ClamWin Free Antivirus Forum Index
ClamWin Free Antivirus
Support and Discussion Forums
Reply to topic
SVKP.sys: Trojan.PcClient-41 - false positive ?
wtfia


Joined: 07 May 2006
Posts: 2
Reply with quote
First use of ClamWin

Got clamwin, did a scan, it came up with this:

C:/WINDOWS/system32/SVKP.sys: Trojan.PcClient-41 FOUND

The database is up-to-date (6 of May 2006). A quick search on google came out with a few pages like http://vil.nai.com/vil/content/v_101134.htm this one saying that it might not be a trojan. Seems to be a common mistake with av programs. On my system the file is not the right size, Etherlink reports no traffic to irc.alphanine.net and the key that was supposed to be in the registry is not there. The file (ntdsapi.dll) is there, but says it belongs to Microsoft Corporation, not that it couldn't be faked. There seems to be no process or service running that I don't know about.
I tried to submit the file (svkp.sys) to ClamAv Online virus scanner, but:
Quote:
File is valid, and was successfully uploaded.

ClamAV Version running:

ClamAV 0.88

ClamAV scans the file ...

Clamav-Output:

ERROR: Unable to open file or directory /usr/bin/clamscan --stdout --disable-summary /tmp/phpl08RG0

Clamav DID NOT identify your sample as malicious content

If you really think your sample is a virus or any other harmful thing clamav should detect please go to

http://www.clamav.net/sendvirus.html

and submit the virus.

Thank you for supporting Open Source Software


I also scanned my computer with Kaspersky wich ignored this file with no warning.
The file seems to belong to http://www.anticracking.sk/ SVK Protector. I did not install that on purpose, and I don't like it being there, although i don't read every EULA that I accept (does anyone ?), so it's probably my fault.

Is this really a false positive, or do i have a trojan that might be inactive ? And is there any way to find out who uses this file ? I mean besides removing/renaming it and waiting to see if anything breaks.

EDIT: I found http://www.virustotal.com www.virustotal.com in another post. ClamWin is the only one reporting a trojan on this file.
View user's profileSend private message
alch
Site Admin

Joined: 27 Nov 2005
Posts: 1751
Reply with quote
most likely clamav online scanner is temporarily broken.

use this FAQ and submit your false positive:
http://www.clamwin.com/content/view/40/27/
View user's profileSend private message
SVKP.sys: Trojan.PcClient-41 - false positive ?
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT  
Page 1 of 1  

  
  
 Reply to topic