A-squared FP? +Ad-aware update problems!

Discussion in 'other anti-trojan software' started by Captain Caveman, Nov 16, 2005.

Thread Status:
Not open for further replies.
  1. Captain Caveman

    Captain Caveman Guest

    Hi,

    After the latest a-squared update (15-11-1005), the file \WinRAR\Default.SFX is flagged as Trojan-Dropper.Win32.Agent.ig

    Is this a false positive? I've looked on the a-squared message board but there seems to be no info!

    I have also uploaded the file to Jottis online malware scan and the results were possibly infected, however, none of the AV's reported anything.

    Also, i've been trying to update the defs for ad-aware since yesterday but ad-aware keeps saying there's no update!

    So I downloaded the defs.zip file from the lavasoft site and checked the defs.ref md5 checksum with the one listed here by TeMerc https://www.wilderssecurity.com/forumdisplay.php?f=34 (Ad-Aware defs update)
    The md5's of the defs.ref file don't match!!! For anyone who thinks im looking at the defs.zip checksum i'm not.

    So i erased the file and did not update ad-aware with the downloaded file. At least until i know whether the md5 is correct or not. Any help?

    Thanks in advance
    CAPTAIIIIIIN CAVEEEMMMMMMMMMMANNNN!!!
     
    Captain Caveman, Nov 16, 2005
    #1
  2. Captain Caveman

    Captain Caveman Guest

    Ahem! I meant to post this in the other anti-trojan software section.
    If a moderater could move this thanks ;)
     
    Captain Caveman, Nov 16, 2005
    #2
  3. Tom772

    Tom772 Guest

    Hi C,

    As far as i can tell it is a false postive, I updated again today and i still get the same result , infected file; Trojan-Dropper.Win32.Agent.ig. I have scanned at VirusTotal. Ewido and Kaspersky file scanner all clean! One person has posted a question @ Emsisoft, so hopefully they will get a reply soon.

    http://forum.emsisoft.com/viewtopic.php?t=3943

    I have left it for now, Hopefully a FP

    T

     
    Tom772, Nov 17, 2005
    #3
  4. [ah]

    [ah] Guest

    Well ... in fact noone can tell you if its a FP or not without the file that was detected. So in fact you will have to wait for an answer until someone sends the file to ah_AT_emsisoft_DOT_com ;).
     
    Last edited by a moderator: Nov 18, 2005
    [ah], Nov 17, 2005
    #4
  5. FanJ

    FanJ Guest

    About the MD5 checksum:

    I'm not sure whether I understand you right (sorry in case I didn't).
    I just downloaded the defs.zip file manually to another directory and unzipped it there.
    Then I let CryptoSuite calculate the MD5 of defs.ref and compared it with the MD5 of defs.ref which I got in my Ad-Aware directory.
    As you can see, both are the same and they match with the one posted by TeMerc.

    PS:
    I downloaded defs.zip manually from :
    http://download.lavasoft.de.edgesuite.net/public/defs.zip
     
    FanJ, Nov 18, 2005
    #5
  6. Captain Caveman

    Captain Caveman Guest

    Thanks all.

    For a-squared: The FP was fixed with the new update :)

    For ad-aware:

    When i downloaded defs.zip - i used FCIV to calculate the MD5 for the defs.ref file. They did not match Terc's MD5 for the defs.ref file.

    Anyway, its seems irrelevant now, as for some reason my internal updater downloaded the defs file without any problem! This defs file checksum matched Terc's
    :)

    So alls well on both fronts!
    Captain Caveman
     
    Captain Caveman, Nov 18, 2005
    #6
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...