|
|
#1
June 7th, 2002, 03:13 PM
|
||||
|
||||
Possible false positives with latest eTrust scan.
"eTrust EZ Antivirus Version 5.4.2.0
Started scanning: * * *12:50:32 PM, 6/7/2002 Major dat file ** * *v1000 Minor dat file ** * *v2094 Macro dat file * * *Jun *6 2002 (VMD Ver 1.6) Scanning file(s)... C:\WINDOWS\SYSTEM\PAV.SIG - Win95.Bumble.1736/1738 dropper. C:\WINDOWS\SYSTEM\imscan.dll - infected with Tentacles III virus. Finished scanning: * * *12:57:20 PM, 6/7/2002 Number of files scanned: 24489. Number of infections: 2 Number of infected files not cleaned/deleted/renamed: 2 * * *C:\WINDOWS\SYSTEM\PAV.SIG (Win95.Bumble.1736/1738 dropper) * * *C:\WINDOWS\SYSTEM\imscan.dll (Tentacles III virus)" Not getting any hits from any of my other programs on those two. Fixing to send it to etrust for analysis. Anybody else seeing this? Pete *I may need to update the eTrust engine - didn't they go to version 6 something just here lately?
__________________
"When fascism comes to America it will come wrapped in the flag and carrying a cross." Sinclair Lewis |
|
#2
June 7th, 2002, 04:47 PM
|
||||
|
||||
|
Re: Possible false positives with latest eTrust sc
Did you recently use or install Panda Antivirus Pete ?
Technodrome
__________________
Classic Trance Hit: PPK - Resurrection |
|
#3
June 7th, 2002, 04:56 PM
|
||||
|
||||
|
Re: Possible false positives with latest eTrust sc
I've got the Panda cleaner on here that you can get from our d/l page on here, TD. I recognized that one, it was the *other one I wasn't sure about. Of course, they're both being picked up from PAV, so that's probably where both FP's are coming from.
Now I'm trying to remember whether I used my old or new email addy. when I emailed them - oh, well! *  Pete
__________________
"When fascism comes to America it will come wrapped in the flag and carrying a cross." Sinclair Lewis |
|
#4
June 7th, 2002, 05:06 PM
|
||||
|
||||
|
Re: Possible false positives with latest eTrust sc
Yup!
Imscan.dll file, if I do recall this right, comes with Pandas Active Scan as well, and is the anti-virus scanning engine. Technodrome
__________________
Classic Trance Hit: PPK - Resurrection |
|
#5
June 8th, 2002, 02:26 AM
|
|||
|
|||
|
Re: Possible false positives with latest eTrust sc
That's what it was - I ran an ActiveScan at the PCPitStop site not too long ago. Pete
|
|
#6
June 8th, 2002, 08:51 PM
|
||||
|
||||
|
Re: Possible false positives with latest eTrust sc
Okay, here's the response from etrust:
Dear *spy1, This is to notify you of the results of the testing carried out by the Virtue system on the files that you sent to us. Unfortunately you have encountered a false positive in our product, which was not found by our extensive testing in QA. We will fix this problem asap and notify you of the solution within 48 hours. ========================================================================= The analysis of the 1st file submitted as "imscan.zip" has been completed. The PkWare Zip Archive file has been determined to be clean. There are however some files contained within this file, which this section of your report does not cover. Results of the analysis of these files can be found later in this report. ######################################################################### The analysis of the *file submitted as "imscan.dll" has been completed. The Windows Dynamic Link Library file has been determined to be clean. A human researcher has analysed the file and found nothing suspicious. Researcher comment: This is a DLL part of Panda Antivirus software. It contains search strings for detecting viruses, but these search strings are not encrypted. Because of this, the file may appear infected to other scanners." Hasn't been corrected yet - probably in Monday's update. Pete
__________________
"When fascism comes to America it will come wrapped in the flag and carrying a cross." Sinclair Lewis |
| « Previous Thread | Next Thread » |
| Thread Tools | Search this Thread |
|
|
