VirusTotal, Afterdawn downloads, Please read
|
|
rogue212
Suspended due to non-functional email address
|
18. December 2007 @ 07:06 |
Link to this message
|
Hi, i hope i'm not going to cause any concern or alarm to other people for this thread, but i need advice yet again.
I used a link from a thread for a online scanning service called VirusTotal, after scanning some suspect files i decided to give some of the free programs i downloaded from Afterdawn a scan, here are some of the results.
ffdshow_rev1625_20071119_clsid.zi
Prevx1 V2 2007.12.18 Heuristic: Suspicious Self Modifying
TMPGEnc-2_1_.524.63.181-Free.zip
Sunbelt - - VIPRE.Suspicious
Webwasher-Gateway - - Win32.Malware.gen (suspicious
dvdshrink32setup.exe
Webwasher-Gateway - - BlockReason.0
Avisynth_257.exe
eSafe - - suspicious Trojan/Worm
Panda - - Suspicious file
GSpot270a.zip
Webwasher-Gateway - - BlockReason.0
FixVTS.exe
McAfee - - New Malware.ab
dvdflick_setup_1.2.2.1.exe
Prevx1 - - Heuristic: Suspicious Self Modifying File
DVDFabHDDecrypter4012.exe
Prevx1 - - Heuristic: Suspicious Self Modifying File
avidemux_2.3.0_plus_win32.zip
Fortinet - - suspicious
Panda - - Suspicious file
vsoConvertXtoDVD2_setup.exe
IkarusVirus.Trojan.Win32.Obfuscated.en
I'm not sure of these results, the one i really need some advice about and which i can't seem to find any information on is the "Heuristic: Suspicious Self Modifying File".
This was found by the Prevx1 scan which is a new program in the beta stage designed to find the newer Trojans and has also given the these names for the same result,
"Heuristic: Suspicious Backdoor" "Polymorphic Trojans" found in DVDflick_setup_1.2.2.1.exe , ffdshow_rev1625_20071119_clsid.zi , DVDFabHDDecrypter4012.exe
I've never found any of this infections with all of the security programs i've used but would appreciate any input, even my favourite program ConvertXToDVD has been infected with "Trojan.Win32.Obfuscated.en" found by the Ikarus scan according to VirusTotal.
Could i have a Trojan spreading through my files, the Polymorphic Trojan?
|
Advertisement
|
|
|
Moderator
|
18. December 2007 @ 07:33 |
Link to this message
|
Sounds to me like you need to try a better, more well known virus scanner. I use Mcafee personally, and in all the years of using computers online i've only have been hit by 2 minor viruses
Main PC ~ Intel C2Q Q6600 (G0 Stepping)/Gigabyte GA-EP45-DS3/2GB Crucial Ballistix PC2-8500/Zalman CNPS9700/Antec 900/Corsair HX 620W
Network ~ DD-WRT ~ 2node WDS-WPA2/AES ~ Buffalo WHR-G54S. 3node WPA2/AES ~ WRT54GS v6 (inc. WEP BSSID), WRT54G v2, WRT54G2 v1. *** Forum Rules ***
|
rogue212
Suspended due to non-functional email address
|
18. December 2007 @ 10:51 |
Link to this message
|
See reply below
This message has been edited since posting. Last time this message was edited on 18. December 2007 @ 10:53
|
rogue212
Suspended due to non-functional email address
|
18. December 2007 @ 10:52 |
Link to this message
|
Originally posted by creaky: Sounds to me like you need to try a better, more well known virus scanner. I use Mcafee personally, and in all the years of using computers online i've only have been hit by 2 minor viruses
TotalVirus uses 36 different Antivirus programs including Mcafee, which picked up only one infection by the way if you read my first thread, if they are genuine infections and not part of the program, thats what i'm trying to find out.
try it, file upload size has a limit, link below
http://www.virustotal.com/
This message has been edited since posting. Last time this message was edited on 18. December 2007 @ 10:58
|
Moderator
|
18. December 2007 @ 11:08 |
Link to this message
|
I'm sure the Admins will be sure that anything hosted here will be virus-free; again, sounds to me like you've picked up something undesirable along the way, and that's what's infected the files you mention, not the site-hosted files being the culprit; a lot of people use these files, and to my knowledge no-one's had any problems thus far... myself included
Main PC ~ Intel C2Q Q6600 (G0 Stepping)/Gigabyte GA-EP45-DS3/2GB Crucial Ballistix PC2-8500/Zalman CNPS9700/Antec 900/Corsair HX 620W
Network ~ DD-WRT ~ 2node WDS-WPA2/AES ~ Buffalo WHR-G54S. 3node WPA2/AES ~ WRT54GS v6 (inc. WEP BSSID), WRT54G v2, WRT54G2 v1. *** Forum Rules ***
This message has been edited since posting. Last time this message was edited on 18. December 2007 @ 11:17
|
Moderator
1 product review
|
18. December 2007 @ 17:50 |
Link to this message
|
Quote: TotalVirus uses 36 different Antivirus programs including Mcafee
It's not recommended to run more than one Antivirus anyway as you can get false positives...which may be the case here.
