 |
 | Trojan.Startpage-1111 FOUND - false positive? |  |
|
hubbabubba
|
|
Hello!
This is what I found doing my morning scan of the memory. I am 99.9% certain that they are false positives for the following reasons; - BROWSEUI.DLL and SHDOCVW.DLL were "cleared" at https://virscan.org/ https://virscan.org/, not a single positive or suspicious; - WINPATROL.EXE was flagged by 6 out of 36 virus scanners at the same place, but ClamAV, your "big brother" so to speak, was not one of them; - Winpatrol is a very old program (version 6.0.0.8 ) that hasn't changed in years. Knowing that ClamWin share the same virus database with ClamAV, it would imply another quirk "a la Heuristic.Trojan.SusPacket. TMS" but, alas, of a smaller magnitude. I will send a false positive report forthwith with WINPATROL.EXE but I would appreciate a heads-up. I have placed these three files on my filter exclude list but they're still popping-up during memory scans. Thanks in advance. |
|||||||||||||
|
|||||||||||||||
 |
| |
|
GuitarBob
|
|
The Trojan.Startpage-1111 false positive seems to be fixed. I no longer get any detections likeI did last night.
Regards, |
|||||||||||
|
|||||||||||||
|
| |
|
hubbabubba
|
|
I have downloaded the latest virus database a few minutes ago and ran a memory scan. This Trojan.Startpage-1111 FOUND message is gone.
But for how long, GuitarBob? Looks like ClamAV and ClamWin engines don't see eyes to eyes these days. I would suggest, for the time being, to use "report only" and uncheck "Unload Infected Programs from Computer Memory" in Preferences/General tab. Until the situation is fixed for good, this is how I intend to run my rig. |
|||||||||||
|
|||||||||||||
|
| |
|
Mandy56
|
|
Don't you now if there are any good news on the issue by now? https://www.1st-levitra-pharmacy.com levitra
|
|||||||||||
|
Last edited by Mandy56 on Fri Nov 25, 2011 4:50 am; edited 1 time in total
|
|||||||||||||
|
| |
|
GuitarBob
|
|
A couple of things to consider about differences in detection between Clam AV and ClamWin:
1. There may be a difference between signature update versions on your local copy of ClamWin and the copy of Clam used on a online scanner like Jotti or Virus Total. You can update hourly (if you choose), but the online scanners are usually not as frequent. 2. If the ClamWin team has not updated their ClamWin version to incorporate the latest Clam AV engine, there can be a difference in detections. Each new version of Clam AV comes with additional detections that the previous version is either unable to use or may use improperly (get it wrong). So you have to be using the latest version of ClamWin, and it has to incorporate the latest version of Clam AV for detection to be the same. 3. Clam AV is written for the Linux operating system. ClamWin is written for the Windows operating system. It is theoretically possible to have some differences due to the difference in operating systems. Note the warning on Jotti: "Scanners used are Linux versions; detection differences with Windows versions of the same scanners may occur due to implementation differences." Regards, |
|||||||||||
|
|||||||||||||
|
 | Trojan.Startpage-1111 FOUND - false positive? | |
|
||
|
|
|
Powered by phpBB © phpBB Group
Design by phpBBStyles.com | Styles Database.
Content © ClamWin Free Antivirus GNU GPL Free Software Open Source Virus Scanner. Free Windows Antivirus. Stay Virus Free with Free Software.
Design by phpBBStyles.com | Styles Database.
Content © ClamWin Free Antivirus GNU GPL Free Software Open Source Virus Scanner. Free Windows Antivirus. Stay Virus Free with Free Software.