|
Rappaping
| Joined: 13 Aug 2011 |
| Posts: 0 |
|
|
|
 Posted: Sat Aug 13, 2011 9:09 am |
|
 |
 |
|
|
File:
https://www.nirsoft.net/utils/regdllview.zip
Virustotal scanning:
https://www.virustotal.com/file-scan/report.html?id=8cd04808d7bf502767721dbed6b5e44be6ff4edf361be1dcc357fee53b44a4ec-1313241465
Is this file a real malware or a false-positive?
|
|
Last edited by Rappaping on Sat Aug 13, 2011 1:03 pm; edited 1 time in total
|
|
GuitarBob
| Joined: 09 Jul 2006 |
| Posts: 9 |
| Location: USA |
|
|
| Posted: Sat Aug 13, 2011 11:54 am |
|
|
|
|
|
Your link only led to the Virus Total submission page--there was no scan result. Anyway, Clam will sometimes register a PUA detection on some Nirsoft stuff. A PUA is not an indication of a real virus--it only indicates a file that is a Potentially Unwanted Application. A PUA is a file that is a virus tool or one that has been created with a virus tool. If you know about the file and are using it, that is fine. They flag the file as PUA in case you are not aware of it.
If the file is not a PUA, I like to see at least 10 AVs recognize it as infected with a virus. If less than 10 AVs see it as infected, I like to see it recognized by at least 2 of these AVs: AntiVir, Bitdefender, Kaspersky, Nod32, or Sophos, before I accept it as infected. To be sure, re-scan the file, in case some AVs have just placed it in their signatures.
Anubis at https://anubis.iseclab.org/ on the web will actually run the file for you in a sandbox and let you know what happens. They will even rate it for you as to degree of maliciousness.
Regards,
|
|
|
