Author Topic: Avast Finds Virus but  (Read 15135 times)

0 Members and 1 Guest are viewing this topic.

Sorcerer

  • Guest
Avast Finds Virus but
« on: February 05, 2004, 12:42:54 PM »
Hi, I downloaded a file called Cain & Abel v2.0 for Windows 9x (discontinued) from here
http://www.techtv.com/screensavers/darktips/story/0,24330,3602921,00.html  and select download it redirects to here http://www.oxid.it/cain.html and then Avast says warning Virus( Win32:Trojan-gen. {VC}) is on your computer. So I checked the file with another visrus scanner called AntiVir Personal Edition v 6.22xxx and it says cain20.exe Contains a signature of the (dangerous) backdoor program BDS/Cain.2.0 Backdoor server programs.   I didn't get warning for the Win XP ver, just the win 98 version. Maybe someone could try the siyte mentioned and see if  Avast warns of virus. Maybe sone could send from chest because mine wont send SMTP. Please Advise.

I tried to send it from chest but get error from SMTP mail problem. Seems I can never to get that to work for a long time now. It used to work way back in eariler version of avast. I can use the SMTP email with Outlook Express but not with Avast Send from Chest option in Avast.

Running Win 98 on computer with Virus warning.

Thanks

whocares

  • Guest
Re:Avast Finds Virus but
« Reply #1 on: February 05, 2004, 01:05:36 PM »
Hi,

uuhm.. what exactly is your problem/question ?

two AV-programs warn you of a file you downloaded from a dubious source ?
Delete it, and EOD ..

you could of course try other scanners (e.g. from KAV, RAV, Trend, Softwin, Panda, F-prot)  until you get blue in the face..

 ;D ;D ;) ;)

Sorcerer

  • Guest
Re:Avast Finds Virus but
« Reply #2 on: February 05, 2004, 01:25:46 PM »
Hi whocares

 I just didn't think Tech-TV would advise to download a progie that had a virus. I sort of figured Tech-TV had a rep to maintain.

Thanks for the input though.


Fu Xuen

  • Guest
Re:Avast Finds Virus but
« Reply #3 on: June 08, 2004, 09:01:42 PM »
Hello,

I use the 2.5 version (for Windows XP) of Cain & Abel, as it was referenced here. It was installed a few months ago, while I have been using Avast! Home 4 for almost one year now ;).

Avast! is always up-to-date (thanks to the automatic update feature), and the real-time shield is activated. But it had never detected this software as a trojan, except today since 0424-0 VPS file. I am aware of false positives with this signature file (I had the same problem with the WinRAR installer than another board member), but the updated 0424-1 VPS file keeps telling this software is Win32:Trojan-gen. {VC}.

Though I assume some part of the executable could be considered as a trojan because of its features, e.g. sniffing networking protocols, I ultimately doubt Avast! should claim this program actually is a trojan.

Thanks for your reading :). Keep up the good work.
« Last Edit: June 08, 2004, 09:07:20 PM by Fu Xuen »

Fu Xuen

  • Guest
Re:Avast Finds Virus but
« Reply #4 on: June 09, 2004, 08:54:11 PM »
Well, I guess my english is not easy to read ; but if you need more information, I just can try to explain better :).

Everyone who is thinking of me as trying to get my message back at the top of the list would be, ahem, right ;D.

whocares

  • Guest
Re:Avast Finds Virus but
« Reply #5 on: June 09, 2004, 09:04:19 PM »
1) some part of the executable could be considered as a trojan because of its features,

2) I ultimately doubt Avast! should claim this program actually is a trojan.


Hi,
@1) right
@2) why not ? lots of other AV-scanner also consider it a trojan/backdoor

So, I don't think this detection should or will be dropped, but you could send it in, of course, to virus@avast.com and ask alwil to reconsider

 ;)

Kobra

  • Guest
Re:Avast Finds Virus but
« Reply #6 on: June 09, 2004, 09:06:03 PM »
This COULD be a false alarm...  Only Avast is showing me a positive - but Avast is the best at finding deep down baddies i've been finding....  I've checked it with Ewido (50,000+ Trojan Defs),  Dr.Web (Best Heuristics),  and Kaspersky (Best overall single engined detection) and finally Trend Micro (Pc-Cillian)

Dr.Web ®Copyright © Igor Daniloff, 1992-2004
Engine version: 4.31b
Total 50742 virus-finding records.
Last update: Wed Jun 9 18:10:02 2004
cain20.exe - Ok

