IPB

Welcome Guest ( Log In | Register )

 
Closed TopicStart new topic
> Want to know if 4 files are virus.
geko
post 8.01.2009 18:20
Post #1


Newbie
*

Group: Members
Posts: 7
Joined: 5.12.2007




I submitted 4 viruses to virustotal and all 4 of them were tagged as malware by many AV's 3 of them tagged by Kaspersky.
I submitted the 4 viruses to Avira so they can add the virus signatures to their database. The answer I got from them is an answer I get many times: DAMAGED FILE (UNKNOWN).

This time, 3 were DAMAGED FILE (UNKNOWN) and 1 CLEAN.

I demanded an explanation on their forum and this was the answer:

Hi,
The samples were reanalyzed and these are the conclusions:
25225687 - seems to be a compilation log or something similar => CLEAN
25225685 - this is a heavily damaged exe file (including headers) => DAMAGED
25225688 - this is an EXE file with more than half of his length overwritten with 0x90 charcter => DAMAGED UNKNOWN
25225690 - same as above


So, as you may expect, right now I'm pretty confused.

Are these files malware?
If so, what can I say to them (Avira Forum) to show them that they are wrong?
If these files are not malware, I believe Kaspersky should remove these false positives from the database.

How should I send these files so they can be analized by Kaspersky?
I would post the result in this topic.

These are the results I got from virustotal:

Virustotal: 5 detections.

a-squared 4.0.0.73 2009.01.07 Trojan.Win32.FlyStudio!IK
Ewido 4.0 2008.12.31 Trojan.FlyStudio.l
F-Secure 8.0.14470.0 2009.01.07 Trojan.Win32.FlyStudio.l
Ikarus T3.1.1.45.0 2009.01.07 Trojan.Win32.FlyStudio
Kaspersky 7.0.0.125 2009.01.07 Trojan.Win32.FlyStudio.l

------------------------------------------------------------------------------------------

Virustotal: 7 detections.

a-squared 4.0.0.73 2009.01.07 Virus.Win32.Bifrose!IK
Avast 4.8.1281.0 2009.01.07 Win32:Bifrose-CIQ
ClamAV 0.94.1 2009.01.07 Worm.Mytob.IS
F-Secure 8.0.14470.0 2009.01.07 Hupigon.gen109
GData 19 2009.01.07 Win32:Bifrose-CIQ
Ikarus T3.1.1.45.0 2009.01.07 Virus.Win32.Bifrose
Norman 5.80.02 2009.01.06 Hupigon.gen109

----------------------------------------------------------------------------------------------

Virustotal: 15 detections.

a-squared 4.0.0.73 2009.01.07 Virus.Win32.KME!IK
Authentium 5.1.0.4 2009.01.06 W32/MalwareHiderPatched-based!Maximus
AVG 8.0.0.199 2009.01.07 Win32/KME
BitDefender 7.2 2009.01.07 Win32.KME.Based.1.Gen
DrWeb 4.44.0.09170 2009.01.07 Win32.KME.based
eSafe 7.0.17.0 2009.01.06 Virus.Win32.KME
F-Prot 4.4.4.56 2009.01.07 W32/MalwareHiderPatched-based!Maximus
F-Secure 8.0.14470.0 2009.01.07 Virus.Win32.KME
GData 19 2009.01.07 Win32.KME.Based.1.Gen
Ikarus T3.1.1.45.0 2009.01.07 Virus.Win32.KME
Kaspersky 7.0.0.125 2009.01.07 Virus.Win32.KME
McAfee 5487 2009.01.07 Generic.dx
McAfee+Artemis 5487 2009.01.06 Generic.dx
Norman 5.80.02 2009.01.06 KME.A
Sophos 4.37.0 2009.01.07 Mal/Generic-A

-----------------------------------------------------------------------------------------------

Virustotal: 15 detections.

a-squared 4.0.0.73 2009.01.07 Virus.Win32.KME!IK
Authentium 5.1.0.4 2009.01.06 W32/MalwareHiderPatched-based!Maximus
AVG 8.0.0.199 2009.01.07 Win32/KME
BitDefender 7.2 2009.01.07 Win32.KME.Based.1.Gen
DrWeb 4.44.0.09170 2009.01.07 Win32.KME.based
F-Prot 4.4.4.56 2009.01.07 W32/MalwareHiderPatched-based!Maximus
F-Secure 8.0.14470.0 2009.01.07 Virus.Win32.KME
Fortinet 3.117.0.0 2009.01.07 PossibleThreat
GData 19 2009.01.07 Win32.KME.Based.1.Gen
Ikarus T3.1.1.45.0 2009.01.07 Virus.Win32.KME
Kaspersky 7.0.0.125 2009.01.07 Virus.Win32.KME
McAfee 5487 2009.01.07 Generic.dx
McAfee+Artemis 5487 2009.01.06 Generic.dx
Norman 5.80.02 2009.01.06 KME.A
Sophos 4.37.0 2009.01.07 Mal/Generic-A

Thanks.
Go to the top of the page
 
+Quote Post

Closed TopicStart new topic

 



Lo-Fi Version Time is now: 21.09.2014 20:06