Hi, i hope i'm not going to cause any concern or alarm to other people for this thread, but i need advice yet again. I used a link from a thread for a online scanning service called VirusTotal, after scanning some suspect files i decided to give some of the free programs i downloaded from Afterdawn a scan, here are some of the results. ffdshow_rev1625_20071119_clsid.zi Prevx1 V2 2007.12.18 Heuristic: Suspicious Self Modifying TMPGEnc-2_1_.524.63.181-Free.zip Sunbelt - - VIPRE.Suspicious Webwasher-Gateway - - Win32.Malware.gen (suspicious dvdshrink32setup.exe Webwasher-Gateway - - BlockReason.0 Avisynth_257.exe eSafe - - suspicious Trojan/Worm Panda - - Suspicious file GSpot270a.zip Webwasher-Gateway - - BlockReason.0 FixVTS.exe McAfee - - New Malware.ab dvdflick_setup_1.2.2.1.exe Prevx1 - - Heuristic: Suspicious Self Modifying File DVDFabHDDecrypter4012.exe Prevx1 - - Heuristic: Suspicious Self Modifying File avidemux_2.3.0_plus_win32.zip Fortinet - - suspicious Panda - - Suspicious file vsoConvertXtoDVD2_setup.exe IkarusVirus.Trojan.Win32.Obfuscated.en I'm not sure of these results, the one i really need some advice about and which i can't seem to find any information on is the "Heuristic: Suspicious Self Modifying File". This was found by the Prevx1 scan which is a new program in the beta stage designed to find the newer Trojans and has also given the these names for the same result, "Heuristic: Suspicious Backdoor" "Polymorphic Trojans" found in DVDflick_setup_1.2.2.1.exe , ffdshow_rev1625_20071119_clsid.zi , DVDFabHDDecrypter4012.exe I've never found any of this infections with all of the security programs i've used but would appreciate any input, even my favourite program ConvertXToDVD has been infected with "Trojan.Win32.Obfuscated.en" found by the Ikarus scan according to VirusTotal. Could i have a Trojan spreading through my files, the Polymorphic Trojan?
Sounds to me like you need to try a better, more well known virus scanner. I use Mcafee personally, and in all the years of using computers online i've only have been hit by 2 minor viruses
TotalVirus uses 36 different Antivirus programs including Mcafee, which picked up only one infection by the way if you read my first thread, if they are genuine infections and not part of the program, thats what i'm trying to find out. try it, file upload size has a limit, link below http://www.virustotal.com/
I'm sure the Admins will be sure that anything hosted here will be virus-free; again, sounds to me like you've picked up something undesirable along the way, and that's what's infected the files you mention, not the site-hosted files being the culprit; a lot of people use these files, and to my knowledge no-one's had any problems thus far... myself included
It's not recommended to run more than one Antivirus anyway as you can get false positives...which may be the case here.
All the files hosted on our servers get virus-scanned regularly -- and virtually all of the files are delivered to our servers directly from software author's own download servers. So, it sounds extremely likely that we're talking about "false positives" here. But sure, we'll re-scan the files you mentioned, again and post the results. As a disclaimer: We do have at least one file on our download servers that I am aware of that most definitely will ring bells with virus scanners -- but even it wont have a virus. The new versions of BSPlayer aren't freeware anymore, but instead, the software is funded by showing ads on its player window, thus it is labeled as "adware" by most virus scanners (then again, our description page for it tells that, plus the software itself tells you that when you install it -- and last, but not least, we also provide the older freeware versions of it for download, which don't contain ad elements .
These ARE all false positives. (except the one already flagged by the master.. all the adware scanners find that, because technically it is) I ran Prevxl on a dodgy system after my usual virus removal and clean just last night... (total coincidence.. found the site while looking for a free net scan because things still didn't seem quite right.. wrong ram clock settings as it happens) It reported hundreds and hundreds of hits.. some being the .bat scripts I wrote myself in the course of cleaning. Now the worrying part.. Because I know how malware works, and have samples of a lot I thought up a little test.. I installed a rather old storm worm variant and 4 instances of trojan.generic.downloader.xxx (ccd,edf,skl, and dot) and ran it online again.. guess what.. NO HITS for them.. (ain't it great having other peoples hardware to mess about with?) Like a lot of new av applications they seem to find everything slightly suspicious (while missing things that they should find) in an attempt to get customers. I was concerned by the way it flagged files and applications I know to be clean and safe whilst missing nasties. Not a good advert for the program really. I can say that I often send people here for free software in the safe knowledge that it is all clean.
Hi, sorry for not replying earlier, your correct about the false positives, that was my original intention to show that TotalVirus can and is out of date. I ran the same files through another online scanner called VirSCAN and all were ok except that the Pevx V2 scanner gave this result on all the files: (TROJAN.DOWNLOADER.GEN), so that scanner has obviously got some problems. As to TotalVirus being out of date here's an example, the now ilegal program DVDDecrypter_3.5.4.0.exe which at the time i didn't now was ilegal got this result from the TotalVirus Kasperky scannerTrojan.Win32.Delf.akh), i use Kaspersky Antivirus and have never picked this up and have been told by Kaspersky that it was a false posltive which they corrected earlier this year. I've been using many of the programs mentioned in the scan with no problems, its just i know many people use TotalVirus and its been mentioned on here a few times and wanted them to know. I also understand that free programs can contain adware which can be quite harmless, some other free download sites can and do sometimes have infected downloads with more serious viruses. One of my favourite little programs called Folder Maker gets these results from both mentioned on line scanners: Ikarus (Virus.Win32.Trojan) Prevx V2 (TROJAN.DOWNLOADER.GEN) I now will ignore the Prevx V2 result for obvious reasons and as for the other it gave me this result for another version of the same programsuspicious(level 80) so not sure what to think. Thanx for reading this thread and all of your input, as a newbie its hard to know what can be a genuine threat or harmless, and if ya wondering why i didn't reply earlier its because i thought i posted my original thread in the newbie's section and assumed they erased it, da! Christmas shopping stress! ya that's it, or maybe i've got a virus?
