You are here

Home » Forums » General Forums » General Discussion

The new Tor bundle and Trojans? Is it a false positive?

4 posts / 0 new
Log in or register to post comments
Last post
November 8, 2011 - 12:16pm
#1
basilah
Offline
Last seen: 12 years 5 months ago
Joined: 2010-11-16 10:24
The new Tor bundle and Trojans? Is it a false positive?

I downloaded the new version of portable apps and started using it. Than I used the clamwin on my thumbdrive, but it gave me:

DC31E72D005E\RP129\A0098243.exe: Trojan.Fakesec-310 FOUND
Z:\System Volume Information\_restore3046DEF3-D4CB-446D-B516-DC31E72D005E\RP129\A0098244.EXE: Trojan.Fakesec-310 FOUND
Z:\System Volume Information\_restore3046DEF3-D4CB-446D-B516-DC31E72D005E\RP129\A0098245.EXE: Trojan.Fakesec-310 FOUND
Z:\System Volume Information\_restore3046DEF3-D4CB-446D-B516-DC31E72D005E\RP129\A0098249.dll: Trojan.Fakesec-310 FOUND
----------- SCAN SUMMARY -----------

I deleted the new version and switched back to the old but clamwin still gave me:

DC31E72D005E\RP129\A0098243.exe: Trojan.Fakesec-310 FOUND
Z:\System Volume Information\_restore3046DEF3-D4CB-446D-B516-DC31E72D005E\RP129\A0098244.EXE: Trojan.Fakesec-310 FOUND
Z:\System Volume Information\_restore3046DEF3-D4CB-446D-B516-DC31E72D005E\RP129\A0098245.EXE: Trojan.Fakesec-310 FOUND
Z:\System Volume Information\_restore3046DEF3-D4CB-446D-B516-DC31E72D005E\RP129\A0098249.dll: Trojan.Fakesec-310 FOUND
----------- SCAN SUMMARY -----------

Is this a false positive? If not, how do I delete it? Because the files shown on the report as infected do not exist on my thumbdrive at all.

Thanks.

Top
November 8, 2011 - 2:14pm
John T. Haller
John T. Haller's picture
Offline
Last seen: 3 hours 14 min ago
AdminDeveloperModeratorTranslator
Joined: 2005-11-28 22:21
Unsupported Tor

I'm not sure as the Tor bundle is an unofficial, unsupported package. It is not supported or signed off on by PortableApps.com or Mozilla, although Tor uses modified software from both of us under open source licenses. You could try submitting it to VirusTotal.com to check if it is a false positive. Or ask the publisher, Tor, or the ClamAV folks that publish the antivirus definitions.

Sometimes, the impossible can become possible, if you're awesome!

Top
November 9, 2011 - 3:23am
basilah
Offline
Last seen: 12 years 5 months ago
Joined: 2010-11-16 10:24
I will check. Would you keep

I can't check it at virustotal because the files that are reported do not exist on my USB stick at all, they only exist in the report given by clamwin.

Would you keep using the old version or switch to the new?
What are the pros and cons?
Thanks.

Top
November 9, 2011 - 5:56am
(Reply to #3)
ottosykora
Offline
Last seen: 2 weeks 4 days ago
Joined: 2007-10-11 17:48
tor from tor org

the tor browser is from thr torproject.org, therefore they are the right people to deal directly with it.

However if your clamwin said that it has some suspicious files in the system volume information, then you have to look for them in the folder called system volume information.
Why you have such folder on your usb stick I dont know, in general such folder is not present on sticks, but there are situations when it is needed.
Is you stick ntfs formated?

Anyway, this folder might be 'hidden' so make your windows to show all folders and then you can just try to pick those files and pass them to virustotal.

Are you sure those files are from tor browser?

If you have the tor browser from torproject.org, you can be pretty sure there is not any kind of malware in it.
If it comes from other download sites, well who knows.

Otto Sykora
Basel, Switzerland

Top
Log in or register to post comments