Author Topic: totalscan from panda  (Read 8413 times)

0 Members and 1 Guest are viewing this topic.

crococ

  • Guest
totalscan from panda
« on: May 29, 2007, 05:52:02 PM »
Hello all,

I wanted to try to run the totalscan from panda.
But during loading avast detects and claims there
is a Win32:CTX worm/virus. Why exactly ? Can't
we use it just for a test ?

TIA.

Offline FreewheelinFrank

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 4872
  • I'm a GNU
    • Don't Surf in the Nude!
Re: totalscan from panda
« Reply #1 on: May 29, 2007, 06:23:29 PM »
Sure, just disable avast! while scanning, and watch out later for further avast! detections in the Panda folder. Why? Unencrypted virus definitions. See a note on virus definitions here:

http://www.geocities.com/dontsurfinthenude/antivir2.htm
     Bambleweeny 57 sub-meson brain     Don't Surf in the Nude Blog

crococ

  • Guest
Re: totalscan from panda
« Reply #2 on: May 29, 2007, 07:14:17 PM »
OK, thanks very much for the reply !

So, should I let the panda loading to terminate,
ignoring the alerts, then pull off the internet connexion,
stop resident avast (via right click on the the "a"),
install and run the pando scan test, restart avast, and
reconnnect the internet plug ?


Offline FreewheelinFrank

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 4872
  • I'm a GNU
    • Don't Surf in the Nude!
Re: totalscan from panda
« Reply #3 on: May 29, 2007, 07:32:44 PM »
Run the scan online with avast! disabled.
     Bambleweeny 57 sub-meson brain     Don't Surf in the Nude Blog

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67198
Re: totalscan from panda
« Reply #4 on: May 29, 2007, 09:03:57 PM »
Even after that, some files could remain and will be detected by avast as being infected.

False detections due to Panda active scan: http://forum.avast.com/index.php?topic=12432.msg104932#msg104932
Read: http://www.avast.com/eng/virus_detection_and.html#idt_1554

IMSCAN.DLL
PAVDLL.DLL
PAV.SIG
APVXD.VX2
APVXD.VXD

C:\windows\system32\active scan\pskavs.dll
C:\system volume information \_restore{ ... }\*.dll

Unfortunatelly, a well-known problem of Panda not encrypting its signatures  :P
Quote
Every virus can be identified, because it contains some unique signatures. Antiviral programs have their own database of that signatures. We call this database the "virus definition file". When an antiviral program scans a file for viruses, it compares all the signatures (of all viruses) in the database with the signatures in that file. If the signatures match (they are the same), the file is marked as infected. For an antivirus program, it is important to hide this database of signatures somehow - e.g. by encrypting it. Panda Antivirus does not encrypt its virus database - the signatures inside are clearly "visible" to other antiviral programs, so they detect this file as infected (but there is actually no virus inside - only the signatures are the same).
The best things in life are free.

Offline DavidR

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 88786
  • No support PMs thanks
Re: totalscan from panda
« Reply #5 on: May 29, 2007, 09:42:06 PM »
For the following reasons I won't use or recommend the panda on-line scanner. Panda doesn't not encrypt its signatures, which many AVs later will detect, but more so because it puts all this c**p in the system folders making it even more difficult to remove later as windows system restore save a copy in the system volume information folder for your AV to trip up over once again.

There are plenty of other on-line scanners that don't have this issue. On-line Virus Scanners and other useful Links Security-Ops.eu.tt
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.1.6099 (build 24.1.8821.762) UI 1.0.796/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67198
Re: totalscan from panda
« Reply #6 on: May 29, 2007, 09:55:45 PM »
For the following reasons I won't use or recommend the panda on-line scanner. Panda doesn't not encrypt its signatures, which many AVs later will detect, but more so because it puts all this c**p in the system folders making it even more difficult to remove later as windows system restore save a copy in the system volume information folder for your AV to trip up over once again.

There are plenty of other on-line scanners that don't have this issue. On-line Virus Scanners and other useful Links Security-Ops.eu.tt
Fully agree with David.
Besides that page, you can check these for full computer on-line scanning:
Kaspersky (very good detection rates)
Trendmicro housecall
AVGas (does not necessary if you have AVG antispyware installed)
F-Secure
BitDefender (free removal of the malware)
HitmanPro (new online scanner with multiply scanners)
The best things in life are free.

Offline FreewheelinFrank

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 4872
  • I'm a GNU
    • Don't Surf in the Nude!
Re: totalscan from panda
« Reply #7 on: May 29, 2007, 11:39:19 PM »
To be fair to Panda, only a few AV's mistake pskavs.dll for malware:

Complete scanning result of "pskavs.dll", received in VirusTotal at 05.29.2007, 23:20:39 (CET).
Antivirus   Version   Update   Result
AhnLab-V3   2007.5.30.0   05.29.2007   no virus found
AntiVir   7.4.0.27   05.29.2007   Frisk #2
Authentium   4.93.8   05.23.2007   no virus found
Avast   4.7.997.0   05.29.2007   Win32:CTX
AVG   7.5.0.467   05.29.2007   no virus found
BitDefender   7.2   05.29.2007   no virus found
CAT-QuickHeal   9.00   05.29.2007   no virus found
ClamAV   devel-20070416   05.29.2007   CyberTech.578
DrWeb   4.33   05.29.2007   no virus found
eSafe   7.0.15.0   05.29.2007   no virus found
eTrust-Vet   30.7.3672   05.29.2007   no virus found
Ewido   4.0   05.29.2007   no virus found
FileAdvisor   1   05.29.2007   no virus found
Fortinet   2.85.0.0   05.29.2007   no virus found
F-Prot   4.3.2.48   05.25.2007   no virus found
F-Secure   6.70.13030.0   05.29.2007   no virus found
Ikarus   T3.1.1.8   05.29.2007   no virus found
Kaspersky   4.0.2.24   05.29.2007   no virus found
McAfee   5041   05.29.2007   no virus found
Microsoft   1.2503   05.29.2007   no virus found
NOD32v2   2296   05.29.2007   no virus found
Norman   5.80.02   05.29.2007   no virus found
Panda   9.0.0.4   05.28.2007   no virus found
Prevx1   V2   05.29.2007   no virus found
Sophos   4.18.0   05.28.2007   W95/Whog-878b
Sunbelt   2.2.907.0   05.26.2007   no virus found
Symantec   10   05.29.2007   no virus found
TheHacker   6.1.6.124   05.28.2007   no virus found
VBA32   3.12.0   05.28.2007   no virus found
VirusBuster   4.3.23:9   05.29.2007   no virus found
Webwasher-Gateway   6.0.1   05.29.2007   Win32.Bumble

And the Panda scanner is an excellent malware detector and remover, recommended by many malware forums.
     Bambleweeny 57 sub-meson brain     Don't Surf in the Nude Blog

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67198
Re: totalscan from panda
« Reply #8 on: May 30, 2007, 01:15:33 AM »
And the Panda scanner is an excellent malware detector and remover, recommended by many malware forums.
Sure.
The antirootkit is very very good and it's installed in my machine.
It's good to be fair from time to time and not only biased 8)
The best things in life are free.