Author Topic: False alarm ? or the real nasty ?  (Read 6040 times)

0 Members and 1 Guest are viewing this topic.

Offline Waldo

  • Sr. Member
  • ****
  • Posts: 397
  • Avast does the ownage
False alarm ? or the real nasty ?
« on: June 08, 2003, 12:56:04 PM »
I've been running the Panda AV free online scanner for a test run a few minutes ago...but when I opened Avast! and it did the memory check before opening the main program (when Panda was running)... it said I was infected by a
memory resident virus called "Win32:KUANG" located in C:/windows/system32/activescan/imscan.dll  and "Matyas" in C:/windows/system32/activescan/Pav.sig >> wich is the signature file of Panda i guess ?

It scared the shit out of me !

Avast4.0 asked me to shedule a boot scan, so i did...but it didn't found anything.

So my first idea is that this was a false alarm, and it detected the panda scanner running. (I hope so). But i'm not 100 % sure :(

do I have to delete the detected DLL 's manualy in the windows explorer...or is it safe just to let it there ?

To be sure it does not harm to other files, i sended the DLL's to the Virus Chest to make sure.
you never know...

I have my heuristics set to "High". Running PRO edition. with latest updates. win XP sp1.
« Last Edit: June 08, 2003, 01:25:11 PM by Waldo »
**Guns are for show, knifes for a pro**

Offline raman

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 1062
Re:False alarm ? or the real nasty ?
« Reply #1 on: June 08, 2003, 02:33:10 PM »
As you figured out by yourself, it is a false alarm. These two files belong to Panda Antivirus. It is reported, because Panda did not encrypt their Signatures enough. If you make a Boardsearch for Pand or pav.sig, you will get several answers.
MfG Ralf

Offline Waldo

  • Sr. Member
  • ****
  • Posts: 397
  • Avast does the ownage
Re:False alarm ? or the real nasty ?
« Reply #2 on: June 08, 2003, 04:50:38 PM »
sweet, just as i thought ! false alarm. :)

I deleted eveything from Panda, just to make sure i don't get these warnings again.

There are much better "online-scanners" outthere ,like Trend's or Ravs' or Symanytec's that scan without nasty warnings. Because they encrypt their .sig
much better.

Thanks !
**Guns are for show, knifes for a pro**

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11804
    • AVAST Software
Re:False alarm ? or the real nasty ?
« Reply #3 on: June 08, 2003, 05:24:15 PM »
Well, it's not about encrypting the signatures better or worse - any encryption would do (I dare not call it an encryption - simple scambling the code by adding 1 to every byte, or inverting the bits, or anything like that would turn the real virus code into something else that wouldn't be detected by other antiviruses, since it's not an executable virus code anymore). Just leaving the pieces of virus code in plaintext, just like they are in the real virus file, is not a good idea (as Panda does).

Offline Waldo

  • Sr. Member
  • ****
  • Posts: 397
  • Avast does the ownage
Re:False alarm ? or the real nasty ?
« Reply #4 on: June 08, 2003, 07:00:04 PM »
totaly agreed ! Avast! rules big time > Panda is gone to
the forever lasting trashcan !
**Guns are for show, knifes for a pro**