ClamWin Free Antivirus Forum Index
ClamWin Free Antivirus
Support and Discussion Forums
Reply to topic
brdefprn.exe Flaged as Win.trojan by Clam
TedPalmer


Joined: 15 Jul 2013
Posts: 1
Location: St. Louis, MO USA
Reply with quote
On my Windows Server 2003 machine with AD, this file was flagged as "Win.Trojan.4388970 " Here is the clam scan results file followed by what was reported when I scanned it using Symantec's Norton Antivirus program from a work station:
+++++++++++++++++++++++++++++++++++++++++++

Clamscan Virus scan on 2013-07-11 12:30
C:\AutoSubrogate\AutoSubrogate\MyFiles\23326\Investigations\REPORT FROM INDIANA SEC OF STATE.mht: Exploit.HTML.MHTRedir-8 FOUND
C:\AutoSubrogate\AutoSubrogate\MyFiles\23329\Investigations\missouri no. 2.mht: Exploit.HTML.MHTRedir-8 FOUND
WARNING: Can't open file \\?\C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat: Permission denied
WARNING: Can't open file \\?\C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG: Permission denied
WARNING: Can't open file \\?\C:\Documents and Settings\Administrator\NTUSER.DAT: Permission denied
WARNING: Can't open file \\?\C:\Documents and Settings\Administrator\ntuser.dat.LOG: Permission denied
WARNING: Can't open file \\?\C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat: Permission denied
WARNING: Can't open file \\?\C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG: Permission denied
WARNING: Can't open file \\?\C:\Documents and Settings\LocalService\NTUSER.DAT: Permission denied
WARNING: Can't open file \\?\C:\Documents and Settings\LocalService\ntuser.dat.LOG: Permission denied
WARNING: Can't open file \\?\C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat: Permission denied
WARNING: Can't open file \\?\C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG: Permission denied
WARNING: Can't open file \\?\C:\Documents and Settings\NetworkService\NTUSER.DAT: Permission denied
WARNING: Can't open file \\?\C:\Documents and Settings\NetworkService\ntuser.dat.LOG: Permission denied
WARNING: Can't open file \\?\C:\pagefile.sys: Permission denied
C:\Program Files\Brother\BRHL2170\brdefprn.exe: Win.Trojan.4388970 FOUND
WARNING: Can't open file \\?\C:\WINDOWS\NTDS\edb.log: Permission denied
WARNING: Can't open file \\?\C:\WINDOWS\NTDS\ntds.dit: Permission denied
WARNING: Can't open file \\?\C:\WINDOWS\NTDS\temp.edb: Permission denied
WARNING: Can't open file \\?\C:\WINDOWS\ntfrs\jet\log\edb.log: Permission denied
WARNING: Can't open file \\?\C:\WINDOWS\ntfrs\jet\log\edbtmp.log: Permission denied
WARNING: Can't open file \\?\C:\WINDOWS\ntfrs\jet\ntfrs.jdb: Permission denied
WARNING: Can't open file \\?\C:\WINDOWS\ntfrs\jet\temp\tmp.edb: Permission denied
WARNING: Can't open file \\?\C:\WINDOWS\system32\config\default: Permission denied
WARNING: Can't open file \\?\C:\WINDOWS\system32\config\default.LOG: Permission denied
WARNING: Can't open file \\?\C:\WINDOWS\system32\config\SAM: Permission denied
WARNING: Can't open file \\?\C:\WINDOWS\system32\config\SAM.LOG: Permission denied
WARNING: Can't open file \\?\C:\WINDOWS\system32\config\SECURITY: Permission denied
WARNING: Can't open file \\?\C:\WINDOWS\system32\config\SECURITY.LOG: Permission denied
WARNING: Can't open file \\?\C:\WINDOWS\system32\config\software: Permission denied
WARNING: Can't open file \\?\C:\WINDOWS\system32\config\software.LOG: Permission denied
WARNING: Can't open file \\?\C:\WINDOWS\system32\config\system: Permission denied
WARNING: Can't open file \\?\C:\WINDOWS\system32\config\system.LOG: Permission denied

----------- SCAN SUMMARY -----------
Known viruses: 2494911
Engine version: 0.97.8
Scanned directories: 53517
Scanned files: 99091
Infected files: 3
Data scanned: 26163.72 MB
Data read: 35340.77 MB (ratio 0.74:1)
Time: 20969.640 sec (349 m 29 s)
End__ Clamscan 2013-07-11 06:19
Start Clamscan 2013-07-11 12:30

+++++++++++++++++++++++++++++++++++++++++++
Symantec's Norton Antivirus program results:
+++++++++++++++++++++++++++++++++++++++++++

Scan Statistics:
Scan Start:
Local: 7/15/2013 12:04 PM
UTC: 7/15/2013 5:04 PM
Scan Time: 1 seconds
Scan Targets: \\Lawoffice\c$\Program Files\Brother\BRHL2170\brdefprn.exe
Counts:
Total items scanned: 1
- Files & Directories: 1
- Registry Entries: 0
- Processes & Start-up Items: 0
- Network & Browser Items: 0
- Other: 0
- Trusted Files: 0
- Skipped Files: 0

Total security risks detected: 0
Total items resolved: 0
Total items that require attention: 0

Resolved Threats:
No risks have been resolved

Unresolved Threats:
No unresolved risks

+++++++++++++++++++++++++++++++++++++++++++
I am not a subject matter expert on viruses. So I must defer to those
who are. I am just trying to make a contribution. I hope I have used
a good method for notification of this issue. If I have put this in the
wrong place on this forum website, please tell me and I will do my
best to comply in the future.

I don't believe any action is necessary on my part to deal with this.
But I would be most appreciative if a knowledgeable moderator
could advise me about that.

Thank you for all that you do!
Ted Palmer
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4335
Location: USA
Reply with quote
Hello Ted:

Thanks for using ClamWin!

You should upload all false positive detections, like that Brother printer file to Clam AV, starting at http://www.clamav.net/lang/en/sendvirus/ on the web. That web page has one link for false positive reports and another link for undetected virus reports. Clam AV furnishes the scan engine and signature database used by the ClamWin scanner, so they must take care of all signatures.

I reported the Brother file to Clam several days ago. They have not corrected it yet, so if you report it, that might help hurry things along. They might take a week or longer to get around to it. Most Clam AV signatures are now prepared automatically, but false positives must be worked manually, and, unfortunately, Clam AV does not have any full-time human sigmakers.

As for exploits, most AVs do not do that well at detecting them--especially in the early stages. I check any doubtful ClamWin detections on Jotti or Virus Total to see if Avast, Dr. Web and Nod32 detect them. These 3 AVs are usually pretty good at detecting exploits/adware, and I will believe a detection if they say so

Regards,
View user's profileSend private message
brdefprn.exe Flaged as Win.trojan by Clam
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT  
Page 1 of 1  

  
  
 Reply to topic