Get the new PortableApps.com Platform 10.0: Gorgeous themes, a full portable app store and advanced functionality
Announcing the World's Best Flash Drive: The PortableApps.com Companion | Did you see a malware warning on Friday?

Home » Forums » Support Forums » ClamWin Portable

Clamwin detects Trojan in itself?

ohaya - September 1, 2009 - 9:44pm

Hi,

I just ran ClamWinPortable, and I get:

Scan Started Tue Sep 01 22:35:07 2009
-------------------------------------------------------------------------------

*** Scanning Programs in Computer Memory ***
*** Memory Scan: using ToolHelp ***

Unloading program S:\PortableApps\PortableApps\ClamWinPortable\ClamWinPortable.exe from memory

*** Scanned 40 processes - 361 modules ***
*** Computer Memory Scan Completed ***

S:\PortableApps\PortableApps\ClamWinPortable\ClamWinPortable.exe: Trojan.Fraudload-2264 FOUND
----------- SCAN SUMMARY -----------
Known viruses: 615953
Engine version: 0.95.2
Scanned directories: 0
Scanned files: 401
Infected files: 1

Data scanned: 175.37 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 47.875 sec (0 m 47 s)
--------------------------------------
Completed
--------------------------------------

I've scanned that ClamWinPortable.exe with Symantec and a couple of other scanners, and they don't detect it, so is this a false positive?

Anyone else seeing this?

Thanks,
Jim

‹ ".\freshclam.exe File does not exist" error False Positive? ›

»
  • Login or register to post comments
  • Share this
( categories: )

It is a false positive

horusofoz's picture
horusofoz (Homepage) - September 1, 2009 - 9:55pm

And a very useful (albeit quite comical Sticking out tongue) example of how all AV's produce false positives. Thanks for this. Made me laugh out loud Laughing out loud

PortableApps.com Advocate

Hi, So is this a false

ohaya - September 1, 2009 - 9:58pm

Hi,

So is this a false positive? I submitted it to Virus Total, and it showed the same thing. Only ClamWin flagged itself as an infection:

https://www.virustotal.com/analisis/4f7ba4be25788d776f3cc7882e594a5237cf...

Jim

Yes

horusofoz's picture
horusofoz (Homepage) - September 1, 2009 - 10:10pm

As stated in the subject of previous post, Yes it is a false positive.

PortableApps.com Advocate

horusofoz, My apologies. I

ohaya - September 1, 2009 - 11:30pm

horusofoz,

My apologies. I hadn't read the subject on the reply Sad...

Thanks,
Jim

The reason is Antivirus

Mir's picture
Mir (Homepage) - September 2, 2009 - 5:14pm

The reason is Antivirus scanners' database sometimes carries examples of code to look for that get picked up as a virus or trojan. Also if a program works similarly to that of a known trojan even if its not it will be flagged.

For example McAfee one time flagged Stinger.exe as a virus even though Singer.exe is a sub 1MB scanner made by McAfee.

For info on Stinger here is a link. Note its FREEWARE and it is portable by default due to it in the past being able to fit on a boot floppy.

http://vil.nai.com/vil/stinger/

Similarly, PeerGuardian

prapper
Developer
- September 2, 2009 - 2:47am

Similarly, PeerGuardian blocks itself from updating.

More LOL

Issue Resolved

Tim Clark's picture
Tim Clark
Moderator
- September 2, 2009 - 8:51pm

http://portableapps.com/node/20613#comment-126942
update to def version 9770

Tim

Things have got to get better, they can't get worse, or can they?

©2004-2012  |  Privacy Policy  |  Developed by Rare Ideas, LLC
Designed by [THIRDSHIFT] and Rare Ideas, LLC  |  Powered by Drupal
World's Best Flash Drive