New: fb2kPortable / foobar2000 (Apr 18, 2024), Platform 29.4 (Apr 10, 2024)
1,000+ portable packages, 1.1 billion downloads
Please donate today

You are here

ClamWin: Trojan.swizzor-82 false positive?

5 posts / 0 new

Log in or register to post comments

Last post

September 4, 2008 - 2:45pm

#1

felipeca

Offline

Last seen: 15 years 7 months ago

Joined: 2008-09-04 14:31

ClamWin: Trojan.swizzor-82 false positive?

hello
I have bitdefender in my computer and I didn't have any problem, I downloaded portableapps with Clamwin I made an scanner which indicate that my computer is completely infected with Trojan.swizzor-82. furthermore my usb device is also infected, particularly firefox portable and audacity.
bitdefender from my computer and online don't detect any virus and neither secuser.com.
I couldn't find any information about the virus and I really don't know what to do, because clamwin does not propose cleaning and the others antivirus I have tried do not detect anything.
I am posting several partial clamwin's reports (I had to stop it because I had to leave, now I am doing another one). please help me!!!.

thanks

Scan Started Thu Sep 04 14:29:11 2008
-------------------------------------------------------------------------------

C:\i386\MSNMSGS.MS_: Trojan.Swizzor-82 FOUND
C:\i386\MSNSUSII.EX_: Trojan.Swizzor-82 FOUND
C:\dotnetfx\DELTEMP.EXE: Trojan.Swizzor-82 FOUND
C:\dotnetfx\DOTNETFX.EXE: Trojan.Swizzor-82 FOUND
C:\dotnetfx\NDPSP.EXE: Trojan.Swizzor-82 FOUND
C:\dotnetfx\REBOOTST.EXE: Trojan.Swizzor-82 FOUND
C:\dotnetfx\SETUP.EXE: Trojan.Swizzor-82 FOUND
C:\WINDOWS\system32\URTTemp\regtlib.exe: Trojan.Swizzor-82 FOUND
C:\WINDOWS\system32\java.exe: Trojan.Swizzor-82 FOUND
C:\WINDOWS\system32\javaw.exe: Trojan.Swizzor-82 FOUND
C:\WINDOWS\system32\javaws.exe: Trojan.Swizzor-82 FOUND
C:\WINDOWS\system32\Uninstall_eRecovery.exe: Trojan.Swizzor-82 FOUND
C:\WINDOWS\system32\LegitCheckControl.dll: Trojan.Swizzor-82 FOUND
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe: Trojan.Swizzor-82 FOUND
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp: Trojan.Swizzor-82 FOUND
C:\WINDOWS\Installer\5dc5.msi: Trojan.Swizzor-82 FOUND
C:\WINDOWS\Installer\12b32.msp: Trojan.Swizzor-82 FOUND
C:\WINDOWS\Installer\11e02.msi: Trojan.Swizzor-82 FOUND
C:\WINDOWS\Installer\c1624.msp: Trojan.Swizzor-82 FOUND
C:\WINDOWS\Installer\bef2c.msi: Trojan.Swizzor-82 FOUND
C:\WINDOWS\Installer\bef36.msi: Trojan.Swizzor-82 FOUND
C:\WINDOWS\Installer\2390c.msi: Trojan.Swizzor-82 FOUND
C:\WINDOWS\Installer\734cb1.msp: Trojan.Swizzor-82 FOUND
C:\WINDOWS\SoftwareDistribution\Download\a49d784415582d2f98c84ceb0a75d898\legitcheckcontrol.dll: Trojan.Swizzor-82 FOUND
C:\WINDOWS\SoftwareDistribution\Download\a49d784415582d2f98c84ceb0a75d898\update\wgacustom.dll: Trojan.Swizzor-82 FOUND
C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\msnsusii.exe: Trojan.Swizzor-82 FOUND
C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\msnmsgs.msi: Trojan.Swizzor-82 FOUND
C:\WINDOWS\SoftwareDistribution\Download\20112ef50011e0de2c0e3378139245d81a178b15: Trojan.Swizzor-82 FOUND
C:\WINDOWS\SoftwareDistribution\Download\eb062e191dd7129f8602ea73026b2abb4413af77: Trojan.Swizzor-82 FOUND
C:\WINDOWS\SoftwareDistribution\Download\1ec17e8198a0b00898db8d80e6303862b528b73f: Trojan.Swizzor-82 FOUND
