First use of ClamWin
Got clamwin, did a scan, it came up with this:
C:/WINDOWS/system32/SVKP.sys: Trojan.PcClient-41 FOUND
The database is up-to-date (6 of May 2006). A quick search on google came out with a few pages like https://vil.nai.com/vil/content/v_101134.htm this one saying that it might not be a trojan. Seems to be a common mistake with av programs. On my system the file is not the right size, Etherlink reports no traffic to irc.alphanine.net and the key that was supposed to be in the registry is not there. The file (ntdsapi.dll) is there, but says it belongs to Microsoft Corporation, not that it couldn't be faked. There seems to be no process or service running that I don't know about.
I tried to submit the file (svkp.sys) to ClamAv Online virus scanner, but:
| Quote: |
File is valid, and was successfully uploaded.
ClamAV Version running:
ClamAV 0.88
ClamAV scans the file ...
Clamav-Output:
ERROR: Unable to open file or directory /usr/bin/clamscan --stdout --disable-summary /tmp/phpl08RG0
Clamav DID NOT identify your sample as malicious content
If you really think your sample is a virus or any other harmful thing clamav should detect please go to
https://www.clamav.net/sendvirus.html
and submit the virus.
Thank you for supporting Open Source Software |
I also scanned my computer with Kaspersky wich ignored this file with no warning.
The file seems to belong to https://www.anticracking.sk/ SVK Protector. I did not install that on purpose, and I don't like it being there, although i don't read every EULA that I accept (does anyone ?), so it's probably my fault.
Is this really a false positive, or do i have a trojan that might be inactive ? And is there any way to find out who uses this file ? I mean besides removing/renaming it and waiting to see if anything breaks.
EDIT: I found https://www.virustotal.com www.virustotal.com in another post. ClamWin is the only one reporting a trojan on this file.
