Hi All;
I have been running Antivir on my home PC for years now, and its been fantastic!

We have Panda antivirus at work. Recently, our ISP from work called and stated we may have a virus on our network, so I ran the Panda Software, and did find a couple viruses on the network. Well, I am not sure how I feel about Panda, so I decided to DL Antivir on one the PC's at work and scan it With Antivir, to be sure.

Antivir found 1 virus, and it seems to be recurring. Antivir calls it Micro-128(C), and its in one of the Panda Antivirus .dll files. location is C/Program files/Panda Software/AVTC/pavdll.dll.

The AVGuard for Antivir pops up every so often and reports this virus. I sent the .dll to Avira and they replied that it was a variant of FRISK #2 virus.

My thought is that this is a false positive from Antivir. I am guessing that the .dll is a valid file and is just setting off the Antivir virus guard. the Panda install is a forced network deployment, so i get the Panda files i need regardless of what I actually want, and if Antivir deletes the .dll, Panda Agent just forces it back to me.
I guess my only question is : Am i correct? running both Antivir and Panda together is giving me a false detection on this PC? Or, can anyone tell me wether I really still have a virus on this machine or not?
Thanks for any help :)

{QUOTE-> Hi All;
I have been running Antivir on my home PC for years now, and its been fantastic!

We have Panda antivirus at work. Recently, our ISP from work called and stated we may have a virus on our network, so I ran the Panda Software, and did find a couple viruses on the network. Well, I am not sure how I feel about Panda, so I decided to DL Antivir on one the PC's at work and scan it With Antivir, to be sure. <-QUOTE}

and?

the results were................



---------------------------------------------------------------
if panda found viruses, why the need to try antivir aswell.

Sorry, noob can't figure out how to post, edited above to finish story. :-[

Antivir log entry:
C:\Program Files\Panda Software\AVTC\Pavdll.dll
[DETECTION] Contains signature of the Micro-128 (C) virus
[WARNING] The file could not be deleted!

have you tried uploading the 'so called infected file to www.virustotal.com

it will scan the file using a numerous amount of different companys for antivirus and give you the result, let us know the result. ;D

here is the result:

Antivirus Version Update Result
AntiVir 7.2.0.32 10.23.2006 W95/Bumble
Authentium 4.93.8 10.23.2006 no virus found
Avast 4.7.892.0 10.22.2006 Win32:Kuang2
AVG 386 10.23.2006 no virus found
BitDefender 7.2 10.23.2006 no virus found
CAT-QuickHeal 8.00 10.23.2006 no virus found
ClamAV devel-20060426 10.23.2006 Sirius.Annihilator.272
DrWeb 4.33 10.23.2006 no virus found
eTrust-InoculateIT 23.73.33 10.23.2006 no virus found
eTrust-Vet 30.3.3152 10.23.2006 no virus found
Ewido 4.0 10.23.2006 no virus found
Fortinet 2.82.0.0 10.23.2006 suspicious
F-Prot 3.16f 10.23.2006 no virus found
F-Prot4 4.2.1.29 10.23.2006 no virus found
Ikarus 0.2.65.0 10.23.2006 no virus found
Kaspersky 4.0.2.24 10.23.2006 no virus found
McAfee 4878 10.20.2006 no virus found
Microsoft 1.1603 10.23.2006 no virus found
NOD32v2 1.1826 10.23.2006 no virus found
Norman 5.80.02 10.23.2006 no virus found
Panda 9.0.0.4 10.22.2006 no virus found
Sophos 4.10.0 10.23.2006 W95/CIH-10xx
TheHacker 6.0.1.103 10.23.2006 no virus found
UNA 1.83 10.23.2006 no virus found
VBA32 3.11.1 10.23.2006 no virus found
VirusBuster 4.3.7:9 10.23.2006 no virus found

if only antivir / avast / sophos and clamav (free) found this... it does look like a false positive, but you never know.

make your own mind up i suppose, maybe send the sample to another av company who didnt find it and see how they see it.

send the sample to f-secure or nod32 for analysis

Looks to me like a false positive. It's highly unlikely that all the most famous antivirus programs would miss an old Win95 virus.

that was my thought,too. I guess i will hold off, i don't want to go deleting Panda .dll's unless i have to. If the ISP calls us back and says we still are infected, i will come back to it. I think I am OK.
Thanks for the epinions, guys I appreciate the help.

yep exactly what i was thinking.... antivir is known for quite a few false positives.

