 |
 | False Positive for Trojan.Dropper-5623? |  |
|
cadguy65
|
|
I just got a hit for this virus, in a bin file that scanned clean just the day before. Seems like it might be a false positive to me. Anyone else get this one yet?
C:\Program Files (x86)\AutoHotkey\Compiler\AutoHotkeySC.bin: Trojan.Dropper-5623 FOUND I ran the Virustotal scan, and only got two hits Antivirus Version Last Update Result AhnLab-V3 2008.4.12.0 2008.04.14 - AntiVir 7.6.0.85 2008.04.14 - Authentium 4.93.8 2008.04.13 - Avast 4.8.1169.0 2008.04.14 - AVG 7.5.0.516 2008.04.13 - BitDefender 7.2 2008.04.14 - CAT-QuickHeal 9.50 2008.04.12 TrojanDropper.Binder.ac ClamAV 0.92.1 2008.04.14 Trojan.Dropper-5623 DrWeb 4.44.0.09170 2008.04.14 - eSafe 7.0.15.0 2008.04.09 - eTrust-Vet 31.3.5697 2008.04.14 - Ewido 4.0 2008.04.13 - F-Prot 4.4.2.54 2008.04.14 - F-Secure 6.70.13260.0 2008.04.14 - FileAdvisor 1 2008.04.14 - Fortinet 3.14.0.0 2008.04.14 - Ikarus T3.1.1.26.0 2008.04.14 - Kaspersky 7.0.0.125 2008.04.14 - McAfee 5272 2008.04.11 - Microsoft 1.3408 2008.04.14 - NOD32v2 3023 2008.04.14 - Norman 5.80.02 2008.04.12 - Panda 9.0.0.4 2008.04.13 - Prevx1 V2 2008.04.14 - Rising 20.39.62.00 2008.04.13 - Sophos 4.28.0 2008.04.14 - Sunbelt 3.0.1041.0 2008.04.12 - Symantec 10 2008.04.14 - TheHacker 6.2.92.276 2008.04.12 - VBA32 3.12.6.4 2008.04.14 - VirusBuster 4.3.26:9 2008.04.13 - Webwasher-Gateway 6.6.2 2008.04.14 - Makes me think even more that it is a false positive. |
|||||||||||
|
|||||||||||||
 |
| |
|
GuitarBob
|
|
If you have ClamWin's advanced preferences set to detect potentially unwanted applications (or PUAs, ClamWin may have detected the trojan with its PUA signatures. PUAs are tools that could be used by malware writers. If you installed the software in which the PUA was found (a keylogger for instance or a certain packer), it is probably okay.
If four or more other AVs had also found something, it might be a real trojan. When you get a false positive, tell ClamAV about it at https://cgi.clamav.net/sendvirus.cgi on the Web. They don't usually change the PUA signatures, however, because they are just a warning. You can exclude files from ClamWin's normal scans (not individual file scans) in filter preferences. Regards, |
|||||||||||
|
|||||||||||||
|
 | False Positive for Trojan.Dropper-5623? | |
|
||
|
|
|
Powered by phpBB © phpBB Group
Design by phpBBStyles.com | Styles Database.
Content © ClamWin Free Antivirus GNU GPL Free Software Open Source Virus Scanner. Free Windows Antivirus. Stay Virus Free with Free Software.
Design by phpBBStyles.com | Styles Database.
Content © ClamWin Free Antivirus GNU GPL Free Software Open Source Virus Scanner. Free Windows Antivirus. Stay Virus Free with Free Software.