I'm running W7 64bit and using Windows Defender, and Avira AV Free and running scans every evening (computer on 24/7) with no problems. I also run Malwarebytes about every 2 weeks or so, almost always with no problems found.
My problem is that while editing photos in Windows Live Photo Gallery every time I save an edited photo Avira pops up telling me that I have EXP/MS04-028.JPEG.A . I click to remove it and problem solved. Except that when Avira removes it it also removes the original file from my computer, leaving the edited photo with no possibility of going back to the origninal if I would want to. The photos originate in my Nikon S3000 camera and are saved onto an 8GB SD card which I have repeatedly formated in the camera. Is my problem a false positive? Since I am creating the file in the first place by taking the picture and then editing it how am I getting this EXP/MS04-028.JPEG.A exploit?
Yes, that will be a false positive. Your camera is writing metadata, probably some of it is unusual. There's no standard for it (only defacto... EXIF)
You probably can't configure your camera to stop doing that, so probably your best bet is to just remove .jpg as a file type checked by the guard (which then won't scan jpegs and some of them might contain that exploit. However, it doesn't really matter because the vulnerability has long since been patched)
#2. "RE: EXP/MS04-028.JPEG.A Exploit in Photos" In response to Grogan (Reply # 1) Sun Dec-12-10 02:03 AM by Grogan
Err, actually, what you should do is submit one of those as a sample and Avira will fix the false detection.
You can temporarily disable the guard to send one of those jpegs as a sample, if you haven't already removed jpg from the list of files scanned by the guard.
Make sure to choose "Suspected False Positive (Not Malware)" from the File type drop list.
P.S. While I've never submitted a false positive, I do often submit undetected malware (executables and dlls that I know are malicious but not detected by any of the scanners) and they respond to it very quickly. First comes a form email, but then maybe by the next day a real email comes saying they have analyzed the malware and added it to the definitions and the name they have given it.
I re-read your post and it seems more like it's the Windows Live Photo Gallery software that's writing the metadata that's triggering Avira, rather than the camera. If so, that would be easier to work around.
It doesn't matter though, the important part is that it is Avira that is in error, and that is what should be fixed.
