Author Topic: Win32:Doomber-C [Wrm]  (Read 5339 times)

0 Members and 1 Guest are viewing this topic.

WDGC

  • Guest
Win32:Doomber-C [Wrm]
« on: January 14, 2006, 03:38:29 AM »
About a week ago I downloaded PsTools 2.24 from the Sysinternals website:

http://www.sysinternals.com/index.html

The latest avast! A-V update [0602-3, 13/01/06] reports Win32:Doomber-C [Wrm], which it calls a Virus/Worm, as being present in psinfo.exe, which is a component of PsTools 2.24.

Prior to the 0602-3, 13/01/06 update, avast! did not detect this "virus/worm" and nor do any other scanning programs I use - Ad-Aware, Spybot, MSASW, ewido, Webroot Spy Sweeper, all with latest definitions.

It seems highly unlikely a program from a site of the eminence and standing of Sysinternals would contain a virus/worm.

Is this detection a false positive?

Any information regarding this matter would be appreciated.

.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: Win32:Doomber-C [Wrm]
« Reply #1 on: January 14, 2006, 04:00:46 AM »
Is this detection a false positive?
Most probably. To know if a file is a false positive, please submit it to JOTTI and let us know the result. If it is indeed a false positive, send it in a password protected zip to virus (at) avast.com
Please, mention in the body of the message why you think it is a false positive and the password used.  ;)
The best things in life are free.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: Win32:Doomber-C [Wrm]
« Reply #2 on: January 14, 2006, 04:02:53 AM »
The best things in life are free.

WDGC

  • Guest
Re: Win32:Doomber-C [Wrm]
« Reply #3 on: January 14, 2006, 06:50:48 AM »
I also uploaded the file to Virus Total and Kaspersky:

http://www.virustotal.com/xhtml/index_en.html

http://www.kaspersky.com/scanforvirus

Here are the results:

14/01/2006

Jotti's malware scan 2.99-TRANSITION_TO_3.00
File to upload & scan: Virus

Service
Service load:
0% 100%
File: Psinfo.exe
Status:
POSSIBLY INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database) (Note: this file was only classified as malware by scanners known to generate more false positives than the average scanner. Do not consider these results definately accurate. Also, because of this, results of this scan will not be recorded in the database.)
MD5 ed55f8877ff59fc4780bfaa91d0dcdfb
Packers detected:
-
Scanner results
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found Win32:Doomber-C
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
Fortinet
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
UNA
Found nothing
VBA32
Found nothing



This is a report processed by VirusTotal on 01/14/2006 at 06:34:41 (CET) after scanning the file "Psinfo.exe" file.

Antivirus Version Update Result
AntiVir 6.33.0.77 01.13.2006 no virus found
Avast 4.6.695.0 01.13.2006 Win32:Doomber-C
AVG 718 01.13.2006 no virus found
Avira 6.33.0.77 01.13.2006 no virus found
BitDefender 7.2 01.14.2006 no virus found
CAT-QuickHeal 8.00 01.11.2006 no virus found
ClamAV devel-20051123 01.13.2006 no virus found
DrWeb 4.33 01.13.2006 no virus found
eTrust-Iris 7.1.194.0 01.14.2006 no virus found
eTrust-Vet 12.4.1.0 01.13.2006 no virus found
Ewido 3.5 01.13.2006 no virus found
Fortinet 2.54.0.0 01.14.2006 no virus found
F-Prot 3.16c 01.13.2006 no virus found
Ikarus 0.2.59.0 01.13.2006 no virus found
Kaspersky 4.0.2.24 01.14.2006 no virus found
McAfee 4674 01.13.2006 no virus found
NOD32v2 1.1364 01.13.2006 no virus found
Norman 5.70.10 01.13.2006 no virus found
Panda 9.0.0.4 01.13.2006 no virus found
Sophos 4.01.0 01.14.2006 no virus found
Symantec 8.0 01.14.2006 no virus found
TheHacker 5.9.2.074 01.14.2006 no virus found
UNA 1.83 01.13.2006 no virus found
VBA32 3.10.5 01.13.2006 no virus found

VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.




Kaspersky File Scanner

You're clean!

Kaspersky Anti-Virus has not detected any viruses at this time in the file you submitted.

However, only a fully-functional antivirus solution with regularly updated virus definitions can ensure comprehensive protection against malware. If you do not have an antivirus solution installed, you may wish to consider purchasing one today.

* Download a trial version of Kaspersky Anti-Virus
* Purchase Kaspersky Anti-Virus in our E-Store
* Purchase Kaspersky Anti-Virus from a certified partner



Scanned file: Psinfo.exe
Psinfo.exe - OK

Statistics:
Known viruses: 171751 Updated: 14-01-2006
File size (Kb): 132 Virus bodies: 0
Files: 1 Warnings: 0
Archives: 0 Suspicious: 0

.

WDGC

  • Guest
Re: Win32:Doomber-C [Wrm]
« Reply #4 on: January 14, 2006, 01:08:13 PM »