Avast WEBforum
Other => Viruses and worms => Topic started by: psikotix on January 22, 2005, 10:58:13 PM
-
Greetings!
Being new to Avast, I had it do a full system scan last night after I installed it.
Imagine my alarm when it detected a file containing sdbot-266 on my system, when my old scanner saw nothing.
That kind of bothered me, so I have tested it against other anti-virus programs (including TrendMicro, McAfee, Norton online scanner, Norton Internet Security 2004, Panda's online scanner, and my old scanner), and all detect no problems.
I checked the forums, and found a reference to an online malware scan site (http://virusscan.jotti.dhs.org/), and posted the file there.
Avast is the only scanner that indicates there is an issue. mks_vir *thinks* there may be an issue with it, and the other scanners on that site passed the file.
I'm beginning to think it's a false positive, here. The file has never been executed on this system, it is contained to a folder, and nothing else seems to indicate an issue. Avast indicates this trojan was discovered in June 2004, (TrendMicro was October) so I'm thinking if there was any false positive issues with this Trojan, they would have been resolved by now.
Ideas? :)
Thanks in advance!
-
Submit the file to virus@avast.com in a password protected zip. Mention in the body of the mail that you think it is a false positive and the password.
-
Imagine my alarm when it detected a file containing sdbot-266 on my system, when my old scanner saw nothing.
Where was the file (path) found, what was the supposedly infected filename and what program is it associated with (that makes you think it is a false positive)?
-
Where was the file (path) found, what was the supposedly infected filename and what program is it associated with (that makes you think it is a false positive)?
You mean aside from the fact that six other scanners thought the file was clean, and even the malware site I listed earlier passed the file for the most part? :D
Path, filename, associations shouldn't matter in this case...it was a standalone executable. Even moving it to a controlled system and running tests there didn't produce any positives...
-
Path, filename, associations shouldn't matter in this case...it was a standalone executable. Even moving it to a controlled system and running tests there didn't produce any positives...
Yeah, you seem to be right...
Did you send the file to the email which Eddy posted?
Seems a false positive...
-
The reason I asked was not simply for my amusement, but it may help others presented with the same problem (a false positive on the same file).
Identifying the problem/program associated (and the location may be the same for them) with the false positive, may stop them needlessly deleting the file.
-
The reason I asked was not simply for my amusement, but it may help others presented with the same problem (a false positive on the same file).
Identifying the problem/program associated (and the location may be the same for them) with the false positive, may stop them needlessly deleting the file.
Yeah... you're right too... Different points of view 8)
-
Yeah, you seem to be right...
Did you send the file to the email which Eddy posted?
Seems a false positive...
I sent the file yesterday...
-
The reason I asked was not simply for my amusement, but it may help others presented with the same problem (a false positive on the same file).
Identifying the problem/program associated (and the location may be the same for them) with the false positive, may stop them needlessly deleting the file.
Fair enough, and I understand where you're coming from. The file in question was an executable a friend sent via e-mail to me. I never executed the file on my system, so nothing was ever installed. (Thank goodness for Thunderbird) The file was never part of a larger package or anything of that nature, just a small (161K) executable a "well-intentioned" friend sent me. :)
The only other hint comes from the malware scanning site I mentioned yesterday...it says the file was packed with FSG...hmmm...