Author Topic: Win32:Banker detected ......but seems like false alarm  (Read 6015 times)

0 Members and 1 Guest are viewing this topic.

Charlton6131

  • Guest
Win32:Banker detected ......but seems like false alarm
« on: September 28, 2008, 02:24:25 PM »
Avast reports an infection with Win32:Banker in PostCast server files HOWEVER, after carefully reading the "pathology" of this virus (the files it creates, registry changes, where it places files etc), none of these were found.

Not ONE of the signs that the virus exists on the computer were found, yet Avast reports the infection.

Is this an Avast "False Alarm"?  Perhaps Avast is incorrectly identifying a legitimate file as containing a virus when it really doesnt?  The file it is flagging is PBBalloon.ocx

Thanks

Online DavidR

  • Avast Ɯberevangelist
  • Certainly Bot
  • *****
  • Posts: 86518
  • No support PMs thanks
Re: Win32:Banker detected ......but seems like false alarm
« Reply #1 on: September 28, 2008, 04:15:32 PM »
You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here. You can't do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.

If it is indeed a false positive, see http://forum.avast.com/index.php?topic=34950.msg293451#msg293451, how to report it to avast! and what to do to exclude them until the problem is corrected.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 22.2.6003 (build 22.2.7013.717) UI 1.0.697/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Charlton6131

  • Guest
Re: Win32:Banker detected ......but seems like false alarm
« Reply #2 on: October 04, 2008, 12:13:32 AM »
I went to virus total and it scanned the file but the result is about as useful as a broom with no straws.

It just tells me what I already knew...that AVAST says it is infected.  One or two more say the same but its like 3 of of 36 virus scanners (I think is what it is saying)  claom it may be infected?

So what does that mean.   That 3 of 36 virus engines believe its infected while most do not?

Since I looked over ALL the virus information on the particular virus in question and NONE of the signs (registry changes, file creations etc) seem to have occurred, I guess I will assume that the 3 engines reporting the virus are just stupid.

Thanks


Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67241
Re: Win32:Banker detected ......but seems like false alarm
« Reply #3 on: October 04, 2008, 12:23:47 AM »
I guess I will assume that the 3 engines reporting the virus are just stupid.
Which are the engines? I won't call stupid, but just false positives...
Can you post a link to the virustotal analysis?
The best things in life are free.

Online DavidR

  • Avast Ɯberevangelist
  • Certainly Bot
  • *****
  • Posts: 86518
  • No support PMs thanks
Re: Win32:Banker detected ......but seems like false alarm
« Reply #4 on: October 04, 2008, 01:21:12 AM »
The report isn't about as useful as a broom with no straws to us as we can see what other AVs detect it and what the malware name is.

GData uses two scanning engines, one being avast so it is possible that that would effectively reduce the hits to 2/35, so finding out the other scanners that detected it and what they called it help greatly.

Whilst there is still a strong possibility that it is a false positive we can't say for certain without information.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 22.2.6003 (build 22.2.7013.717) UI 1.0.697/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security