ClamWin Free Antivirus Forum Index
ClamWin Free Antivirus
Support and Discussion Forums
Reply to topic
False Positive? (TreeSize)
er1c


Joined: 16 Dec 2006
Posts: 3
Reply with quote
After the last update, I got a hit on TreeSize.exe (which I've used for years). I downloaded the latest version of Treeseize from download.com, installed and did a manual scan on the exe. Got the same hit. I did a google search on the Trojan that was claimed (Trojan.Spy.Banker-5684), then did a search on the files and reg keys this trojan creates. Nothing was found.

Prior to this latest update, I did not get any hits on Treesize...

--------------------------------------

Scan started: Sat Dec 16 14:57:14 2006



File excluded 'C:\Program Files\JAM Software\TreeSize\treesize.exe'



C:\Program Files\JAM Software\TreeSize\treesize.exe: Trojan.Spy.Banker-5684 FOUND

-- summary --

Known viruses: 83199

Engine version: 0.88.5

Scanned directories: 0

Scanned files: 1

Infected files: 1



Not moved: 1

Data scanned: 0.13 MB

Time: 3.454 sec (0 m 3 s)

--------------------------------------

Completed

--------------------------------------



Thanks!
Eric
View user's profileSend private message
If you suspect a false positive ...
pheldal


Joined: 15 Dec 2006
Posts: 4
Reply with quote
try to scan the alleged infected file with alternative scanners. To avoid installing additional software you may try services like http://www.virustotal.com which describe how you may submit files for scanning via email and have them scanned several anti-virus packages.

//per
View user's profileSend private message
er1c


Joined: 16 Dec 2006
Posts: 3
Reply with quote
Thanks for the tip! Below are the results;

Antivirus Version Update Result
AntiVir 7.3.0.19 12.15.2006 no virus found
Authentium 4.93.8 12.15.2006 no virus found
Avast 4.7.892.0 12.16.2006 no virus found
AVG 386 12.16.2006 no virus found
BitDefender 7.2 12.16.2006 no virus found
CAT-QuickHeal 8.00 12.15.2006 no virus found
ClamAV devel-20060426 12.16.2006 no virus found
DrWeb 4.33 12.16.2006 no virus found
eSafe 7.0.14.0 12.14.2006 no virus found
eTrust-InoculateIT 23.73.87 12.16.2006 no virus found
eTrust-Vet 30.3.3254 12.15.2006 no virus found
Ewido 4.0 12.16.2006 no virus found
Fortinet 2.82.0.0 12.16.2006 no virus found
F-Prot 3.16f 12.15.2006 no virus found
F-Prot4 4.2.1.29 12.15.2006 no virus found
Ikarus T3.1.0.26 12.16.2006 no virus found
Kaspersky 4.0.2.24 12.16.2006 no virus found
McAfee 4920 12.15.2006 no virus found
Microsoft 1.1804 12.15.2006 no virus found
NOD32v2 1924 12.15.2006 no virus found
Norman 5.80.02 12.15.2006 no virus found
Panda 9.0.0.4 12.16.2006 no virus found
Prevx1 V2 12.16.2006 no virus found
Sophos 4.12.0 12.14.2006 no virus found
Sunbelt 2.2.907.0 11.30.2006 no virus found
TheHacker 6.0.3.133 12.16.2006 no virus found
UNA 1.83 12.15.2006 no virus found
VBA32 3.11.1 12.16.2006 no virus found
VirusBuster 4.3.19:9 12.16.2006 no virus found
View user's profileSend private message
alch
Site Admin

Joined: 27 Nov 2005
Posts: 1751
Reply with quote
looks like your false positive has been eliminated by the recent database update. Please rescan the file and let me know if it is still reported as a vius (please include virus db info from the about box)
View user's profileSend private message
er1c


Joined: 16 Dec 2006
Posts: 3
Reply with quote
That did it!

Thanks! Smile
View user's profileSend private message
False Positive? (TreeSize)
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT  
Page 1 of 1  

  
  
 Reply to topic