|
I hate titles
35 product reviews
|
19. December 2007 @ 01:25 |
Link to this message
|
All the files hosted on our servers get virus-scanned regularly -- and virtually all of the files are delivered to our servers directly from software author's own download servers. So, it sounds extremely likely that we're talking about "false positives" here. But sure, we'll re-scan the files you mentioned, again and post the results.
As a disclaimer: We do have at least one file on our download servers that I am aware of that most definitely will ring bells with virus scanners -- but even it wont have a virus. The new versions of BSPlayer aren't freeware anymore, but instead, the software is funded by showing ads on its player window, thus it is labeled as "adware" by most virus scanners (then again, our description page for it tells that, plus the software itself tells you that when you install it -- and last, but not least, we also provide the older freeware versions of it for download, which don't contain ad elements :-).
|
varnull
Suspended permanently
|
19. December 2007 @ 11:24 |
Link to this message
|
These ARE all false positives. (except the one already flagged by the master.. all the adware scanners find that, because technically it is)
I ran Prevxl on a dodgy system after my usual virus removal and clean just last night... (total coincidence.. found the site while looking for a free net scan because things still didn't seem quite right.. wrong ram clock settings as it happens)
It reported hundreds and hundreds of hits.. some being the .bat scripts I wrote myself in the course of cleaning.
Now the worrying part.. Because I know how malware works, and have samples of a lot I thought up a little test..
I installed a rather old storm worm variant and 4 instances of trojan.generic.downloader.xxx (ccd,edf,skl, and dot) and ran it online again.. guess what.. NO HITS for them.. (ain't it great having other peoples hardware to mess about with?)
Like a lot of new av applications they seem to find everything slightly suspicious (while missing things that they should find) in an attempt to get customers. I was concerned by the way it flagged files and applications I know to be clean and safe whilst missing nasties. Not a good advert for the program really.
I can say that I often send people here for free software in the safe knowledge that it is all clean.
This message has been edited since posting. Last time this message was edited on 19. December 2007 @ 11:27
|
Advertisement
|
|
|
rogue212
Suspended due to non-functional email address
|
20. December 2007 @ 04:43 |
Link to this message
|
Hi, sorry for not replying earlier, your correct about the false positives, that was my original intention to show that TotalVirus can and is out of date.
I ran the same files through another online scanner called VirSCAN and all were ok except that the Pevx V2 scanner gave this result on all the files: (TROJAN.DOWNLOADER.GEN), so that scanner has obviously got some problems.
As to TotalVirus being out of date here's an example, the now ilegal program DVDDecrypter_3.5.4.0.exe which at the time i didn't now was ilegal got this result from the TotalVirus Kasperky scanner:(Trojan.Win32.Delf.akh), i use Kaspersky Antivirus and have never picked this up and have been told by Kaspersky that it was a false posltive which they corrected earlier this year.
I've been using many of the programs mentioned in the scan with no problems, its just i know many people use TotalVirus and its been mentioned on here a few times and wanted them to know.
I also understand that free programs can contain adware which can be quite harmless, some other free download sites can and do sometimes have infected downloads with more serious viruses.
One of my favourite little programs called Folder Maker gets these results from both mentioned on line scanners: Ikarus (Virus.Win32.Trojan) Prevx V2 (TROJAN.DOWNLOADER.GEN)
I now will ignore the Prevx V2 result for obvious reasons and as for the other it gave me this result for another version of the same program:(suspicious(level 80) so not sure what to think.
Thanx for reading this thread and all of your input, as a newbie its hard to know what can be a genuine threat or harmless, and if ya wondering why i didn't reply earlier its because i thought i posted my original thread in the newbie's section and assumed they erased it, da!
Christmas shopping stress! ya that's it, or maybe i've got a virus?
This message has been edited since posting. Last time this message was edited on 20. December 2007 @ 05:26
|