|
samchef
| Joined: 21 Nov 2010 |
| Posts: 0 |
|
|
|
 Posted: Sun Nov 21, 2010 12:26 pm |
|
 |
 |
|
|
Is this a false positive? It appeared yesterday and again today.
C:\Windows\SysWOW64\qWaves32.dll: W32.Autoit.Obfus-3 FOUND
C:\Windows\SysWOW64\qWaves32.dll: Removed.
WARNING: Can't open file \\?\C:\Windows\winsxs\amd64_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.1.7600.16385_none_2d2382534fb0bdfa\dnary.xsd: Permission denied
----------- SCAN SUMMARY -----------
Known viruses: 851561
Engine version: 0.96.4
Scanned directories: 36142
Scanned files: 237704
Infected files: 1
Data scanned: 39500.16 MB
Data read: 79304.79 MB (ratio 0.50:1)
Time: 7195.708 sec (119 m 55 s)
|
|
|
|
alch
Site Admin
| Joined: 27 Nov 2005 |
| Posts: 0 |
|
|
|
| Posted: Sun Nov 21, 2010 12:52 pm |
|
|
|
|
|
can you scan it at https://www.virustotal.com and if it is not recognised by other AV then submit it at https://cgi.clamav.net/sendvirus.cgi and mark as false positive. You may also wish to configure clamwin to report instead of remove infected files. There have been a few false positives lately.
|
|
|
|
samchef
| Joined: 21 Nov 2010 |
| Posts: 0 |
|
|
|
| Posted: Sun Nov 21, 2010 1:00 pm |
|
|
|
|
|
Some recognized it as different viruses so i'll go ahead and submit it.
Thanks.
|
|
|
|
alch
Site Admin
| Joined: 27 Nov 2005 |
| Posts: 0 |
|
|
|
| Posted: Sun Nov 21, 2010 1:19 pm |
|
|
|
|
|
| samchef wrote: |
Some recognized it as different viruses so i'll go ahead and submit it.
Thanks. |
it could be the real thing then |
|
|
|
GuitarBob
| Joined: 09 Jul 2006 |
| Posts: 9 |
| Location: USA |
|
|
| Posted: Sun Nov 21, 2010 1:36 pm |
|
|
|
|
|
Those AutoIT files are strange. It seems the AutoIT program itself (or part of it) is embedded with the virus file. So, if the sigmaker isn't careful, he may get the AutoIT file in the signature. That is common knowledge now, however, so I don't see many AutoIT false positives.
Re: different names for a virus: everyone may have a different name for something. Some may call it a trojan, some a worm, etc. You are even starting to see some hybrid malware now. The detection is more important than the name. In fact, I see more and more heuristic/generic detections. The AVs are doing a better job at this than some people would have you think. AV is not dead!
Regards,
|
|
|
|
samchef
| Joined: 21 Nov 2010 |
| Posts: 0 |
|
|
|
| Posted: Sun Nov 21, 2010 3:18 pm |
|
|
|
|
|
Fileinspect.com recognizes qwave.dll as a legitemate winnt file. But it doesn't list qwaves32.dll. There is alos a qwave32.exe in the same directory. i can't find anything on that one either. I've deleted both and we'll see what happens. WHS does a backup everynite so I'm not concerned with a system crash. I've also set clamwin to quarantine.
|
|
|
|
samchef
| Joined: 21 Nov 2010 |
| Posts: 0 |
|
|
|
| Posted: Mon Nov 22, 2010 1:37 pm |
|
|
|
|
|
Everything is running normally and last nites scan was clean.
|
|
|
