You are here

Home » Forums » Support Forums » Security Apps Support

Clamwin detects Trojan in itself?

8 posts / 0 new
Log in or register to post comments
Last post
September 1, 2009 - 10:44pm
#1
ohaya
Offline
Last seen: 14 years 7 months ago
Joined: 2009-09-01 22:39
Clamwin detects Trojan in itself?

Hi,

I just ran ClamWinPortable, and I get:

Scan Started Tue Sep 01 22:35:07 2009
-------------------------------------------------------------------------------

*** Scanning Programs in Computer Memory ***
*** Memory Scan: using ToolHelp ***

Unloading program S:\PortableApps\PortableApps\ClamWinPortable\ClamWinPortable.exe from memory

*** Scanned 40 processes - 361 modules ***
*** Computer Memory Scan Completed ***

S:\PortableApps\PortableApps\ClamWinPortable\ClamWinPortable.exe: Trojan.Fraudload-2264 FOUND
----------- SCAN SUMMARY -----------
Known viruses: 615953
Engine version: 0.95.2
Scanned directories: 0
Scanned files: 401
Infected files: 1

Data scanned: 175.37 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 47.875 sec (0 m 47 s)
--------------------------------------
Completed
--------------------------------------

I've scanned that ClamWinPortable.exe with Symantec and a couple of other scanners, and they don't detect it, so is this a false positive?

Anyone else seeing this?

Thanks,
Jim

Top
September 1, 2009 - 10:55pm
horusofoz
horusofoz's picture
Offline
Last seen: 7 months 2 weeks ago
Joined: 2008-04-03 22:45
It is a false positive

And a very useful (albeit quite comical :p) example of how all AV's produce false positives. Thanks for this. Made me laugh out loud Biggrin

PortableApps.com Advocate

Top
September 1, 2009 - 10:58pm
(Reply to #2)
ohaya
Offline
Last seen: 14 years 7 months ago
Joined: 2009-09-01 22:39
Hi, So is this a false

Hi,

So is this a false positive? I submitted it to Virus Total, and it showed the same thing. Only ClamWin flagged itself as an infection:

https://www.virustotal.com/analisis/4f7ba4be25788d776f3cc7882e594a5237cf...

Jim

Top
September 1, 2009 - 11:10pm
(Reply to #3)
horusofoz
horusofoz's picture
Offline
Last seen: 7 months 2 weeks ago
Joined: 2008-04-03 22:45
Yes

As stated in the subject of previous post, Yes it is a false positive.

PortableApps.com Advocate

Top
September 2, 2009 - 12:30am
(Reply to #4)
ohaya
Offline
Last seen: 14 years 7 months ago
Joined: 2009-09-01 22:39
horusofoz, My apologies. I

horusofoz,

My apologies. I hadn't read the subject on the reply :(...

Thanks,
Jim

Top
September 2, 2009 - 6:14pm
(Reply to #5)
Mir
Mir's picture
Offline
Last seen: 11 years 9 months ago
Joined: 2007-12-03 16:07
The reason is Antivirus

The reason is Antivirus scanners' database sometimes carries examples of code to look for that get picked up as a virus or trojan. Also if a program works similarly to that of a known trojan even if its not it will be flagged.

For example McAfee one time flagged Stinger.exe as a virus even though Singer.exe is a sub 1MB scanner made by McAfee.

For info on Stinger here is a link. Note its FREEWARE and it is portable by default due to it in the past being able to fit on a boot floppy.

http://vil.nai.com/vil/stinger/

Top
September 2, 2009 - 3:47am
(Reply to #6)
prapper
Offline
Last seen: 3 years 2 months ago
Developer
Joined: 2008-01-24 17:01
Similarly, PeerGuardian

Similarly, PeerGuardian blocks itself from updating.

More LOL

Top
September 2, 2009 - 9:51pm
Tim Clark
Tim Clark's picture
Offline
Last seen: 13 years 2 weeks ago
Joined: 2006-06-18 13:55
Issue Resolved

https://portableapps.com/node/20613#comment-126942
update to def version 9770

Tim

Things have got to get better, they can't get worse, or can they?

Top
Log in or register to post comments