Kaspersky 5.0
Scanned file:   cain20.exe
cain20.exe - archived by WiseSFX
cain20.exe/WISE0000.BIN - OK
cain20.exe/WISE0001.BIN - OK
cain20.exe/WISE0002.BIN - OK
cain20.exe/WISE0003.BIN - OK
cain20.exe/WISE0004.BIN - OK
cain20.exe/WISE0005.BIN - OK
cain20.exe/WISE0006.BIN - OK
cain20.exe/WISE0007.BIN - OK
cain20.exe/WISE0008.BIN - OK
cain20.exe/WISE0009.BIN - OK
cain20.exe/WISE0010.BIN - OK
cain20.exe/WISE0011.BIN - OK
cain20.exe/WISE0012.BIN - OK
cain20.exe/WISE0013.BIN - OK
cain20.exe/WISE0014.BIN - OK
cain20.exe/WISE0015.BIN - OK
cain20.exe/WISE0016.BIN - OK
cain20.exe/WISE0017.BIN - OK
cain20.exe/WISE0018.BIN - OK
cain20.exe/WISE0019.BIN - OK
cain20.exe/WISE0020.BIN - OK
cain20.exe/WISE0021.BIN - OK
cain20.exe/WISE0022.BIN - OK
cain20.exe/WISE0023.BIN - OK
cain20.exe/WISE0024.BIN - OK
cain20.exe/WISE0025.BIN - OK
cain20.exe/WISE0026.BIN - OK
cain20.exe - OK

Ewido Report:
Cain20.EXE = CLEAR

Trend Micro
Cain20.exe: Ok

I *WILL* do some further testing as well on it, because i'm aware of a loophole with most AV products where they cannot properly scan BIN files, while Avast does.   ;D
« Last Edit: June 09, 2004, 09:06:52 PM by Kobra »

Kobra

  • Guest
Re:Avast Finds Virus but
« Reply #7 on: June 09, 2004, 09:46:17 PM »
Interesting thing to note so far on this one, is Avast brings up the alert if you even mouse over this in explorer directory.

However, if you drop it in a RAR archive, it doesn't trip off, and even shell-extension right-click scan of the archive, doesn't trigger the alert as well.

Anyone explain the reasoning as to why that might happen?

PS: Still investigating the file, but ran into this curious behavior.

Fu Xuen

  • Guest
Re:Avast Finds Virus but
« Reply #8 on: June 09, 2004, 09:52:37 PM »
why not ? lots of other AV-scanner also consider it a trojan/backdoor
Thanks for your reply :). But as stated by Kobra who kindly did nice testing, it seems that not so many programs consider it as a backdoor.

The point is the user knows what he installed while using this program (contrary, for instance, to Back Orifice variants whose server executables hide themselves).
« Last Edit: June 09, 2004, 09:53:02 PM by Fu Xuen »

Fu Xuen

  • Guest
Re:Avast Finds Virus but
« Reply #9 on: June 09, 2004, 09:55:39 PM »
Interesting thing to note so far on this one, is Avast brings up the alert if you even mouse over this in explorer directory.

However, if you drop it in a RAR archive, it doesn't trip off, and even shell-extension right-click scan of the archive, doesn't trigger the alert as well.
I noted this too :).

Offline .: Mac :.

  • Avast Überevangelist
  • Ultra Poster
  • *****
  • Posts: 5093
Re:Avast Finds Virus but
« Reply #10 on: June 10, 2004, 12:16:31 AM »
Quote
I just didn't think Tech-TV would advise to download a progie that had a virus. I sort of figured Tech-TV had a rep to maintain
If you didnt know Kevin Rose was a former Hacker. His Dark tips often tell how to hack programs and things. well it coes as no surprise that some AV programs detect it as infected
"People who are really serious about software should make their own hardware." - Alan Kay

whocares

  • Guest
Re:Avast Finds Virus but
« Reply #11 on: June 10, 2004, 12:25:54 PM »
But as stated by Kobra who kindly did nice testing, it seems that not so many programs consider it as a backdoor.

- AVPE & RAV each consider 1 of the versions as backdoor
- KAV only says tool.reboot, but from the description I'd consider it definetly unwanted on my PC

Don't you think, that Users who DO know about it AND want it, should be knowledgable enough to exclude it from scanning via avast's options.. ;)

Fu Xuen

  • Guest
Re:Avast Finds Virus but
« Reply #12 on: June 10, 2004, 08:26:21 PM »
Don't you think, that Users who DO know about it AND want it, should be knowledgable enough to exclude it from scanning via avast's options..
Well, the funny thing is (and I should have told it before) that I actually excluded the whole “C:\Program Files” directory, where this program was installed. The alert began with 0424-0 VPS file, in spite of this exclusion (I am using Avast! Home 4.1.396) ; so I uninstalled Cain & Abel 2.5b47 yesterday.

In the meantime, Avast! updated to 0424-2 ; I have just installed Cain & Abel 2.5b52 and removed the exclusion : it seems that it is no longer signaled as a trojan...


sunfamily

  • Guest
Re:Avast Finds Virus but
« Reply #13 on: June 10, 2004, 09:16:31 PM »
    i am using the beta version with the latest update. but yesterday during boot time scan i got the following win32 virus:lovelorn(vbs)
    the system halted during boot and i was only able to move it and do nothing else. what should i do about it ? is it harmful to keep it in the system?
regards
Sunny

CharleyO

  • Guest
Re:Avast Finds Virus but
« Reply #14 on: June 11, 2004, 06:01:55 AM »

The program is named "Cain & Abel." Shouldn't that be a clue?    ???