The first of three False Positives (AntiVir's HUER's set to High) was last January on a PandaScan.dll. A Google search showed that quite a few AV's reacted to Panda's files, Avast had published a detailed article on the fact that it had to do with the method Panda uses to pack the Signatures and they could not prevent those False Positives.

{QUOTE-> The first of three False Positives (AntiVir's HUER's set to High) was last January on a PandaScan.dll. A Google search showed that quite a few AV's reacted to Panda's files, Avast had published a detailed article on the fact that it had to do with the method Panda uses to pack the Signatures and they could not prevent those False Positives. <-QUOTE}

cannot prevent those false positives?, all the other major av companys did not detect it as a virus, it either is one or isnt, surely if they can prevent it, others can too.

as for antivir being on high heuristics, isnt this the setting most users are going to select for detection and security?

i tend to believe an antivirus when it says "this is a virus" and delete the file, if this happens on high setting, no thanks... i could end up deleting something i use.

True, it also helps if your antivirus can even detect viruses to. Hmm, let me go check those ratings. 91.55 Standard, yep, give me a few FPs.

ohhhh, slagging off avg because i have it as my avatar, and because i wrote something bad about the antivir,
bit lame of you i must say, to come back at me with that.

i dont think anyone should count the scores till IBK brings out the new ones for proactive and on demand.

IBK has clearly stated a big improvment with avg, and i dont remember avg giving loads of false positives, look on the main screen near the top ... someone else with a thread about another antivir false positive.

-----------
to keep on topic, this thread started about antivir finding yet another false positive, something im seeing quite a bit of actually, so i stated that.

nobody is denying the detection rate of the last av comparatives test is good, but false positives do count aswell.

norton had about a percent less in detection with ZERO false positives, surely a better choice.
also kaspersky / nod / f-secure had excellent detection rates, but all with FEW false positives.

it does count, it does matter

{QUOTE-> True, it also helps if your antivirus can even detect viruses to. Hmm, let me go check those ratings. 91.55 Standard, yep, give me a few FPs. <-QUOTE}

trjam report on avg antispyware?

lodore

{QUOTE-> ohhhh, slagging off avg because i have it as my avatar, and because i wrote something bad about the antivir,
bit lame of you i must say, to come back at me with that.

i dont think anyone should count the scores till IBK brings out the new ones for proactive and on demand.

IBK has clearly stated a big improvment with avg, and i dont remember avg giving loads of false positives, look on the main screen near the top ... someone else with a thread about another antivir false positive.

-----------
to keep on topic, this thread started about antivir finding yet another false positive, something im seeing quite a bit of actually, so i stated that.

nobody is denying the detection rate of the last av comparatives test is good, but false positives do count aswell.

norton had about a percent less in detection with ZERO false positives, surely a better choice.
also kaspersky / nod / f-secure had excellent detection rates, but all with FEW false positives.

it does count, it does matter <-QUOTE}

Just messing with you my friend. I cant argue your points either. I would go with Antivir over Panda though. Lodore, its Ewido and it has always gone good with Nod.;D

Again, Panda is ok, but if you set your hueristics with Antivir to medium instead of high, you will get less FPs and still better protection then Panda.

{QUOTE-> trjam report on avg antispyware?

lodore <-QUOTE}

yep avg has improved its heuristics and detection, clearly stated.

now add ewido anti trjoan and all their detection rates, and surely dont knock the results till they are out, but im pretty sure it will suprise people with its detection, especially on the previous result on avg.

{QUOTE-> as for antivir being on high heuristics, isnt this the setting most users are going to select for detection and security?
<-QUOTE}

Nope!
Anyone familiar with the default settings will notice that they are set at medium.
If you are talking about average users,they probably don't know what heuristics are and don't care.

By default, heuristics aren't enabled at all! Only heuristics enabled by default are macro heuristics. Kinda lame decision though...

