You are here

Home » Forums » General Forums » General Discussion

Warning Trojan Detected

4 posts / 0 new
Log in or register to post comments
Last post
January 24, 2009 - 1:01am
#1
Issandre
Offline
Last seen: 15 years 11 months ago
Joined: 2009-01-24 00:52
Warning Trojan Detected

Sorry for shouting so loud Blum

here's a page that give some link that contain a trojan:
https://portableapps.com/node/8835

detected with avast and the pictures in the archive clearly show how silly this one is Biggrin

if admin can delete this page Biggrin

Top
January 24, 2009 - 1:08am
Ryan McCue
Ryan McCue's picture
Offline
Last seen: 15 years 3 months ago
Joined: 2006-01-06 21:27
False positive.

This is what we call a false positive, where a file is incorrectly identified as containing a virus.

The files are safe, but your AV software needs updating Smile

For the record, 5/20 virus scanners on http://virusscan.jotti.org/ and 12/39 scanners on http://www.virustotal.com/ detected it as a virus of some sort, which indicates that it is not infected. Results here: http://pastie.org/369442

"If you're not part of the solution, you're part of the precipitate."

Top
January 24, 2009 - 2:20pm
(Reply to #2)
Ed_P
Offline
Last seen: 6 years 2 months ago
Joined: 2007-02-19 09:09
Playing the odds??

So how many scanners have to indicate that a file contains a virus before one is suppose to believe their AV? 10/20? 12/20? 20/39? I'm pretty sure that the numbers will never be 20/20 and 39/39 even if a file is infected with an actual virus.

Ed

Top
January 24, 2009 - 4:36pm
(Reply to #3)
Tim Clark
Tim Clark's picture
Offline
Last seen: 13 years 9 months ago
Joined: 2006-06-18 13:55
Any alert should be viewed

Any alert should be viewed with concern and caution.
Once a detection is found it is time you use your brain and think the situation out.

First question is where did I get the file and do I trust the source?
No real malware has ever been found in an Official PortableApps release!

As the download linked to is not an Official PortableApps release it does not have that assurance.

Next check with other checkers as Ryan did, and evaluate the results.
To me the numbers reporting back are too high to inspire confidence.

Next step would be to submit a sample to some of the vendors directly, telling them you suspect a false positive and wait for the results. If having been told that a FP is suspected, they investigate and still call it malware I would be concerned, if after investigation they change there defs so that it is no longer detected that is a good sign as no vendor is going to change their detections just because someone said , "I think you're wrong".

[For more experienced users other questions could apply, do I know this guys work, does he have a history, do I know what methods he uses in making this kind of app which could trigger a false positive, what history do the antimalware vendors that detected the malware have with with this kind of situation, etc ...]

Of course the more common average users are not expected to think in terms of the above paragraph.

Tim

Things have got to get better, they can't get worse, or can they?

Top
Log in or register to post comments