Hi

Clamwin found this .....


C:\Program Files\Any Password\AnyPass.exe: Trojan.Agent.ND-7 FOUND

Any password is a program I have used for a long time, but can I be shore its a false alert?

Regards /P

It is probably a false positive. To verify a file for sure, however, upload it to Jotti or Virus Total. Either online service will scan a file with miltiple AVs, including our Clam AV engine. If several other AVs say the file is infected, you can believe it. Just to be sure, I like to see a couple of these AVs verify an infection: Avast, Bit Defender, Kaspersky, NOD32, and Sophos.

You can submit false positive files (and infected files not detected by ClamWin) to Clam AV via the ClamWin Help menu: Help, About, Clam AV. When you get to the Clam AV website, select Submit A File. When you get to the upload page, be sure to select false positive or virus, whichever applies. Tell the name of the false positive virus (or undetected virus) in the comments section. The Clam sigmakers will process the submission within a couple of days.

Regards,

Thanks for your reply.

I tried Jotti and ClamAV was the only one that found anything. It found PUA.Packed.ASPack.

I also submitted the file on Clams homepage so that they can take look at it.

/P

A PUA detection is only a warning that a file could be a tool used by malware (a packer, password cracker, remote admin tool, etc.) or a file that has been packed or obfuscated to avoid examination. They are not necessarily malware, and detection by Clam AV/ClamWin is optional, as the user chooses. I keep it turned off. Clam will not correct a "false positive" PUA detection because it is optional. You did good to scan it wilth Jotti/Virus Total. If it turns out to have several other AVs detect it, you should send it to Clam so they can prepare a proper signature.

Regards,