ClamWin Free Antivirus Forum Index
ClamWin Free Antivirus
Support and Discussion Forums
Reply to topic
Panda InternetSecurity Detected as trojan
G.Filipe


Joined: 07 Dec 2016
Posts: 2
Location: Portugal
Reply with quote
Hi! First of all sorry for my bad english, wich isn't my mother tongue.
I need help to understand this:
my last system scan detected trojans in a clean instalation of my paid version of Panda IS. I've been a Panda client for more then 10 years and I've always paid for 3 computers subscrition during all this time!
I'm about to make a complaint to them, but first I would like some one to tell me this is not a false positive!

Here it is the results from the logscan:

C:\Program Files\Panda Security\Panda Security Protection\Cache\0x1000000A.SIG: Win.Trojan.AT-8 FOUND
C:\Program Files\Panda Security\Panda Security Protection\Tools\PandaSecurityTb.exe: Win.Trojan.Agent-1753978 FOUND
C:\Program Files\pandasecuritytb\pandasecurityDx.dll: Win.Trojan.Agent-1753978 FOUND

And yes, I did a clean instalation from the file sent throught email after buying, after the first detection wich made me unistall from one comuter and install in other computer! I will not delet the files from the quanrantine in case some one wnats to analize them.
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4155
Location: USA
Reply with quote
These are probably "false positive" detections for files which are not really infected by malware. All antivirus programs get them sometimes.
You can verify files by uploading them (one at a time) to Virus Total, where they will scan your file with over 50 antivirus programs, including the Clam AV program which furnishes its scan engine and virus signatures to ClamWin. If Clam AV is the only AV at Virus Total that detects a file as infected, it is certain to be a false positive detection.

What happened is probably that ClamWin is detecting a Panda Virus signature somewhere that it has one just like it. So do not complain to Panda--unless there are several other AVs at Virus Total that also detect the file(s) as infected. Or Panda could contain some "good" code that many programs have--virus files sometimes use some of the same code as "good" programs--like opening/closing a file or some other "housekeeping" code.

Virus Total will notify Clam AV if it falsely detects a file submitted to it so that Clam AV can correct its signature. It might take a week or longer for Clam AV to correct its code, however. You can restore a file from quarantine that is falsely detected via the QRecover program in the ClamWin\bin folder. Read the ClamWin documentation on how to do this. Before you restore a detected file, however, you should "whitelist" the file so ClamWin will not detect it any more. Read the documentation to see how to whitelist a file.

I am glad you are using ClamWin with Panda because ClamWin is only a "second opinion" scanner. You now have good protection.

Please let us know if we can be of any more help.

Thanks for using ClamWin!

Regards,
View user's profileSend private message
G.Filipe


Joined: 07 Dec 2016
Posts: 2
Location: Portugal
Reply with quote
Well I'll send the files to totalvirus as explained and see what happens!

thanks
Regards
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4155
Location: USA
Reply with quote
Good! Most of the Clam AV signatures are simple/basic, and they can have more false positive detections than many other AVs. The Clam AV bytecode signatures are the best, but they do not prepare many of them. It takes too much time, and Cisco security people only work on Clam AV when they are not performing duties for Cisco. That's just the way it is for a free/open source AV, and ClamWin is almost 100% dependent upon Clam AV.

Regards,
View user's profileSend private message
Panda InternetSecurity Detected as trojan
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT  
Page 1 of 1  

  
  
 Reply to topic