Windows 10: False Positives: Drivers from working computer copied over still showing as "unsigned...

Discus and support False Positives: Drivers from working computer copied over still showing as "unsigned... in Windows 10 BSOD Crashes and Debugging to solve the problem; I tried installing an old game from the disc (Bet on Soldier). It said it would not work on my OS, only XP and 95, but I went ahead anyway. After... Discussion in 'Windows 10 BSOD Crashes and Debugging' started by Inicus, Mar 25, 2019.

  1. Inicus Win User

    False Positives: Drivers from working computer copied over still showing as "unsigned...


    I tried installing an old game from the disc (Bet on Soldier). It said it would not work on my OS, only XP and 95, but I went ahead anyway.
    After install it required a restart. It could not boot until I disabled driver signature enforcement.
    I remembered a similar thing happened a while back when I tried to play the demo of the game, so I'm pretty sure the game's installer is making a bad change to a Windows file somewhere, probably with an out-of-date driver signature.

    I ran sigverif and it found three unsigned drivers in c:\windows\system32\
    msvcp110.dll
    msvcr110.dll
    vccorlib110.dll

    However, the date modified for each of those files was not today, but several years ago (5/11/2012), so it seems unlikely. I followed all the procedures I could find on these forums:

    1) I ran sfc /scannow. It repaired one file: mscormmc.dll

    2) Downloaded Visual Studio Redistributable 2017 and tried repairing, and tried uninstalling then installing again. Made no difference.

    3) Copied the specific dll files from my partner's computer (also running up-to-date Windows 10) and using them to replace my versions of those three dll's. Still sigverif finds them to be unsigned. Ran sigverif on my partner's computer and it finds no signature problems with any of her files.

    This suggests to me that it has nothing to do with these three dll's, but is actually a reference problem - I think these dll's have the correct signature, and whatever signature database sigverif is checking against has been altered or corrupted and no longer has the correct signatures in its database for these three dll's. Next I tried:

    4) I ran cmd as admin, used takeown /f on each of the files, and tried "regsvr32 msvcp110.dll" for each of them, and received this error:

    "The module "c:\windows\system32\msvcp110.dll" was loaded but the entry-point DllRegisterServer was not found.
    Make sure that "C:\windows\system32\msvcp110.dll" is a valid DLL or OCX file and then try again."


    5) Just to see what would happen, I deleted these three dll's and ran sigverif, and it still reported that these were unsigned, but now it listed their date modified as "Unknown" and their version as "None" in the dialog box. I tried deleting another random dll from that directory to see if sigverif would show the same error whenever a dll was missing, but it didn't. It still only found a problem with those three dll's.


    So where/how does sigverif or Windows check the driver signatures? Is there a local database on the computer?

    I'm guessing it might have something to do with HKEY_LOCAL_MACHINE\Software\Microsoft\Driver Signing registry key. Is there a way I can get Windows to refresh/verify/update this?

    Or any other ideas on how to solve this?

    :)
     
    Inicus, Mar 25, 2019
    #1
  2. Snixtor Win User

    False positive for desktop shortcut scanner.lnk

    The 1.239.488.0 virus / spyware definition update that rolled out about 24 hours ago appears to be producing a false positive for any shortcut placed on the desktop called "Scanner.lnk". I can consistently replicate a false positive for Trojan:Win32/FakeSysdef
    with the following steps.

    • Create a shortcut to an exe file.
    • Place the shortcut on the desktop.
    • Name the shortcut "Scanner".
    • Run "Quick Scan".
    I don't get the same result by directly scanning the file, nor by uploading the file to www.virustotal.com, so it would appear this is as a result of a heuristic rather than a file content analysis. I also don't get the same result with a shortcut that links
    to a website.

    Can anyone else replicate? How can we go about getting the Windows Defender team to reconsider this heuristic? It's a bit heavy-handed.
     
