ClamWin Free Antivirus Forum Index
ClamWin Free Antivirus
Support and Discussion Forums
Reply to topic
Is this a false positive?
mytomcat


Joined: 15 Sep 2020
Posts: 4
Reply with quote
https://r.virscan.org/language/en/report/bab5a0bf7a9d7b731f59d40056a50fd2
Scanner results:2%Antivirus software(1/49)found malware!
Time: 2020-09-15 09:42:09 (CST)

clamav
Engine Ver:25928
Sig Ver:0.100.2
Scan file: 360Util.dll
PUA.Win.Trojan.Generic-6629273-0
View user's profileSend private message
mytomcat


Joined: 15 Sep 2020
Posts: 4
Reply with quote
360Util.dll file https://cowtransfer.com/s/8a39bdd1dcae43
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4644
Location: USA
Reply with quote
You should scan files on Virus Total to verify whether or not they contain a virus. They use more than 60 AVs to do a scan. If a couple of major AVs see an infection, it is probably true. Jotti is another good online scanning service, but they only have about 20 AVs to scan something. I wouldn't trust any other online scanners.

Regards,
View user's profileSend private message
mytomcat


Joined: 15 Sep 2020
Posts: 4
Reply with quote
https://postimg.cc/Pp67qk8q
This is the result of a Jotti scan.
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4644
Location: USA
Reply with quote
I can't read the graphic--it's too small. Anway, when I was working signatures at Clam AV and didn't want to execute a file that might contain malware, I relied upon these AVs to tell me of an infected file: Avira, Bitdefender, Eset, Kaspersky, and Sophos. If 2 of them saw an infection, I believed it. They all had their own scan engine and were widely used, including business. They are still like that.

Regards,
View user's profileSend private message
mytomcat


Joined: 15 Sep 2020
Posts: 4
Reply with quote



360Util.dll
Name: 360Util.dll
Size: 598.07kB (612,424 bytes)
Type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
First seen: September 25, 2020 at 3:23:40 AM GMT+2
MD5: 7fb27d1dad1fba8454610d9b21202010
SHA1: d3a2e11ed3b20c9696b56051c00a6863fe56ea5c
Status: Scan finished. 1/15 scanners reported malware.
Scan taken on: October 10, 2020 at 3:48:45 AM GMT+2

Avast! Antivirus
Oct 10, 2020
Found nothing
BitDefender Antivirus
Oct 10, 2020
Found nothing
ClamAV
Oct 9, 2020
Win.Dropper.Gh0stRAT-9497880-0
Dr. Web
Oct 10, 2020
Found nothing
MicroWorld eScan
Oct 10, 2020
Found nothing
ESET
Oct 9, 2020
Found nothing
Fortinet
Oct 9, 2020
Found nothing
F-PROT Antivirus
Oct 10, 2020
Found nothing
F-Secure Anti-Virus
Oct 9, 2020
Found nothing
G DATA
Oct 10, 2020
Found nothing
Ikarus
Oct 9, 2020
Found nothing
K7 AV
Oct 9, 2020
Found nothing
Sophos
Oct 10, 2020
Found nothing
Trend Micro Antivirus
Oct 8, 2020
Found nothing
VBA32
Oct 9, 2020
Found nothing


This is the latest scan.
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4644
Location: USA
Reply with quote
When one or two AVs spot something as infected and the rest of the AVs do not find any infection, it is a pretty good bet that it is a false positive detection. Look especially at these AVs: Avira, Bitdefender, Eset Nod32, Kaspersky, and Sophos. If 2 of them see any infection, it is probably a real infection--otherwise there is no infection. Why these 5 AVs? They are big companies with lots of resources, they are used a lot by businesses, they do not use someone else's scan engine, and other AVs use their scan engines.

Always check files with Virus Total--we at ClamWin can not help you decide whether or not there is an infection.

Regards,
View user's profileSend private message
Is this a false positive?
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT  
Page 1 of 1  

  
  
 Reply to topic