ClamWin Free Antivirus Forum Index
ClamWin Free Antivirus
Support and Discussion Forums
Reply to topic
false positives?
jamiesandhillcrane


Joined: 17 Dec 2006
Posts: 1
Reply with quote
Hi,
I got these results after scanning:
C:\Program Files\LeechGet 2005\DownloadManager.dll: Trojan.Spy.W32.KeySpy-3 FOUND

C:\Program Files\LeechGet 2005\LeechGet.exe: Trojan.Spy.W32.KeySpy-3 FOUND

C:\Program Files\Network Associates\McAfeeAvertStinger3020\stinst32.exe: Trojan.Agent-18 FOUND

Are these false positives?
BTW, I'm sorry if I posted this in the wrong category.
Take care,
Jamie
View user's profileSend private message
Not A False Positive!
GuitarBob


Joined: 09 Jul 2006
Posts: 4359
Location: USA
Reply with quote
This doesn't appear to be a false positive. A Google search on the ClamWin name for the malware turned up the information below. Looks like you also ran the McAfee Stinger, which probably removed the malware. Usually, if more than one antivirus programs find something, it's not a false positive. Unfortunately, they don't all use the same naming system, so the same piece of malware can have many names.

If you have ClamWin configured to quarantine malware it finds, look in the ClamWin quarantine directory and delete anything there. The default quarantine for Win XP machines is C:\Documents and Settings\All Users\.clamwin\quarantine. The ClamWin configuration page will tell you for sure where the quarantine folder is located.

Run ClamWin frequently, and keep it updated!


GOOGLE info:
Added: Trojan.Spy.W32.KeySpy-3 Virus name alias: Trojan-Spy.Win32.KeySpy.k (Kaspersky
AVP), Trojan.Spy.Keyspy.K (Bitdefender) Submission-ID: 127069 ...
lurker.clamav.net/message/20061214.145458.42dec593.en.html - 36k -
View user's profileSend private message
sherpya


Joined: 22 Mar 2006
Posts: 898
Location: Italy
Reply with quote
Often some download managers are "bundled" with spyware,
the stinger may have some sig inside, but it's not installable so it looks strange to be there
View user's profileSend private message
alch
Site Admin

Joined: 27 Nov 2005
Posts: 1751
Reply with quote
try scanning those reported files online at http://www.virustotal.com
View user's profileSend private message
false positives?
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT  
Page 1 of 1  

  
  
 Reply to topic