Jump to content

AV scanner weirdness


Pain_Man

Recommended Posts

Several times now, the virus scan component of ZoneAlarm (Kaspersky, they changed from CA's Pest Patrol), has found malware in files that I downloaded, in some cases, months or years ago.

 

The latest example is not-a-virus:PSWTool.Win32.GetPass.h. Which showed up yesterday evening.

 

The weird thing is, according to Kaspersky's this ".h" variant was first "discovered" more than a month ago! The infected files were downloaded in November of 2006. So despite the fact this trojan horse has been in Kaspersky's virus signatures and despite the fact the infected files have been scanned daily by ZoneAlarm's AV module for more than a thirty days, they were only flagged yesterday?!

 

How could the Anti-Virus industry have missed a Trojan horse/keylogger for at least 16 months?!

 

What gives with this?

 

Lastly, I've used these executables--on three different computers--without any infection/activation of the malware.

 

Could this be some kind of false positive?

Link to comment
Share on other sites

not-a-virus:PSWTool.Win32.GetPass.h.

 

Could this be some kind of false positive?

 

Nope, don't think so PM. Check/scan/delete your keygen software.

 

I have CA software in my first line of protection, but I'm not a fan of it as much as Kaspersky, which I use on a semi-monthly basis unless I've been 'slimed' by some piece if crap software. As to why it only just shows up now...maybe a time bomb went off or something else activated it...hard telling. The good thing is that it matters not that it was there, what matters is the fact that it couldn't report back to the script kiddy that wrote it... :thumbup:

Link to comment
Share on other sites

Programs which are classified as Riskware can be:

 

* IRC chat clients

* SMTP clients

* Commercial downloaders

* Commercial monitoring tools

* Proxy servers

* Password recovery tools

* Commercial remote control tools

* FTP servers

* Telnet servers

* Webservers

* Other tools which are built to kill processes, hide windows or read system internals automatically.

 

guilt by association

Link to comment
Share on other sites

Hey, man, who said anything about keygens?!?! ;)

 

I scan every morning at 3am, both for virii & spyware (tho' the boundary seem awful fuzzy to me). I also regularly scan with Spybot SD, Adware and have javacool's spywareblaster installed. I'm as security conscious as I think is reasonable. Perhaps some might think I'm paranoid--but (knock on wood) I've never had a malware problem of any kind.

 

That's why I find it so curious that files which have never caused me any problems should suddenly show up with malware. And, what's even odder, is sometimes copies of an infected file aren't infected, which I don't understand. I admit the paucity of my malware knowledge ("Kill that fucker!" is pretty much it.)

 

I always delete them. ZA has a quarantine function; the only rationale I get see for that is to be able to provide it to one's AV provider for analysis.

 

 

 

not-a-virus:PSWTool.Win32.GetPass.h.

 

Could this be some kind of false positive?

 

Nope, don't think so PM. Check/scan/delete your keygen software.

 

I have CA software in my first line of protection, but I'm not a fan of it as much as Kaspersky, which I use on a semi-monthly basis unless I've been 'slimed' by some piece if crap software. As to why it only just shows up now...maybe a time bomb went off or something else activated it...hard telling. The good thing is that it matters not that it was there, what matters is the fact that it couldn't report back to the script kiddy that wrote it... :thumbup:

Edited by Pain_Man
Link to comment
Share on other sites

Ahhhhh. I downloaded a suite of freeware tools and one of the progs was a password recovery tool and it was flagged. Since it was freeware I thought it infected and zapped it.

 

Thanks or the list.

 

 

Programs which are classified as Riskware can be:

 

* IRC chat clients

* SMTP clients

* Commercial downloaders

* Commercial monitoring tools

* Proxy servers

* Password recovery tools

* Commercial remote control tools

* FTP servers

* Telnet servers

* Webservers

* Other tools which are built to kill processes, hide windows or read system internals automatically.

 

guilt by association

Edited by Pain_Man
Link to comment
Share on other sites

×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.