Hi folks,
I've just completed a complete boot scan (4 hours
) and discovered a virus on an old file that had been scanned previously (had this on my Pc for the last few years) and was wondering if it was a false positive..
here's the result from TotalVirus.com
File fr030-candytron-final-101.zip received on 09.23.2007 09:22:14 (CET)
Antivirus Version Last Update Result
AhnLab-V3 2007.9.22.0 2007.09.21 -
AntiVir 7.6.0.15 2007.09.21 -
Authentium 4.93.8 2007.09.23 -
Avast 4.7.1043.0 2007.09.22 Win32:PeStaple-F
AVG 7.5.0.485 2007.09.22 -
BitDefender 7.2 2007.09.23 -
CAT-QuickHeal 9.00 2007.09.21 (Suspicious) - DNAScan
ClamAV 0.91.2 2007.09.23 -
DrWeb 4.33 2007.09.22 -
eSafe 7.0.15.0 2007.09.19 Suspicious Trojan/Worm
eTrust-Vet 31.2.5154 2007.09.21 -
Ewido 4.0 2007.09.20 -
FileAdvisor 1 2007.09.23 -
Fortinet 3.11.0.0 2007.09.23 -
F-Prot 4.3.2.48 2007.09.23 -
F-Secure 6.70.13030.0 2007.09.21 -
Ikarus T3.1.1.12 2007.09.23 Virus.Win32.PeStaple.F
Kaspersky 4.0.2.24 2007.09.23 -
McAfee 5125 2007.09.21 -
Microsoft 1.2803 2007.09.23 -
NOD32v2 2545 2007.09.23 -
Norman 5.80.02 2007.09.21 -
Panda 9.0.0.4 2007.09.23 -
Prevx1 V2 2007.09.23 -
Rising 19.41.61.00 2007.09.23 -
Sophos 4.21.0 2007.09.23 -
Sunbelt 2.2.907.0 2007.09.22 -
Symantec 10 2007.09.23 -
TheHacker 6.2.5.066 2007.09.22 -
VBA32 3.12.2.4 2007.09.23 -
VirusBuster 4.3.26:9 2007.09.22 -
Webwasher-Gateway 6.0.1 2007.09.21 Win32.Malware.gen!84 (suspicious)
Additional information
File size: 65652 bytes
MD5: b5a5af99fcc982c066a67e7cd4a4a71f
SHA1: dc82a1c23bb7e5ffea2dc304831606ec56186de1
-------
Also, I've recently downloaded this other file that registers as Win32:Virtualizer [Cryp] (no clue what that means.. searched a few places without results)
Results of VirusTotal.com
File ar.dll received on 09.23.2007 09:09:25 (CET)
Antivirus Version Last Update Result
AhnLab-V3 2007.9.22.0 2007.09.21 -
AntiVir 7.6.0.15 2007.09.21 -
Authentium 4.93.8 2007.09.23 -
Avast 4.7.1043.0 2007.09.22 Win32:Virtualizer
AVG 7.5.0.485 2007.09.22 -
BitDefender 7.2 2007.09.23 -
CAT-QuickHeal 9.00 2007.09.21 -
ClamAV 0.91.2 2007.09.23 -
DrWeb 4.33 2007.09.22 -
eSafe 7.0.15.0 2007.09.19 -
eTrust-Vet 31.2.5154 2007.09.21 -
Ewido 4.0 2007.09.20 -
FileAdvisor 1 2007.09.23 -
Fortinet 3.11.0.0 2007.09.23 -
F-Prot 4.3.2.48 2007.09.23 -
F-Secure 6.70.13030.0 2007.09.21 -
Ikarus T3.1.1.12 2007.09.23 Trojan-PWS.Win32.Small.br
Kaspersky 4.0.2.24 2007.09.23 -
McAfee 5125 2007.09.21 -
Microsoft 1.2803 2007.09.23 -
NOD32v2 2545 2007.09.23 -
Norman 5.80.02 2007.09.21 W32/Suspicious_U.gen
Panda 9.0.0.4 2007.09.23 Suspicious file
Prevx1 V2 2007.09.23 -
Rising 19.41.61.00 2007.09.23 -
Sophos 4.21.0 2007.09.23 Mal/Packer
Sunbelt 2.2.907.0 2007.09.22 VIPRE.Suspicious
Symantec 10 2007.09.23 -
TheHacker 6.2.5.066 2007.09.22 W32/Behav-Heuristic-060
VBA32 3.12.2.4 2007.09.23 -
VirusBuster 4.3.26:9 2007.09.22 Packed/Upack
Webwasher-Gateway 6.0.1 2007.09.21 Win32.Malware.gen#Upack (suspicious)
Additional information
File size: 42797 bytes
MD5: 8316436d9f6443ae8a8080ec6939f5cf
SHA1: ba49b123b6df43ec8dd267abda229611980cf7ca
packers: Upack
packers: UPACK, BINARYRES
packers: UPack
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.
Note that jotty.org reports that only Avast detects something.. and that Dot9 says it's safe. Still, I'd love to know that this is. Is it just because it's packed with UPACK or is something else detected that I should be aware of?
Thx in advance...
P.S. where can I get infos on PeStaple and Virtualizer? Actually, is there a good database of virus definition out there that could help me? Searched a few but none returned anything about those 2 viruses/malwares.