How to check for false positive from anti-virus

security windows anti-virus

Solution 1:

A "false positive" is defined as when the anti-malware software detected a problem, but it wasn't actually malicious. There is no surefire direct simple process that will 100% rule out a false positive. If there were, we would automate that technique, and make that part of the anti-malware software.

So the answer to your question,

"Is there any manual way to determine definitively".

is: only one. That way is to manually analyze the threat, which you said you did in Notepad. If you applied sufficient expertise (e.g., understand the format of the file, and what it can do), then you've done all that you can "definitely" do. That is all that the world's best anti-malware authors/experts can do. There is nothing else that is more "definitive", nor any other simpler process that is "definitive".

One approach you can use is to cast this up to a vote. Upload the file to http://VirusTotal.com and quickly see what other anti-malware thinks of the file.

Anti-malware software vendors will often publish further info, about detected threats, on their website. Searching for "Kaspersky Threat Database led me to Kaspersky VirusWatchLite, and then you can enter "trojan-downloader.win32.pif.xx" into the filter box. This tells you that Kaspersky added the threat in April 2010. Unlike some other threats, this threat doesn't seem to have a hyperlink to more info.

Or you could try searching for "trojan-downloader.win32.pif.xx" on the web. This showed me that "trojan-downloader.win32.pif.us" had some info about it, with the top Google search result being the Microsoft hyperlink that you provided. So, it appears you already found that path to check out.

In the end, since the process of determining if something is actually malicious is making a decision that is not completely automatable, ultimately you must make your own decision.

Update: I now see your update. (I don't know how I missed it before.) I see you found VirusTotal as well. Well, it looks like you're finding the correct approaches. Consider my answer to be a vote of confidence that you're doing the right things. Consider yourself satisfied. Or, if you can't do that, play around with it some more, learning about the exact format of a Windows shortcut, and checking every single byte in a hex editor.

Related

Remove D: or Add C: Drive shortcuts from File Explorer
Looking to wire one CAT6 ethernet cable into TWO keystone jacks
remove leading 0 in front of decimal except when a a non-zero number precedes it
vim-tmux-navigator to use tmux prefix instead of C-[hjkl]
On wsl1, getting clipboard contents using powerhshell changes terminal appearanceā€¦?
Extract x seconds from every minute with ffmpeg
How to select the first number in cell in Excel?
Unable to uninstall Paragon HFS+ For Windows
Can I fix the MBR using a 1 year old MBR Backup?
Routing between two isolated systems without VPN
How download dropbox directory or files with command line on a linux server [duplicate]
How would I restore data of a Chrome extension only using backup?