|
peteispo
| Joined: 21 Jul 2009 |
| Posts: 0 |
| Location: Kent, UK |
|
|
 Posted: Tue Jul 21, 2009 9:23 am |
|
 |
 |
|
|
I downloaded netscape-navigator-9.0.0.6.exe from browser.netscape.com/releases (I needed to test a site on it...)
ClamWin is reporting Trojan.Downloader-70361 FOUND in it, so I checked totalvirus.com and it came out with 7/41
That seems a bit ambivalent - is this a FP or is it infected?
|
|
|
|
GuitarBob
| Joined: 09 Jul 2006 |
| Posts: 9 |
| Location: USA |
|
|
| Posted: Tue Jul 21, 2009 1:17 pm |
|
|
|
|
|
I like to see at least five AVs say something is infected before I really believe it, but you should also look at the AVs that are detecting it. I consider these AVs to be good quality: NOD32, Kaspersky, F-Secure, Bitdefender, Microsoft, McAfee, Symantec. If a couple of them are among those AVs detecting it, I can believe it.
If you are still unsure, upload the file to Anubis at https://anubis.iseclab.org/index.php on the web. They will analyze .exe files (mabe .dll also--I'm not sure). For Flash and JS files, you can upload to Wepawet at https://wepawet.iseclab.org/ on the web. Wepawet will also look at html links for you.
AVs are only made by humans, however. Every once-in-a-while I've seen none of them recognize an evil file, and a few times I've seen most of them recognize a file that isn't evil at all.
Regards,
|
|
|
