Today when I was scanning my USB drive using clamscan command on Ubuntu machine, it reported following
/media/TRAVELDRIVE/ClamWinPortable/ClamWinPortable.exe: Trojan.Agent-65355 FOUND
----------- SCAN SUMMARY -----------
Known viruses: 478662
Engine version: 0.94.1rc1
Scanned directories: 18
Scanned files: 91
Infected files: 1
Data scanned: 51.69 MB
Time: 10.702 sec (0 m 10 s)
Is this false positive?
Harish
Visit the Community page
Join our forums
Subscribe to our email newsletter
Subscribe with RSS
Follow us on Facebook
Follow us on LinkedIn
Follow us on Twitter
Follow us on Mastodon
Follow us on BlueSky
ClaimWin also labeled a Portable Apps installer as a virus for me. It is an original file that couldn't possibly be infected.
***
C:\Documents and Settings\*USER*\My Documents\Downloads\PortableApps.com_Suite_Light_Setup_1.1.exe: Trojan.Agent-65355 FOUND
***
After it alerted me that the installer was a virus, I extracted the contents into a folder on my desktop and did a scan on that just to see what happened and here is what I got:
***
Scan Started Tue Dec 23 03:23:52 2008
-------------------------------------------------------------------------------
C:\Documents and Settings\*USER*\Desktop\TEST\PortableApps\AbiWordPortable\AbiWordPortable.exe: Trojan.Agent-65355 FOUND
C:\Documents and Settings\*USER*\Desktop\TEST\PortableApps\AbiWordPortable\App\AbiSuite2\AbiWord\plugins\UninstallAbiWordIEPlugins.exe: Trojan.Agent-65355 FOUND
C:\Documents and Settings\*USER*\Desktop\TEST\PortableApps\ClamWinPortable\ClamWinPortable.exe: Trojan.Agent-65355 FOUND
C:\Documents and Settings\*USER*\Desktop\TEST\PortableApps\CoolPlayer+Portable\CoolPlayer+Portable.exe: Trojan.Agent-65355 FOUND
C:\Documents and Settings\*USER*\Desktop\TEST\PortableApps\FirefoxPortable\FirefoxPortable.exe: Trojan.Agent-65355 FOUND
C:\Documents and Settings\*USER*\Desktop\TEST\PortableApps\KeePassPortable\KeePassPortable.exe: Trojan.Agent-65355 FOUND
C:\Documents and Settings\*USER*\Desktop\TEST\PortableApps\Mines-PerfectPortable\Mines-PerfectPortable.exe: Trojan.Agent-65355 FOUND
C:\Documents and Settings\*USER*\Desktop\TEST\PortableApps\PidginPortable\PidginPortable.exe: Trojan.Agent-65355 FOUND
C:\Documents and Settings\*USER*\Desktop\TEST\PortableApps\SudokuPortable\SudokuPortable.exe: Trojan.Agent-65355 FOUND
C:\Documents and Settings\*USER*\Desktop\TEST\PortableApps\SunbirdPortable\SunbirdPortable.exe: Trojan.Agent-65355 FOUND
C:\Documents and Settings\*USER*\Desktop\TEST\PortableApps\ThunderbirdPortable\ThunderbirdPortable.exe: Trojan.Agent-65355 FOUND
C:\Documents and Settings\*USER*\Desktop\TEST\StartPortableApps.exe: Trojan.Agent-65355 FOUND
----------- SCAN SUMMARY -----------
Known viruses: 478292
Engine version: 0.94.1
Scanned directories: 328
Scanned files: 1967
Infected files: 12
Data scanned: 159.84 MB
Time: 88.657 sec (1 m 28 s)
--------------------------------------
Completed
--------------------------------------
***
Quite strange, but somebody may want to get in touch with the ClamWin guys, if I were just an end user that didn't know any better that might scare me away from Portable Apps for good.
*EDIT*
I used the full installable version of ClamWin not the portable one to do this scan, although I do not think it would make a difference.
It seems to be a false positive. I uploaded clamwinportable.exe to virustotal.com and only clamav reports it as being infected.
See the permalink http://www.virustotal.com/analisis/f2bbe0a077ae14543a6e9947d15edf03 for details...
Andy
just redownloaded clamav with latest update - both the portable and the main version find all the portable apps exe files as TROJAN.Agent.65355 , but no other antivirus does.
most annoying since it disinfected all my portable apps!!!!
I submitted this to the ClamAV team and it has been fixed in the daily definitions update.
Sometimes, the impossible can become possible, if you're awesome!
I just installed ClamWin on a USB and scanned its folder with Bitdefender.
No viruses found. Will retry after ClamWin updates.