C:\WINDOWS\SoftwareDistribution\Download\c4a85955ed2dd5f6b2527c6a481d463f6dec425e: Trojan.Swizzor-82 FOUND
C:\WINDOWS\SoftwareDistribution\Download\06eeabfa823f119802e6be39c92eb753\VSDEBUGff.cab: Trojan.Swizzor-82 FOUND
C:\WINDOWS\Temp\GVista.exe: Trojan.Swizzor-82 FOUND
C:\WINDOWS\Temp\Uninstall_eRecovery.exe: Trojan.Swizzor-82 FOUND
C:\WINDOWS\Temp\GridVistaU.ex_: Trojan.Swizzor-82 FOUND
C:\WINDOWS\RtlExUpd.dll: Trojan.Swizzor-82 FOUND
C:\WINDOWS\RtlUpd.exe: Trojan.Swizzor-82 FOUND
C:\WINDOWS\Alaunch.exe: Trojan.Swizzor-82 FOUND
C:\WINDOWS\AExec.exe: Trojan.Swizzor-82 FOUND
C:\WINDOWS\ServicePackFiles\i386\msnmsgs.msi: Trojan.Swizzor-82 FOUND
C:\WINDOWS\ServicePackFiles\i386\msnsusii.exe: Trojan.Swizzor-82 FOUND
C:\Documents and Settings\Felipe Ca\Local Settings\Temporary Internet Files\Content.IE5\AG43T8K6\LiveUpdate[1].exe: Trojan.Swizzor-82 FOUND
C:\Documents and Settings\Felipe Ca\Local Settings\Application Data\Mozilla\Firefox\Profiles\u3uxlkcx.default\Cache\ECD664A2d01: Trojan.Swizzor-82 FOUND
C:\Documents and Settings\Felipe Ca\Bureau\SkypeSetup.exe: Trojan.Swizzor-82 FOUND
C:\Documents and Settings\Felipe Ca\Bureau\jxpiinstall.exe: Trojan.Swizzor-82 FOUND
C:\Documents and Settings\Felipe Ca\Bureau\jre-6u10-rc-bin-b28-windows-i586-p-21_jul_2008.exe: Trojan.Swizzor-82 FOUND
C:\Documents and Settings\Felipe Ca\Bureau\Firefox_Portable_3.0.1_en-us.paf.exe: Trojan.Swizzor-82 FOUND
C:\Documents and Settings\Felipe Ca\Application Data\Sun\Java\jre1.6.0_10\Data1.cab: Trojan.Swizzor-82 FOUND
C:\Documents and Settings\Felipe Ca\Application Data\Sun\Java\jre1.6.0_10\jre1.6.0_10.msi: Trojan.Swizzor-82 FOUND
C:\Program Files\Fichiers communs\Microsoft Shared\Shoebox\piolch.exe: Trojan.Swizzor-82 FOUND
C:\Program Files\Fichiers communs\BitDefender\Setup Information\{C7D66C23-7564-4072-AF39-9374AF3D5F48}\bdis.msi: Trojan.Swizzor-82 FOUND
C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe: Trojan.Swizzor-82 FOUND
C:\Program Files\Fichiers communs\BitDefender\BitDefender Firewall\driverctrl.exe: Trojan.Swizzor-82 FOUND
C:\Program Files\Fichiers communs\BitDefender\BitDefender Firewall\setloadorder.exe: Trojan.Swizzor-82 FOUND
C:\Program Files\Fichiers communs\WindowsLiveInstaller\MsiSources\Install_{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}.msi: Trojan.Swizzor-82 FOUND
C:\Program Files\Fichiers communs\WindowsLiveInstaller\MsiSources\Install_{BADF6744-3787-48F6-B8C9-4C4995401D65}.msi: Trojan.Swizzor-82 FOUND
C:\Program Files\MSN\MSNCoreFiles\Install\MSN9Components\msnmsgs.msi: Trojan.Swizzor-82 FOUND
C:\Program Files\MSN\MSNCoreFiles\Install\msnsusii.exe: Trojan.Swizzor-82 FOUND
C:\Program Files\Realtek\InstallShield\RtlUpd.exe: Trojan.Swizzor-82 FOUND
C:\Program Files\Acer Inc\Acer GridVista\GridVistaU.exe: Trojan.Swizzor-82 FOUND
C:\Program Files\Adobe\Acrobat 7.0\Setup Files\RdrBig710\ENU\setup.exe: Trojan.Swizzor-82 FOUND
C:\Program Files\BitDefender\BitDefender 2008\BDHistory.bdx: Trojan.Swizzor-82 FOUND
C:\Program Files\BitDefender\BitDefender 2008\BDHistory.exe: Trojan.Swizzor-82 FOUND
C:\Program Files\Mozilla Firefox\updater.exe: Trojan.Swizzor-82 FOUND
C:\Program Files\Windows Live\Messenger\Device Manager\custom.dll: Trojan.Swizzor-82 FOUND
C:\Program Files\Windows Live\Messenger\pcsexeps.dll: Trojan.Swizzor-82 FOUND
C:\Program Files\Windows Live\Messenger\softphoneps.dll: Trojan.Swizzor-82 FOUND

Scanning aborted...

