com\Mobipocket Reader\pdf2xml.exe
    > >
    > > Ran the actual file through www.virustotal.com, kasperskly was the only one that flagged it (same reason as above)
    > >
    > > Thus beleive it is a false positive
    > >
    > > uploaded files:
    > > pdf2xml.exe

  4. #4
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,290

    Default Re: pdf2xml.exe (part of mobipocket program) looks like a false positive

    Great! ZA uses Kaspersky engine. If it will be fixed in KAV it will also in ZA
    Usually they are very fast but sometimes you may need to wait for few updates before the fixing.

    Cheers,
    Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. False positive - WMIPRVSE.EXE
    By halifax_ca in forum ZoneAlarm Anti-virus & Anti-spyware
    Replies: 2
    Last Post: April 19th, 2009, 09:49 PM
  2. False positive - WMIPRVSE.EXE
    By seanys in forum ZoneAlarm Anti-virus & Anti-spyware
    Replies: 21
    Last Post: April 19th, 2009, 11:51 AM
  3. FALSE POSITIVE hh.exe
    By yarok in forum ZoneAlarm Anti-virus & Anti-spyware
    Replies: 0
    Last Post: March 21st, 2009, 01:45 AM
  4. ACDSEE32.EXE False Positive??
    By mbpress in forum ZoneAlarm Anti-virus & Anti-spyware
    Replies: 1
    Last Post: April 27th, 2008, 07:53 AM
  5. Replies: 2
    Last Post: January 2nd, 2008, 11:33 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •