 | Possible false positive "Trojan.Downloader-94937"? |  |
jodifu
Joined: 12 Feb 2010 |
Posts: 0 |
Location: Europe |
|
 |
Posted: Wed Jul 28, 2010 6:26 am |
|
 |
 |
 |
 |
FYI got three installations files marked infected this morning
C:\Install\Windows 2003 St. Ed. Install Files\R2\CMPNENTS\R2\STS.MSI: Trojan.Downloader-94937 FOUND
C:\Install\Windows 2003 St. Ed. Install Files\R2\CMPNENTS\R2\STS.MSI: moved to 'C:\Documents and Settings\All Users\.clamwin\quarantine\STS.MSI.infected'
C:\WINDOWS\Installer\3653904.msi: Trojan.Downloader-94937 FOUND
C:\WINDOWS\Installer\3653904.msi: moved to 'C:\Documents and Settings\All Users\.clamwin\quarantine\3653904.msi.infected'
C:\WINDOWS\Installer\{91140409-7000-11D3-8CFE-0150048383C9}\misc.exe: Trojan.Downloader-94937 FOUND
C:\WINDOWS\Installer\{91140409-7000-11D3-8CFE-0150048383C9}\misc.exe: moved to 'C:\Documents and Settings\All Users\.clamwin\quarantine\misc.exe.infected'
which I suppose to be false positives - anyone had similar issues recently?
|
|
 | I got it also |  |
scornn
Joined: 28 Jul 2010 |
Posts: 0 |
Location: us |
|
 |
Posted: Wed Jul 28, 2010 10:52 am |
|
 |
 |
 |
 |
yea I got that yesterday on a xp system with deep freeze. evan after restart(reimage from deep freeze) so I am pretty sure it is a false positive but I want to hear that from some one else.
|
|
 |
 | |  |
GuitarBob
Joined: 09 Jul 2006 |
Posts: 9 |
Location: USA |
|
 |
Posted: Wed Jul 28, 2010 1:37 pm |
|
 |
 |
 |
 |
When you get the same detection on more than one file, it is often (but not always) a sign of a false positive. Viruses try to make their creators money, and they cannot do so by being too visible! Check the file out with Jotti or VirusTotal (VT has a nice installable script that helps the process). If only Clam and one or two more AVs see an infection, it is probably a false positive, and you should report it to Clam at https://www.clamav.net/lang/en/sendvirus/ on the web. On the form, be sure to check "false positive" and give the exact name of the "virus" in the comments section. They will usually fix it within a couple of days.
Regards,
|
|
 |
 | |  |
jodifu
Joined: 12 Feb 2010 |
Posts: 0 |
Location: Europe |
|
 |
Posted: Wed Jul 28, 2010 6:58 pm |
|
 |
 |
 |
 |
FYI a directly for the whole system executed TrendMicro's HouseCall was negative as well as Virus Total for all three findings. Also the latest ClamAV was negative - so I'll fill in that form...
Maybe I'm wrong, but got the feeling there's a significant portion of false positives within .msi files on various systems over the course of the past nine months...
Thx for your input and take care...
|
|
GuitarBob
Joined: 09 Jul 2006 |
Posts: 9 |
Location: USA |
|
 |
Posted: Thu Jul 29, 2010 12:22 am |
|
 |
 |
 |
 |
I guess Clam fixed the false positive then if the current update does not find an infection.
I have not seen very many viruses hiding in .msi files. ClamWin is supposed to be able to detect false positives in signed Windows files, but I understand there is a problem with this detection on Windows XP and below. Let's hope they get it fixed soon.
Regards,
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by
phpBB © phpBB Group
Design by
phpBBStyles.com |
Styles Database.
Content © ClamWin Free Antivirus GNU GPL Free Software Open Source Virus Scanner. Free Windows Antivirus. Stay Virus Free with Free Software.