----------- SCAN SUMMARY -----------
Known viruses: 410629
Engine version: 0.93.1
Scanned directories: 3137
Scanned files: 46089
Infected files: 67
Data scanned: 11415.80 MB

Scan Started Thu Sep 04 17:05:15 2008
-------------------------------------------------------------------------------

F:\PortableApps\FirefoxPortable\App\firefox\updater.exe: Trojan.Swizzor-82 FOUND
F:\Firefox_Portable_3.0.1_en-us.paf.exe: Trojan.Swizzor-82 FOUND
F:\Audacity_Portable_1.2.6_Rev_3.paf.exe: Trojan.Swizzor-82 FOUND

----------- SCAN SUMMARY -----------
Known viruses: 410629
Engine version: 0.93.1
Scanned directories: 172
Scanned files: 1514
Infected files: 3
Data scanned: 1004.05 MB
Time: 1557.391 sec (25 m 57 s)

Scan Started Thu Sep 04 17:34:57 2008
-------------------------------------------------------------------------------

Scanning aborted...

----------- SCAN SUMMARY -----------
Known viruses: 142283
Engine version: 0.93.1
Scanned directories: 0
Scanned files: 0
Infected files: 0
Data scanned: 0.00 MB

Scan Started Thu Sep 04 17:35:15 2008
-------------------------------------------------------------------------------

*** Scanning Programs in Computer Memory ***
*** Memory Scan: using ToolHelp ***

Scanning aborted...

----------- SCAN SUMMARY -----------
Known viruses: 410629
Engine version: 0.93.1
Scanned directories: 0
Scanned files: 12
Infected files: 0
Data scanned: 4.54 MB

Scan Started Thu Sep 04 17:36:35 2008
-------------------------------------------------------------------------------

Scanning aborted...

----------- SCAN SUMMARY -----------
Known viruses: 410629
Engine version: 0.93.1
Scanned directories: 68
Scanned files: 794
Infected files: 0
Data scanned: 124.65 MB

Scan Started Thu Sep 04 17:38:32 2008
-------------------------------------------------------------------------------

F:\PortableApps\FirefoxPortable\App\firefox\updater.exe: Trojan.Swizzor-82 FOUND
F:\PortableApps\FirefoxPortable\App\firefox\updater.exe: moved/scheduled to 'F:\PortableApps\ClamWinPortable\Data\quarantine\infected.updater.exe'
F:\PortableApps\ClamWinPortable\Data\quarantine\infected.updater.exe: Trojan.Swizzor-82 FOUND
F:\PortableApps\ClamWinPortable\Data\quarantine\infected.updater.exe not moved/copied since already in quarantine
F:\Firefox_Portable_3.0.1_en-us.paf.exe: Trojan.Swizzor-82 FOUND
F:\Firefox_Portable_3.0.1_en-us.paf.exe: moved/scheduled to 'F:\PortableApps\ClamWinPortable\Data\quarantine\infected.Firefox_Portable_3.0.1_en-us.paf.exe'
F:\Audacity_Portable_1.2.6_Rev_3.paf.exe: Trojan.Swizzor-82 FOUND
F:\Audacity_Portable_1.2.6_Rev_3.paf.exe: moved/scheduled to 'F:\PortableApps\ClamWinPortable\Data\quarantine\infected.Audacity_Portable_1.2.6_Rev_3.paf.exe'

----------- SCAN SUMMARY -----------
Known viruses: 410629
Engine version: 0.93.1
Scanned directories: 172
Scanned files: 1516
Infected files: 4
Not copied: 1
Data scanned: 1004.18 MB
Time: 771.875 sec (12 m 51 s)

Scan Started Thu Sep 04 18:04:27 2008
-------------------------------------------------------------------------------

