Avast WEBforum

Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: Waldo on June 08, 2003, 12:56:04 PM

Title: False alarm ? or the real nasty ?
Post by: Waldo on June 08, 2003, 12:56:04 PM

I've been running the Panda AV free online scanner for a test run a few minutes ago...but when I opened Avast! and it did the memory check before opening the main program (when Panda was running)... it said I was infected by a
memory resident virus called "Win32:KUANG" located in C:/windows/system32/activescan/imscan.dll  and "Matyas" in C:/windows/system32/activescan/Pav.sig >> wich is the signature file of Panda i guess ?

It scared the shit out of me !

Avast4.0 asked me to shedule a boot scan, so i did...but it didn't found anything.

So my first idea is that this was a false alarm, and it detected the panda scanner running. (I hope so). But i'm not 100 % sure :(

do I have to delete the detected DLL 's manualy in the windows explorer...or is it safe just to let it there ?

To be sure it does not harm to other files, i sended the DLL's to the Virus Chest to make sure.
you never know...

I have my heuristics set to "High". Running PRO edition. with latest updates. win XP sp1.

Title: Re:False alarm ? or the real nasty ?
Post by: raman on June 08, 2003, 02:33:10 PM

As you figured out by yourself, it is a false alarm. These two files belong to Panda Antivirus. It is reported, because Panda did not encrypt their Signatures enough. If you make a Boardsearch for Pand or pav.sig, you will get several answers.

Title: Re:False alarm ? or the real nasty ?
Post by: Waldo on June 08, 2003, 04:50:38 PM

sweet, just as i thought ! false alarm. :)

I deleted eveything from Panda, just to make sure i don't get these warnings again.

There are much better "online-scanners" outthere ,like Trend's or Ravs' or Symanytec's that scan without nasty warnings. Because they encrypt their .sig
much better.

Thanks !

Title: Re:False alarm ? or the real nasty ?
Post by: igor on June 08, 2003, 05:24:15 PM

Well, it's not about encrypting the signatures better or worse - any encryption would do (I dare not call it an encryption - simple scambling the code by adding 1 to every byte, or inverting the bits, or anything like that would turn the real virus code into something else that wouldn't be detected by other antiviruses, since it's not an executable virus code anymore). Just leaving the pieces of virus code in plaintext, just like they are in the real virus file, is not a good idea (as Panda does).

Title: Re:False alarm ? or the real nasty ?
Post by: Waldo on June 08, 2003, 07:00:04 PM

totaly agreed ! Avast! rules big time > Panda is gone to
the forever lasting trashcan !