{QUOTE-> By default, heuristics aren't enabled at all! Only heuristics enabled by default are macro heuristics. Kinda lame decision though... <-QUOTE}

You are right.On both counts IMO.
The Win32 file heuristics have to be enabled by the user.

{QUOTE-> Just messing with you my friend. I cant argue your points either. I would go with Antivir over Panda though. Lodore, its Ewido and it has always gone good with Nod.;D

Again, Panda is ok, but if you set your hueristics with Antivir to medium instead of high, you will get less FPs and still better protection then Panda. <-QUOTE}


ideal. i think nod32 is the best bet for me its always worked well for me during testing just install with the config and install batch file and thats it. and that way you get a desktop shortcut for scanning.

avg antispyware is light realtime isnt it?
and good against spyware and trojans?

is ewido micro scanner using the new engine?

Actually, this hour lodore, its the Antivir Suite and Prevx1 since I am one of the few that found out how to get them to love each other. Regardless, the Antivir Suite is nice. I was also at a time, looking at the Panda suite with Tru-Prevent. I still think it is very good but slowed most down. for malware protection, for the thread orginator, Antivir cant be beat. Not by Panda, not by AVG.

true,

but, these av comparative results can change sooo frequently though , look at AntiVir, one good result, the rest before them were 'average' and quite poor to the good results were they not?

all antivirus companys improve, some will even fall in quality, but if AntiVir can improve from the last test soooo much, others can, also can antivir keep it up, we shall see. ;D

{QUOTE-> Actually, this hour lodore, its the Antivir Suite and Prevx1 since I am one of the few that found out how to get them to love each other. Regardless, the Antivir Suite is nice. I was also at a time, looking at the Panda suite with Tru-Prevent. I still think it is very good but slowed most down. for malware protection, for the thread orginator, Antivir cant be beat. Not by Panda, not by AVG. <-QUOTE}


nod32=light as a feather+ fast as sonic the hedge hog+the bite of a lion!

antivir is good to thou but quite a few Fp's

Actually Antivir shows me a steady improvement. I have no doubt the FPs will be many, but they have spent a lot of time improving that of late. The funny thing is their malware detecting is better then Nods, which isnt that good, but I think is to about get better real quick. Also Lodore, during this same time Antivir has been working on their FPs, Eset has been working on their malware detection. One is toning down, while one is toning up. AVG, well we will see. This is just my 2 cents.

{QUOTE-> Actually Antivir shows me a steady improvement. I have no doubt the FPs will be many, but they have spent a lot of time improving that of late. The funny thing is their malware detecting is better then Nods, which isnt that good, but I think is to about get better real quick. Also Lodore, during this same time Antivir has been working on their FPs, Eset has been working on their malware detection. One is toning down, while one is toning up. AVG, well we will see. This is just my 2 cents. <-QUOTE}


both are great products no doubt and I know antivir is working hard to get rid of the fp's.

nod32 still has a great detection rate and working on the server issues and improving detection. while kaspersky are trying to fix a few bugs in the upcoming MP1.

every av has its weakness.

NOD32 needs a bit better trojan detection
DR WEBneeds faster scanning and is getting it and a better interface.
KASPERSKY needs to iron out all the bugs in its suite.
AVG needs to update its interface it still looks to old and needs more options in the real time scanner and antispyware scanner and improve on detection.
PANDA needs to be lighter on resourses.
BITDEFENDER needs to iron out the bugs in bd 10 and make it lighter.
ANTIVIR need to iron out the bugs in the beta before it comes out and not come out to soon and do have alot bugs when it comes out like kav6 and bitdefender10.
f-secure needs to be lighter and stop using ad aware for antispyware.
norton 2007 needs to work on there EULA and there interface and have more options for power users who like to tweak there av's.

nothing can beat layered protection.


I think i have outlined most of the products
I do like antivir alot to thou. but I prefer separates generally speaking.

To get this discussion back on track: the false positive is mostly likely once again due to the bad habit of panda to not encrypt their signatures. It's happening with many AVs over and over again, coz the guys at Panda aren't doing their homework in this matter...