C:\i386\MSNMSGS.MS_: Trojan.Swizzor-82 FOUND
C:\i386\MSNSUSII.EX_: Trojan.Swizzor-82 FOUND
C:\dotnetfx\DELTEMP.EXE: Trojan.Swizzor-82 FOUND
C:\dotnetfx\DOTNETFX.EXE: Trojan.Swizzor-82 FOUND
C:\dotnetfx\NDPSP.EXE: Trojan.Swizzor-82 FOUND
C:\dotnetfx\REBOOTST.EXE: Trojan.Swizzor-82 FOUND
C:\dotnetfx\SETUP.EXE: Trojan.Swizzor-82 FOUND
C:\WINDOWS\system32\URTTemp\regtlib.exe: Trojan.Swizzor-82 FOUND
C:\WINDOWS\system32\java.exe: Trojan.Swizzor-82 FOUND
C:\WINDOWS\system32\javaw.exe: Trojan.Swizzor-82 FOUND
C:\WINDOWS\system32\javaws.exe: Trojan.Swizzor-82 FOUND
C:\WINDOWS\system32\Uninstall_eRecovery.exe: Trojan.Swizzor-82 FOUND
C:\WINDOWS\system32\LegitCheckControl.dll: Trojan.Swizzor-82 FOUND
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe: Trojan.Swizzor-82 FOUND
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp: Trojan.Swizzor-82 FOUND
C:\WINDOWS\Installer\5dc5.msi: Trojan.Swizzor-82 FOUND
C:\WINDOWS\Installer\12b32.msp: Trojan.Swizzor-82 FOUND
C:\WINDOWS\Installer\11e02.msi: Trojan.Swizzor-82 FOUND
C:\WINDOWS\Installer\c1624.msp: Trojan.Swizzor-82 FOUND
C:\WINDOWS\Installer\bef2c.msi: Trojan.Swizzor-82 FOUND
C:\WINDOWS\Installer\bef36.msi: Trojan.Swizzor-82 FOUND
C:\WINDOWS\Installer\2390c.msi: Trojan.Swizzor-82 FOUND
C:\WINDOWS\Installer\734cb1.msp: Trojan.Swizzor-82 FOUND
C:\WINDOWS\SoftwareDistribution\Download\a49d784415582d2f98c84ceb0a75d898\legitcheckcontrol.dll: Trojan.Swizzor-82 FOUND
C:\WINDOWS\SoftwareDistribution\Download\a49d784415582d2f98c84ceb0a75d898\update\wgacustom.dll: Trojan.Swizzor-82 FOUND

Scanning aborted...

----------- SCAN SUMMARY -----------
Known viruses: 410629
Engine version: 0.93.1
Scanned directories: 775
Scanned files: 16333
Infected files: 25
Data scanned: 4059.91 MB

Felipe

September 4, 2008 - 3:35pm

#2

Tim Clark

Tim Clark's picture

Offline

Last seen: 13 years 1 week ago

Joined: 2006-06-18 13:55

I used a file that we are

I used a file that we are likely to have in common:
C:\WINDOWS\system32\LegitCheckControl.dll: Trojan.Swizzor-82 FOUND

Dats/defs Main 47, daily 8162

report clean, as did 8160
at 2:30 CDT [US]

So if it's a false positive I don't know whats going on.

Tim

Things have got to get better, they can't get worse, or can they?

September 4, 2008 - 5:37pm

#3

Mir

Mir's picture

Offline

Last seen: 11 years 9 months ago

Joined: 2007-12-03 16:07

Try looking it

Try looking it up.
http://vil.nai.com/vil/content/v_136491.htm
http://www.f-secure.com/v-descs/swizzor.shtml

September 4, 2008 - 7:07pm

(Reply to #3) #4

felipeca

Offline

Last seen: 15 years 7 months ago

Joined: 2008-09-04 14:31

was a false positive

I look in clamwin's website, it recommended to scan the files in http://www.virustotal.com. after 35 different antivirus the files detected as infected by clamwin appeared to be clean

thanks

September 5, 2008 - 12:48am

#5

vv_gm

Offline

Last seen: 14 years 11 months ago

Joined: 2007-08-08 11:09

ClamAV Update 8161 Removes Trojan.Swizzor-82

I had the same experience. I found this link while investigating the results:

http://www.gossamer-threads.com/lists/clamav/virusdb/40578

It looks like as of today the signature for Trojan.Swizzor-82 has been removed with ClamAV update 8161.

A second scan after updating to today's latest database for ClamWin resulted in no viruses found, and since I do not allow ClamWin to delete files upon detecting a virus it was definitely a false positive.

Log in or register to post comments