ClamWin Free Antivirus Forum Index
ClamWin Free Antivirus
Support and Discussion Forums
Reply to topic
Many FALSE POSITIVE on Win98SE system.
CYBERYOGI =CO=Windler


Joined: 14 May 2015
Posts: 13
Location: Germany
Reply with quote
I am still running this Win98SE machine online and the system works well, although the harddisk is full to the brim and makes random slowdowns (depending on ClamWin update version of that day? Or is there somekind of botnet activity???). ClamWin detected on my main partition plenty of false positive files. The scan (9.56 of 16GB FAT32) took almost a whole day.

----------- SCAN SUMMARY -----------
Known viruses: 6780989
Engine version: 0.99.4
Scanned directories: 6813
Scanned files: 77430
Infected files: 10
Data scanned: 10170.38 MB
Data read: 7947.98 MB (ratio 1.28:1)
Time: 41996.970 sec (699 m 56 s)


e:\WINDOWS\Anwendungsdaten\Mozilla\Profiles\=CO= Windler-1\jzfjw4dz.slt\ImapMail\imap.aim.com\Spam: Win.Worm.Warezov-207 FOUND

some random e-mail spam folder content (malware may be real).


e:\WINDOWS\.jpi_cache\jar\1.0\classload.jar-66c5e421-5d53bf29.zip: Java.Trojan.ByteVerify-2 FOUND

found in Java 1.0 cache, file date 2009-08-26.
VirusTotal finds only 2/58 =>likely false positive.


e:\Spiele\Windows\Centipede\Software\smackw32.dll: Win.Trojan.Ramnit-5816 FOUND

original CD-ROM PC game "Centipede" (3D version (c)1998 by Hasbro?, installed in 2000).
In VirusTotal nothing else =>false positive.


e:\Programme\Erweiterungen\CD-Writer\CDR-Extension\Software\Volumes\25557100.SP1: Win.Trojan.Gen-102 FOUND
e:\Programme\Erweiterungen\CD-Writer\CDR-Extension\Software\Volumes\2688B4C8.SP1: Win.Trojan.Gen-102 FOUND

diff/directory files of unfinalized CDR discs, using the old OSTA UDF driver "CDR-Extension 2.1 for Windows 95" (which I may need to read my old CDR). Nowadays I instead use "CeQuadrat PacketCD v. 2.50.042" (driver 3.00.209) which supports longer file names.
Not uploaded because of private documents. ZoneAlarm AntiVirus ans Windows Defender (both Win10) finds nothing.


e:\Programme\HxD\HxD.exe: Win.Virus.Sality-6825107-0 FOUND

the open source hexeditor "HxD" 1.7.7.0
In VirusTotal nothing else =>false positive.


e:\Programme\CopyLock\CopyLock.exe: Win.Trojan.Replacer-2 FOUND

renaming tool for locked files.
VirusTotal finds 9/69 because it is a "hacking tool".


e:\Programme\7-Zip\7z.sfx: Win.Trojan.Ransom-8515 FOUND

part of ZIP archiver "7-Zip" 9.19 beta
In VirusTotal nothing else =>false positive.


e:\Programme\RivaTuner\RivaTunerWrapper.exe: Win.Virus.Sality-6761888-0 FOUND
e:\Programme\RivaTuner\Tools\RTSS\RTSSWrapper.exe: Win.Virus.Sality-6761886-0 FOUND

part of graphics card tweaker "RivaTuner v2.24 MSI Master Overclocking Area 2009 edition"
(running "NVIDIA Detonator 43.45 w9x" driver on GeForce3 Ti200).
In VirusTotal nothing else =>false positive.


I have uploaded the alerted files (except those containing private documents) to VirusTotal.com, from where they AFAIK are automatically distributed to antivirus developers.

Code:
                        MAY THE SOFTWARE BE WITH YOU!

*============================================================================*
I                  CYBERYOGI Christian Oliver(=CO=) Windler                  I
I         (teachmaster of LOGOLOGIE - the first cyberage-religion!)          I
I                                      !                                     I
*=============================ABANDON=THE=BRUTALITY==========================*
                      {http://weltenschule.de/e_index.html}



Thse are the VirusTotal results (with file hashes). I have only included the antivirus names of positive detections.

