how-to block ads
|
TerryMiller
Premium
join:2003-10-23
| Re: New DC ++ Version : Watch out I only have KAV so I downloaded and submitted to jotti. I trust McAfee so I wonder if this is really a false positive.
File: DCPlusPlus-0.668.exe
Status:
INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
Packers detected:
PE_PATCH, TELOCK
AntiVir
No viruses found (0.19 seconds taken)
Avast
No viruses found (1.51 seconds taken)
BitDefender
Trojan.Downloader.IstBar.ER (2.62 seconds taken)
ClamAV
No viruses found (0.78 seconds taken)
Dr.Web
No viruses found (0.54 seconds taken)
F-Prot Antivirus
No viruses found (0.07 seconds taken)
Kaspersky Anti-Virus
Trojan.Win32.Krepper.ag, Trojan-Dropper.Win32.Agent.el (1.89 seconds taken)
mks_vir
No viruses found (0.24 seconds taken)
NOD32
No viruses found (0.40 seconds taken)
Norman Virus Control
No viruses found (0.13 seconds taken)
--
Michelle Graduates | |
|  
Wildcatboy
Premium,Mod
join:2000-10-30
Toronto, ON | Re: New DC ++ Version : Watch out
Thanks Terry. I have a feeling it's a false positive too. | |
| | 
amysheehan
Premium,VIP,MVM
join:1999-12-21
Huntington Beach, CA
 ·RoadRunner Cable
1 edit | Re: New DC ++ Version : Watch out The copy of Ad-aware that I downloaded from download.com last night was reeking havoc on my computer and I tested it again just now at Jotti after reading this thread:
File: Ad-Aware.exe
Status: MIGHT BE INFECTED/MALWARE (Sandbox emulation took a long time and/or runtime packers were found, this is suspicious. Normally programs aren't packed and don't force the sandbox into lengthy emulation. Do realize no scanner issued any warning, the file can very well be harmless. Caution is advised, however.) (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
Packers detected: ASPACK
NOTE: I had problems trying to download same file from Major Geeks and the download.com site download left a strange dll in my temp folder that Norton picked up when I rebooted my computer. | |
| 
Franfreluche
@sympatico.ca
| I seriously doubt that a false positive would try to mess my registry settings and drop the cserv32.exe file in the C:\Windows folder.
Also , the guy that wrote the first review on download.com said that it had installed bargain , ist search and a browser hijacker.I definitively think that it's true.
It's too bad that i have deleted the cserv32.exe in a haste though.I could have submitted it to NOD32 and the other AV companies because it look like only 2 of them can detect it.(according to your tests). | |
| 
John2g
Qui Tacet Consentit
Premium
join:2001-08-10
England
| said by TerryMiller  :I only have KAV so I downloaded and submitted to jotti. I trust McAfee so I wonder if this is really a false positive. File: DCPlusPlus-0.668.exe Status: INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database) Packers detected: PE_PATCH, TELOCK This may be the reason. BOCLean detected a trojan in Autostream because of TELOCK. This is the explanation.
QUOTE
"Greetings ... interesting indeed. Well ... it's a false positive, but then again it is *NOT* a false positive. BOClean triggered on a behavioral basis for that one since it was somehow STUPIDLY compacted with the same whacky version of the trojan compactor known as TELock ... that's what BOClean triggered on, last known sighting of this particular version of TELock was back in late 2003 with the SOBIG worms."
"Autostreamer" itself is clean, but the programmers stupidly used TELock which is ONLY used with trojans to obscure them from file scanners. I'm going to have to guess that this was the author's idea of securing himself from "reverse engineering" - I can't imagine any legitimate reason to have used that otherwise, and it IS a known trojan packer.
Since the SOBIG.F virus is EXTINCT, we'll remove that definition from the BOClean database as the SOBIG.F "worm" cannot function any longer and thus the definition is no longer required. Howver, the author(s) of this utility DID use a trojan packer and that's what BOClean alerted on as the particular output was HIGHLY unique."
ENDQUOTE
--
Better to remain silent and be thought a fool, than to speak and remove all doubt. | |
| | | (topic locked) | |
|
