Pain_Man Posted February 19, 2008 Share Posted February 19, 2008 Several times now, the virus scan component of ZoneAlarm (Kaspersky, they changed from CA's Pest Patrol), has found malware in files that I downloaded, in some cases, months or years ago. The latest example is not-a-virus:PSWTool.Win32.GetPass.h. Which showed up yesterday evening. The weird thing is, according to Kaspersky's this ".h" variant was first "discovered" more than a month ago! The infected files were downloaded in November of 2006. So despite the fact this trojan horse has been in Kaspersky's virus signatures and despite the fact the infected files have been scanned daily by ZoneAlarm's AV module for more than a thirty days, they were only flagged yesterday?! How could the Anti-Virus industry have missed a Trojan horse/keylogger for at least 16 months?! What gives with this? Lastly, I've used these executables--on three different computers--without any infection/activation of the malware. Could this be some kind of false positive? Link to comment Share on other sites More sharing options...
spinningwheel Posted February 20, 2008 Share Posted February 20, 2008 not-a-virus:PSWTool.Win32.GetPass.h. Could this be some kind of false positive? Nope, don't think so PM. Check/scan/delete your keygen software. I have CA software in my first line of protection, but I'm not a fan of it as much as Kaspersky, which I use on a semi-monthly basis unless I've been 'slimed' by some piece if crap software. As to why it only just shows up now...maybe a time bomb went off or something else activated it...hard telling. The good thing is that it matters not that it was there, what matters is the fact that it couldn't report back to the script kiddy that wrote it... Link to comment Share on other sites More sharing options...
chewy Posted February 20, 2008 Share Posted February 20, 2008 Programs which are classified as Riskware can be: * IRC chat clients * SMTP clients * Commercial downloaders * Commercial monitoring tools * Proxy servers * Password recovery tools * Commercial remote control tools * FTP servers * Telnet servers * Webservers * Other tools which are built to kill processes, hide windows or read system internals automatically. guilt by association Link to comment Share on other sites More sharing options...
Pain_Man Posted February 22, 2008 Author Share Posted February 22, 2008 (edited) Hey, man, who said anything about keygens?!?! I scan every morning at 3am, both for virii & spyware (tho' the boundary seem awful fuzzy to me). I also regularly scan with Spybot SD, Adware and have javacool's spywareblaster installed. I'm as security conscious as I think is reasonable. Perhaps some might think I'm paranoid--but (knock on wood) I've never had a malware problem of any kind. That's why I find it so curious that files which have never caused me any problems should suddenly show up with malware. And, what's even odder, is sometimes copies of an infected file aren't infected, which I don't understand. I admit the paucity of my malware knowledge ("Kill that fucker!" is pretty much it.) I always delete them. ZA has a quarantine function; the only rationale I get see for that is to be able to provide it to one's AV provider for analysis. not-a-virus:PSWTool.Win32.GetPass.h. Could this be some kind of false positive? Nope, don't think so PM. Check/scan/delete your keygen software. I have CA software in my first line of protection, but I'm not a fan of it as much as Kaspersky, which I use on a semi-monthly basis unless I've been 'slimed' by some piece if crap software. As to why it only just shows up now...maybe a time bomb went off or something else activated it...hard telling. The good thing is that it matters not that it was there, what matters is the fact that it couldn't report back to the script kiddy that wrote it... Edited February 22, 2008 by Pain_Man Link to comment Share on other sites More sharing options...
Pain_Man Posted February 22, 2008 Author Share Posted February 22, 2008 (edited) Ahhhhh. I downloaded a suite of freeware tools and one of the progs was a password recovery tool and it was flagged. Since it was freeware I thought it infected and zapped it. Thanks or the list. Programs which are classified as Riskware can be: * IRC chat clients * SMTP clients * Commercial downloaders * Commercial monitoring tools * Proxy servers * Password recovery tools * Commercial remote control tools * FTP servers * Telnet servers * Webservers * Other tools which are built to kill processes, hide windows or read system internals automatically. guilt by association Edited February 22, 2008 by Pain_Man Link to comment Share on other sites More sharing options...
chewy Posted February 22, 2008 Share Posted February 22, 2008 why not scan with the top 21 av programs that are updated! http://virusscan.jotti.org/ Link to comment Share on other sites More sharing options...
Recommended Posts