Quote:
VirusTotal
SHA256: 00ce5abffe81fdbae5356c5a1b2a7c712741a4a82aa94d5153d32324b1b7e9c6
Dateiname: 7z.sfx
Erkennungsrate: 1 / 69
Analyse-Datum: 2019-01-27 02:10:19 UTC ( vor 0 Minuten )
0
0

Analyse
File detail
Relationships
Zusätzliche Informationen
Kommentare
Bewertungen

Antivirus Ergebnis Aktualisierung
ClamAV Win.Trojan.Ransom-8515 20190126
---

VirusTotal
SHA256: e430855c258db13165187987cf1dc55f8078f0669ccea05eeddae3ba204c5a64
Dateiname: classload.jar-66c5e421-5d53bf29.zip
Erkennungsrate: 2 / 58
Analyse-Datum: 2019-01-27 02:13:05 UTC ( vor 0 Minuten )
0
0

Analyse
File detail
Zusätzliche Informationen
Kommentare
Bewertungen

Antivirus Ergebnis Aktualisierung
Avira (no cloud) TR/Forten.Java.2 20190126
ClamAV Java.Trojan.ByteVerify-2 20190126
---

VirusTotal
SHA256: 9acbd4756c79cc3d8b817c96e4b8f9408a9f397ccf439c686ee545509e45ff0e
Dateiname: CopyLock.exe
Erkennungsrate: 9 / 69
Analyse-Datum: 2019-01-27 02:15:09 UTC ( vor 0 Minuten )
0
1

Analyse
File detail
Relationships
Zusätzliche Informationen
Kommentare
Bewertungen

Antivirus Ergebnis Aktualisierung
ClamAV Win.Trojan.Replacer-2 20190126
Comodo Malware@#3p26vitgyodoa 20190127
Cyren W32/Tool.TNLJ-0989 20190127
F-Prot W32/HackTool.AYA 20190127
Ikarus not-a-virus:RiskTool.Win32.Replacer 20190126
Kingsoft Win32.HackTool.CopyLock.(kcloud) 20190127
NANO-Antivirus Trojan.Win32.-.heqhz 20190127
TheHacker Aplicacion/Replacer.a 20190125
Yandex Trojan.Agent!iYjAIugTMOg 20190125
---

VirusTotal
SHA256: 3b381fb5e52c9ce8fb721f629024023d46e5c90ac6d3468e8a6fe24c1ecb7fbd
Dateiname: HxD.exe
Erkennungsrate: 1 / 67
Analyse-Datum: 2019-01-27 02:17:47 UTC ( vor 0 Minuten )
5
0

Analyse
File detail
Relationships
Zusätzliche Informationen
Kommentare
Bewertungen

Antivirus Ergebnis Aktualisierung
ClamAV Win.Virus.Sality-6825107-0 20190126

---

VirusTotal
SHA256: 783d687501c217db49c42fd8e7d905282da66adb2aee04b56f6b4b4a2026678d
Dateiname: RivaTunerWrapper.exe
Erkennungsrate: 1 / 69
Analyse-Datum: 2019-01-27 02:19:25 UTC ( vor 1 Minute )
0
0

Analyse
File detail
Relationships
Zusätzliche Informationen
Kommentare
Bewertungen

Antivirus Ergebnis Aktualisierung
ClamAV Win.Virus.Sality-6761888-0 20190126
---

VirusTotal
SHA256: c11b47aa7cd6854ba3780982c36768a466c76db0efe17cbc998d1dc55412dcd6
Dateiname: RTSSWrapper.exe
Erkennungsrate: 1 / 68
Analyse-Datum: 2019-01-27 02:21:06 UTC ( vor 0 Minuten )
0
0

Analyse
File detail
Relationships
Zusätzliche Informationen
Kommentare
Bewertungen

Antivirus Ergebnis Aktualisierung
ClamAV Win.Virus.Sality-6761886-0 20190126
---

VirusTotal
SHA256: f9b2fdb5ebc8e659c7ac132c213fcfd2eb059a1195a129121bb68ca21699e5e1
Dateiname: smackw32.dll
Erkennungsrate: 1 / 67
Analyse-Datum: 2019-01-27 02:22:35 UTC ( vor 0 Minuten )
3
3

Analyse
File detail
Relationships
Zusätzliche Informationen
Kommentare
Bewertungen

Antivirus Ergebnis Aktualisierung
ClamAV Win.Trojan.Ramnit-5816 20190126
---
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4569
Location: USA
Reply with quote
Please see my previous post in answer to your previous one.

Regards,
View user's profileSend private message
CYBERYOGI =CO=Windler


Joined: 14 May 2015
Posts: 13
Location: Germany
Reply with quote
I have now reported those files individually through the ClamWin form.
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 4569
Location: USA
Reply with quote
Good! Thanks for supporting ClamWin all those years!

Regards,
View user's profileSend private message
vaishnavi


Joined: 22 Feb 2019
Posts: 1
Reply with quote
Excellent topic. Great information here. Thank you!
View user's profileSend private message
Many FALSE POSITIVE on Win98SE system.
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT  
Page 1 of 1  

  
  
 Reply to topic