ClamWin Free Antivirus Forum Index
ClamWin Free Antivirus
Support and Discussion Forums
Reply to topic
False positive or actual trojanin Pantech WAN card software?
hplus


Joined: 13 Feb 2008
Posts: 2
Reply with quote
I scanned programs in memory, and was told that the service utility for my WAN card (which has been installed and updated from my wireless provider over the air) had a trojan (Mybot-8199).

I'm wondering whether this is a false positive. What should I do to figure out which it is?

Here is the scan log:

Code:



Scan Started Wed Feb 13 13:06:12 2008

-------------------------------------------------------------------------------



 *** Scanning Programs in Computer Memory ***



Unloading program C:\Program Files\Sprint\Pantech\Sprint Mobile Broadband (Pantech)\PWIUtilityService.exe from memory



 *** Scanned 64 processes - 665 modules ***

 *** Computer Memory Scan Completed ***





C:\Program Files\Sprint\Pantech\Sprint Mobile Broadband (Pantech)\PWIUtilityService.exe: Trojan.Mybot-8199 FOUND

----------- SCAN SUMMARY -----------

Known viruses: 208022

Engine version: 0.92

Scanned directories: 0

Scanned files: 729

Skipped non-executable files: 0

Infected files: 1



Data scanned: 463.14 MB

Time: 158.985 sec (2 m 38 s)

--------------------------------------

Completed

--------------------------------------

View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4335
Location: USA
Reply with quote
Most likely it's a false positive if you've had/used the file/program for a time. Upload the file (if you can) to Jotti at http://virusscan.jotti.org/ on line, and they will provide a free scan of it with 20 antiviruses including ClamAV. If at least four or five antiviruses find malware, it is probably for real, and, in that case, contact the vendor before you do anything.

I recently had a ClamWin false positive for another antivirus program! FPs happen with all AVs from time to time. Viruses do many of the same things that normal software does--upload, download, change the registry, etc. That's why I configure ClamWin to Report only and not to quarantine--I don't want it to quarantine an important system file and lose access to the system.

Regards,
View user's profileSend private message
hplus


Joined: 13 Feb 2008
Posts: 2
Reply with quote
GuitarBob wrote:
Upload the file (if you can) to Jotti at http://virusscan.jotti.org/ on line, and they will provide a free scan of it with 20 antiviruses including ClamAV.


Thanks for the link. It does appear to be a false positive.

Code:

 Scan taken on 14 Feb 2008 23:33:26 (GMT)
A-Squared    Found nothing
AntiVir    Found nothing
ArcaVir    Found nothing
Avast    Found nothing
AVG Antivirus    Found nothing
BitDefender    Found nothing
ClamAV    Found Trojan.Mybot-8199
CPsecure    Found nothing
Dr.Web    Found nothing
F-Prot Antivirus    Found nothing
F-Secure Anti-Virus    Found nothing
Fortinet    Found nothing
Ikarus    Found nothing
Kaspersky Anti-Virus    Found nothing
NOD32    Found nothing
Norman Virus Control    Found nothing
Panda Antivirus    Found nothing
Rising Antivirus    Found nothing
Sophos Antivirus    Found nothing
VirusBuster    Found nothing
VBA32    Found nothing
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4335
Location: USA
Reply with quote
You can report false positives to ClamAV at http://cgi.clamav.net/sendvirus.cgi on the Web. They will update the ClamAV virus signatures that ClamWin also uses, and you will be helping to improve the product(s).

Regards,
View user's profileSend private message
False positive or actual trojanin Pantech WAN card software?
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT  
Page 1 of 1  

  
  
 Reply to topic