|
Bruce
| Joined: 22 Apr 2007 |
| Posts: 0 |
| Location: Canada |
|
|
 Posted: Mon Dec 22, 2008 10:36 pm |
|
 |
 |
|
|
Reported by Clamwin as "C:\Documents and Settings\Bruce\Desktop\pidgin-2.5.3.exe: Trojan.Agent-65355 FOUND"
I deleted the file and download again. Same result.
I checked with TrendMicro online scanner. It reported no malware.
No complaint. I expect it's just one of those false positive things but if this should be reported anywhere else please be my guest or advise me.
Perhaps someone else would care to replicate. My system is just Windows XP Pro with the latest updates. I'm careful. I'm experienced (or old!)
Regards
Bruce
|
|
|
|
GuitarBob
| Joined: 09 Jul 2006 |
| Posts: 9 |
| Location: USA |
|
|
| Posted: Mon Dec 22, 2008 11:44 pm |
|
|
|
|
|
Hello Bruce:
Don't rely upon just one or two antivirus programs to tell you whether something is malware or not. You should upload it to either Jotti or Virus Total and let them scan it for you (for free) with multiple antiviruses. Jotti will scan it with about 20 AVs, and Virus Total has about 30 AVs scanning. If several other AVs (besides Clam) find a file is infected, it probably is not a false positive. You can get the location of either service on the ClamWin Anti-Malware page.
If a file is a false positive, you should upload it to Clam and tell them about it at their submission page so they can change the signature for both Clam and ClamWin. The location of the Clam submission page is also on the ClamWin Anti-Malware page.
Regards,
|
|
|
|
Bruce
| Joined: 22 Apr 2007 |
| Posts: 0 |
| Location: Canada |
|
|
| Posted: Tue Dec 23, 2008 12:42 am |
|
|
|
|
|
Thanks, GuitarBob. I will follow up as you suggest.
|
|
|
|
Antonio S.
| Joined: 20 Apr 2008 |
| Posts: 0 |
| Location: Italy |
|
|
| Posted: Tue Dec 23, 2008 8:48 am |
|
|
|
|
|
Hello All,
I guess there is something to be fixed in Clamav virus DB. Yesterday scan on my XP machine encountered 3 files identified as Trojan.Agent-65355, all related to uninstalling .exe files of programs which have been installed long ago and never been detected as malware.
I submitted files to Virus total; all of them were clean so I notified Clam team. Guess all will be fixed in a few days.
rgds,
Antonio
Update 23/12: made a new full scan of C: All files were clean. Falsies were corrected by Clam.
|
|
Last edited by Antonio S. on Tue Dec 23, 2008 7:10 pm; edited 1 time in total
|
|
GuitarBob
| Joined: 09 Jul 2006 |
| Posts: 9 |
| Location: USA |
|
|
| Posted: Tue Dec 23, 2008 2:07 pm |
|
|
|
|
|
There are some file infectors around, but, usually if you find the same virus in several different files, it is probably a false positive.
Regards,
|
|
|
|
IHatePeeds
| Joined: 12 Jan 2009 |
| Posts: 0 |
|
|
|
| Posted: Mon Jan 12, 2009 10:39 am |
|
|
|
|
|
No, it does not need to be a false positive, if you downloaded on pc its maybe true, because I have a virus that changes files checksums, also my antivirus says that its a virus, even a second after download.
|
|
|
|
GuitarBob
| Joined: 09 Jul 2006 |
| Posts: 9 |
| Location: USA |
|
|
| Posted: Mon Jan 12, 2009 1:51 pm |
|
|
|
|
|
So this is spotted by a real-time antivirus, not by ClamWin? Does it remove the malware then? If you still get it, try a scan in Safe Mode with an antivirus. If that doesn't work, try Dr. Web's free Cureit remover and/or Malwarebytes' Anti-Malware program. The ClamWin Anti-Malware page also lists some anti-malware resources.
Regards,
|
|
|
