geko

Want to know if 4 files are virus.

1 post in this topic

I submitted 4 viruses to virustotal and all 4 of them were tagged as malware by many AV's 3 of them tagged by Kaspersky.

I submitted the 4 viruses to Avira so they can add the virus signatures to their database. The answer I got from them is an answer I get many times: DAMAGED FILE (UNKNOWN).

 

This time, 3 were DAMAGED FILE (UNKNOWN) and 1 CLEAN.

 

I demanded an explanation on their forum and this was the answer:

 

Hi,

The samples were reanalyzed and these are the conclusions:

25225687 - seems to be a compilation log or something similar => CLEAN

25225685 - this is a heavily damaged exe file (including headers) => DAMAGED

25225688 - this is an EXE file with more than half of his length overwritten with 0x90 charcter => DAMAGED UNKNOWN

25225690 - same as above

 

So, as you may expect, right now I'm pretty confused.

 

Are these files malware?

If so, what can I say to them (Avira Forum) to show them that they are wrong?

If these files are not malware, I believe Kaspersky should remove these false positives from the database.

 

How should I send these files so they can be analized by Kaspersky?

I would post the result in this topic.

 

These are the results I got from virustotal:

 

Virustotal: 5 detections.

 

a-squared 4.0.0.73 2009.01.07 Trojan.Win32.FlyStudio!IK

Ewido 4.0 2008.12.31 Trojan.FlyStudio.l

F-Secure 8.0.14470.0 2009.01.07 Trojan.Win32.FlyStudio.l

Ikarus T3.1.1.45.0 2009.01.07 Trojan.Win32.FlyStudio

Kaspersky 7.0.0.125 2009.01.07 Trojan.Win32.FlyStudio.l

 

------------------------------------------------------------------------------------------

 

Virustotal: 7 detections.

 

a-squared 4.0.0.73 2009.01.07 Virus.Win32.Bifrose!IK

Avast 4.8.1281.0 2009.01.07 Win32:Bifrose-CIQ

ClamAV 0.94.1 2009.01.07 Worm.Mytob.IS

F-Secure 8.0.14470.0 2009.01.07 Hupigon.gen109

GData 19 2009.01.07 Win32:Bifrose-CIQ

Ikarus T3.1.1.45.0 2009.01.07 Virus.Win32.Bifrose

Norman 5.80.02 2009.01.06 Hupigon.gen109

 

----------------------------------------------------------------------------------------------

 

Virustotal: 15 detections.

 

a-squared 4.0.0.73 2009.01.07 Virus.Win32.KME!IK

Authentium 5.1.0.4 2009.01.06 W32/MalwareHiderPatched-based!Maximus

AVG 8.0.0.199 2009.01.07 Win32/KME

BitDefender 7.2 2009.01.07 Win32.KME.Based.1.Gen

DrWeb 4.44.0.09170 2009.01.07 Win32.KME.based

eSafe 7.0.17.0 2009.01.06 Virus.Win32.KME

F-Prot 4.4.4.56 2009.01.07 W32/MalwareHiderPatched-based!Maximus

F-Secure 8.0.14470.0 2009.01.07 Virus.Win32.KME

GData 19 2009.01.07 Win32.KME.Based.1.Gen

Ikarus T3.1.1.45.0 2009.01.07 Virus.Win32.KME

Kaspersky 7.0.0.125 2009.01.07 Virus.Win32.KME

McAfee 5487 2009.01.07 Generic.dx

McAfee+Artemis 5487 2009.01.06 Generic.dx

Norman 5.80.02 2009.01.06 KME.A

Sophos 4.37.0 2009.01.07 Mal/Generic-A

 

-----------------------------------------------------------------------------------------------

 

Virustotal: 15 detections.

 

a-squared 4.0.0.73 2009.01.07 Virus.Win32.KME!IK

Authentium 5.1.0.4 2009.01.06 W32/MalwareHiderPatched-based!Maximus

AVG 8.0.0.199 2009.01.07 Win32/KME

BitDefender 7.2 2009.01.07 Win32.KME.Based.1.Gen

DrWeb 4.44.0.09170 2009.01.07 Win32.KME.based

F-Prot 4.4.4.56 2009.01.07 W32/MalwareHiderPatched-based!Maximus

F-Secure 8.0.14470.0 2009.01.07 Virus.Win32.KME

Fortinet 3.117.0.0 2009.01.07 PossibleThreat

GData 19 2009.01.07 Win32.KME.Based.1.Gen

Ikarus T3.1.1.45.0 2009.01.07 Virus.Win32.KME

Kaspersky 7.0.0.125 2009.01.07 Virus.Win32.KME

McAfee 5487 2009.01.07 Generic.dx

McAfee+Artemis 5487 2009.01.06 Generic.dx

Norman 5.80.02 2009.01.06 KME.A

Sophos 4.37.0 2009.01.07 Mal/Generic-A

 

Thanks.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.