Author Topic: False positive in Virtualbox image ? (Read 10802 times)

polonus · « **Reply #15 on:** September 18, 2011, 07:41:20 PM »

Hi marziano_mork,

That is a FP because you scan with both avira resident and avast resident. There is no such virus but the one scanner is detecting the other av solution's signatures. You are never to use two resident av scanners at one time. So either scan with avast when you have uninstalled avira or v.v.
See: http://forum.avast.com/index.php?topic=35083.0

polonus

marziano_mork · « **Reply #16 on:** September 18, 2011, 08:13:20 PM »

Hi polonus,
I scanned a .sav file (a memory dump of a running guest VM) while the guest machine was off;
so only avast was running.
However as the Avira Antivir was running when I suspended the VM, I suppose that the created .sav file contained the in-memory loaded Antivir signatures too, so probably that's the problem.
Thanks for the help.

essexboy · « **Reply #17 on:** September 18, 2011, 11:07:37 PM »

Haven't had the time to create a sav file yet - will try to do it tommorow

polonus · « **Reply #18 on:** September 19, 2011, 12:13:56 AM »

Hi marziano_mork,

What you suggest in your previous posting is a very likely scenario, but it cannot be proven from the name of the find Suela-1042 = avast; Suela-1042 = avira
So we have to wait for essexboy's verdict of a conflict possible with the Virtualbox scan..

Aliases
Virus.DOS.Suela.1042 (Kaspersky Lab) is also known as:

Suela.1042 (Kaspersky Lab)
Virus: Suela.1042 (McAfee)
Suel-1042 (Sophos)
Suela.1042.B (Panda)
Suela.1042.B (FPROT)
Virus:DOS/Suela_1042.A (MS(OneCare))
Suela.1042 (DrWeb)
unknown CRYPT.TSR.COM.EXE virus (Nod32)
Suela.1042.B (BitDef7)
Suela-1042 (AVAST)
Virus.DOS.SillyRE.360 (Ikarus)
Suela-1042 (AVIRA)
Suela.1042 (NAI)
SUELA.1042 (PCCIL)
Unknown (Rising)
SUELA.1042 (TrendMicro) (source: http://www.securelist.com/en/descriptions/old10434)

polonus

marziano_mork · « **Reply #19 on:** September 19, 2011, 06:15:29 PM »

OK, so we wait for essexboy's further investigation.

essexboy · « **Reply #20 on:** September 19, 2011, 08:38:21 PM »

I cannot re-create that on my sav files.. Is the version of virtualbox you have the latest.. Also if you are creating you own programmes/script within the VM it may be those that Avast is picking up on

Another thought is that it may be picking up the Avira signatures. My VM has no AV installed

marziano_mork · « **Reply #21 on:** September 20, 2011, 09:05:55 PM »

I installed the latest version of VirtualBox and Avira Antivir on the guest system;
probably that's why you can't reproduce the issue.

essexboy · « **Reply #22 on:** September 20, 2011, 09:13:28 PM »

As soon as I get a chance I will run Avira on the box and see what happens

marziano_mork · « **Reply #23 on:** September 20, 2011, 10:37:29 PM »

Thanks!

Author Topic: False positive in Virtualbox image ? (Read 10802 times)

polonus

Re: False positive in Virtualbox image ?

marziano_mork

Re: False positive in Virtualbox image ?

essexboy

Re: False positive in Virtualbox image ?

polonus

Re: False positive in Virtualbox image ?

marziano_mork

Re: False positive in Virtualbox image ?

essexboy

Re: False positive in Virtualbox image ?

marziano_mork

Re: False positive in Virtualbox image ?

essexboy

Re: False positive in Virtualbox image ?

marziano_mork

Re: False positive in Virtualbox image ?