PortableApps.com wins big in the 2009 Community Choice Awards and hits 100 million app downloads!

Home » Forums » Support Forums » ClamWin Portable

Clamwin detects Trojan in itself?

Submitted by ohaya on September 1, 2009 - 9:44pm

Hi,

I just ran ClamWinPortable, and I get:

Scan Started Tue Sep 01 22:35:07 2009
-------------------------------------------------------------------------------

*** Scanning Programs in Computer Memory ***
*** Memory Scan: using ToolHelp ***

Unloading program S:\PortableApps\PortableApps\ClamWinPortable\ClamWinPortable.exe from memory

*** Scanned 40 processes - 361 modules ***
*** Computer Memory Scan Completed ***

S:\PortableApps\PortableApps\ClamWinPortable\ClamWinPortable.exe: Trojan.Fraudload-2264 FOUND
----------- SCAN SUMMARY -----------
Known viruses: 615953
Engine version: 0.95.2
Scanned directories: 0
Scanned files: 401
Infected files: 1

Data scanned: 175.37 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 47.875 sec (0 m 47 s)
--------------------------------------
Completed
--------------------------------------

I've scanned that ClamWinPortable.exe with Symantec and a couple of other scanners, and they don't detect it, so is this a false positive?

Anyone else seeing this?

Thanks,
Jim

‹ ".\freshclam.exe File does not exist" error False Positive? ›

»
( categories: )

It is a false positive

horusofoz's picture
horusofoz - September 1, 2009 - 9:55pm

And a very useful (albeit quite comical Sticking out tongue) example of how all AV's produce false positives. Thanks for this. Made me laugh out loud Laughing out loud

Live to learn. Learn to live. - JWSII

Hi, So is this a false

ohaya - September 1, 2009 - 9:58pm

Hi,

So is this a false positive? I submitted it to Virus Total, and it showed the same thing. Only ClamWin flagged itself as an infection:

https://www.virustotal.com/analisis/4f7ba4be25788d776f3cc7882e594a5237cf...

Jim

Yes

horusofoz's picture
horusofoz - September 1, 2009 - 10:10pm

As stated in the subject of previous post, Yes it is a false positive.

Live to learn. Learn to live. - JWSII

horusofoz, My apologies. I

ohaya - September 1, 2009 - 11:30pm

horusofoz,

My apologies. I hadn't read the subject on the reply Sad...

Thanks,
Jim

The reason is Antivirus

Mir's picture
Mir (Homepage) - September 2, 2009 - 5:14pm

The reason is Antivirus scanners' database sometimes carries examples of code to look for that get picked up as a virus or trojan. Also if a program works similarly to that of a known trojan even if its not it will be flagged.

For example McAfee one time flagged Stinger.exe as a virus even though Singer.exe is a sub 1MB scanner made by McAfee.

For info on Stinger here is a link. Note its FREEWARE and it is portable by default due to it in the past being able to fit on a boot floppy.

http://vil.nai.com/vil/stinger/

Similarly, PeerGuardian

prapper - September 2, 2009 - 2:47am

Similarly, PeerGuardian blocks itself from updating.

More LOL

Issue Resolved

Tim Clark's picture
Tim Clark - September 2, 2009 - 8:51pm

http://portableapps.com/node/20613#comment-126942
update to def version 9770

Tim

"freenode, it's Not as Free as it used to be, Free as in Freedom" Sad

RSS FeedFirefox 3.5©2005-2009  |  Privacy Policy  |  Developed by Rare Ideas, LLC
Designed by [THIRDSHIFT] and Rare Ideas, LLC  |  Powered by Drupal