Author Topic: Virus detection (Read 6888 times)

gtaillandier · « **on:** May 12, 2005, 09:43:22 PM »

I just want to know something ( sorry but I'm French ).
I have the latest version of avast home, and it has detected the virus Win32:Puper-F [Trj]" in "C:\Program Files\mp3 wave maker\Plugins\ImageViewer.dll" file when I've launched ad-aware for searching malware.

In avast standard shield, I have checked in advanced scanner section : "analyse created/modified files", "only files with the selected extension" and "default extension set" ( which includes dll extension ).

Can someone tell me why I didn't have had any message when the file has been created ?

Sincerely.

Lisandro · « **Reply #1 on:** May 12, 2005, 10:13:32 PM »

Gtaillandier, maybe (just maybe, I'm not sure) the trojan is a recent one and was not included into the VPS when it was added to the HDD.
Maybe an avast leakage on scanning that dll that only Ad-aware discover as malware.
Sorry, I have no more than guesses.
By the way, your English is better than mine

igor · « **Reply #2 on:** May 12, 2005, 10:36:22 PM »

Win32:Puper-F [Trj] was indeed added in the last VPS update, as you can see on the VPS history page. The alert is probably triggered by Ad-aware accessing the file, thus making avast! scan it.

On the other hand, according to the file path, it sounds like a false alarm. Can you please pack the file into a password-protected archive (e.g. ZIP or RAR) and send it to virus@avast.com, with a short note? Thanks.

bri · « **Reply #3 on:** May 13, 2005, 04:59:16 AM »

today i was running a manual scan with a2-squared(free) and avast found c:/programfiles/shareeza/plugins/imageviewer.dll,i put it in the chest then sent to alwil,bri

cvsa · « **Reply #4 on:** May 13, 2005, 11:47:46 AM »

same problem for me !! (i posted a topic in the avast virus&worms forum )

sounds like a false positive (see jotti's online scanner)

cvsa · « **Reply #5 on:** May 14, 2005, 11:15:09 AM »

Can avast! team tell us if it will be corrected in next viral update ?

DavidR · « **Reply #6 on:** May 14, 2005, 01:26:01 PM »

False positives when reported are usually dealt with very promptly and often in the next VPS update.

However, as far as priorities go I would have thought it would have a lower priority than inclusion of real virus detection.

MrToad · « **Reply #7 on:** May 14, 2005, 02:03:53 PM »

Regarding the possible false positive in shareaza imageviewer.dll:
I had same notice and moved the file to chest despite many scans with many scanners [bit-defender, anti-vir etc] with no alerts. Coincidentally, I came across this post that indicates Kapersky is having similar problem...and it is thought to be a false positive:
http://forum.kaspersky.com/index.php?showtopic=748
Methinks Avast! and Kapersky have used same source for virus def and that source has produced a false positive...I have restored the imageviewer.dll file but will monitor this thread and other sources for confirmation/disconfirmation of the false positive.

cvsa · « **Reply #8 on:** May 14, 2005, 02:40:50 PM »

Quote from: MrToad on May 14, 2005, 02:03:53 PM

Coincidentally, I came across this post that indicates Kapersky is having similar problem...and it is thought to be a false positive:
http://forum.kaspersky.com/index.php?showtopic=748

Great to see that Kaspersky has fixed the problem (avast! last update is from12/05/05...

)

Darookan · « **Reply #9 on:** May 15, 2005, 12:19:21 AM »

Quote

Can someone tell me why I didn't have had any message when the file has been created ?

Hi Folks!

I just got a similar problem here today. Everyday I receive spam messages linking to files hosted on bogus webpages, pretending to be another company. The last ones I got I decided to "safe test" them in order to check if the virus database has its signatures. As a TI manager, I well know about these kind of spam and I surely know how to handle these files... my solely intention is to send the file to avast! Team in order to add it to the database, if it is not yet included.

This afternoon I receive a fake spam message pretending to be from a famous relationship network and asking to download a "form" in order to update the user data. As I did other times, I downloaded the file into a separate folder and scanned it with avast. The scanner detected a virus (its signature was already added) and I just smiled. BUT, I decided to do another test: I shift-deleted the file (no recycle) and checked the advanced scanner option that this topic subjects. Then I downloaded the file again, hoping it would be detected as soon GetRight renamed it to .exe extension... nothing happened, no scan message appeared until I manually scanned the folder again. What went wrong??

I'm using the lastest (sigh*) version of avast!

Thanks in advance

polonus · « **Reply #10 on:** May 15, 2005, 12:31:59 AM »

Dear Darookan,

That is why I cannot live without a FileAnalyzer program en a Bintscan (Binairy text scan) program to check the questionables.
I know of the past, when some virusscanners alerted on script jokes like an animated gif that showed a pop-up that faked a delete of all files. It was a joke, but it could startle some people, that is why.

Kindest regards,

polonus

Author Topic: Virus detection (Read 6888 times)

gtaillandier

Virus detection

Lisandro

Re: Virus detection

igor

Re: Virus detection

bri

Re: Virus detection

cvsa

Re: Virus detection

cvsa

Re: Virus detection

DavidR

Re: Virus detection

MrToad

Re: Virus detection

cvsa

Re: Virus detection

Darookan

Re: Virus detection

polonus

Re: Virus detection