    Snixtor, Mar 25, 2019
    #2
  3. defender false positive

    Hi Bob,

    To better assist you, kindly verify the following:

    • Where did you submit the file about Windows Defender being false positive?
    • Right after the recent Windows 10 update, your Zara Radio stopped working?
    • Regarding the 404 error, what application were you using when you got that error?

    Let us know.
     
    Joanna 777, Mar 25, 2019
    #3
  4. Mussels Win User

    False Positives: Drivers from working computer copied over still showing as "unsigned...

    Malwarebytes = False Positive??

    yes, malwarebytes loves false positives. i'm one of the few members of this forum that doesnt go crazy reccomending it, for a while i kept posting a test i did - two copies of a file, one called 'harmless.exe' and one 'keygen.exe' and guess which one malwarebytes had a hissyfit at?

    its detection methods are pretty piss poor, it just so happens that its removal methods are effective enough that people like it even with the false positives and scare mongering.
     
    Mussels, Mar 25, 2019
    #4
Thema:

False Positives: Drivers from working computer copied over still showing as "unsigned...

Loading...
  1. False Positives: Drivers from working computer copied over still showing as "unsigned... - Similar Threads - False Positives Drivers

  2. Is this a false positive?

    in Windows 10 Gaming
    Is this a false positive?: I ran autorun, virustotal says it had trojan virus. Only one steam.exe existed in system.I checked hashes are the same, but I am not sure about sign whether is legit or not.I lived in Thailand, so there must have time zone differenece.The extra 32 seconds compared to the...
  3. Is this a false positive?

    in Windows 10 Software and Apps
    Is this a false positive?: I ran autorun, virustotal says it had trojan virus. Only one steam.exe existed in system.I checked hashes are the same, but I am not sure about sign whether is legit or not.I lived in Thailand, so there must have time zone differenece.The extra 32 seconds compared to the...
  4. False positive??

    in AntiVirus, Firewalls and System Security
    False positive??: Hello! I downloaded a file from web and I think I got viruses or malware from it. First, Windows Defender notified me that I got malware and I deleted all the temp and patched files from my laptop and scanned it after with Microsoft Security Scan and it said I have 0 files...
  5. False positive??

    in Windows 10 Gaming
    False positive??: Hello! I downloaded a file from web and I think I got viruses or malware from it. First, Windows Defender notified me that I got malware and I deleted all the temp and patched files from my laptop and scanned it after with Microsoft Security Scan and it said I have 0 files...
  6. False positive??

    in Windows 10 Software and Apps
    False positive??: Hello! I downloaded a file from web and I think I got viruses or malware from it. First, Windows Defender notified me that I got malware and I deleted all the temp and patched files from my laptop and scanned it after with Microsoft Security Scan and it said I have 0 files...
  7. Is this a false positive

    in Windows 10 Gaming
    Is this a false positive: I'm pretty scared cause I clicked on this link for help and it flagged as malicious https://www.virustotal.com/gui/url/419ed1cdabbd93e665156658d341edf1ef001c4158864fa4ca2ad501839a3dd7?nocache=1...
  8. Is this a false positive

    in Windows 10 Software and Apps
    Is this a false positive: I'm pretty scared cause I clicked on this link for help and it flagged as malicious https://www.virustotal.com/gui/url/419ed1cdabbd93e665156658d341edf1ef001c4158864fa4ca2ad501839a3dd7?nocache=1...
  9. is this a false positive or no?

    in Windows 10 Ask Insider
    is this a false positive or no?: [ATTACH] submitted by /u/GloomyMusician24 [link] [comments] https://www.reddit.com/r/Windows10/comments/lb83rc/is_this_a_false_positive_or_no/
  10. False negative or false positive ?

    in Windows 10 Performance & Maintenance
    False negative or false positive ?: Win 10 Home 10586.164 Did a Sfc /scannow. Result : found corrupted files but unable to repair some of them. Did a dism..../restorehealth. Result : Restore operation successful. Did a sfc /scannow right after dism. Result : found corrupted files but unable to...