Killfiles-L trojan on Wilders?

Huupi · Sep 21, 2007

If i click in a thread in Software and Services [ShadowDefender...new kid on the block],i get an alert from Avast saying ''Killfiles-L Trojan discovered,would you disconnect". Perhaps its a FP but i like to know you that this even can happen here on Wilders.

TonyKlein · Sep 21, 2007

Re: Killfiles-L trojan on Wilders

Huupi said:

Perhaps its a FP but i like to know you that this even can happen here on Wilders.
Click to expand...

Yes indeed: False Positives can happen absolutely anywhere...

Could it be Avast objecting to this sample command posted by ErikAlbert:

The command, if run, could indeed wreak havoc, deleting most files in the root of C.

Just sitting there on the web page it is of course harmless, let alone a 'trojan'.

Huupi · Sep 21, 2007

Re: Killfiles-L trojan on Wilders

TonyKlein said:

Yes indeed: False Positives can happen absolutely anywhere...

It's probably Avast objecting to this sample command posted by ErikAlbert:

The command, if run, could indeed wreak havoc, deleting most files in the root of C.

Just sitting there on the web page it is of course harmless, let alone a 'trojan'.
Click to expand...

Yes but how to get rid of these annoying messages ? And thanks for to give me some peace of mind.

lucas1985 · Sep 21, 2007

Re: Killfiles-L trojan on Wilders

I guess that Avast is detecting this command

See a similar behaviour with NOD32.
EDIT:
TonyKlein was faster

TonyKlein · Sep 21, 2007

Re: Killfiles-L trojan on Wilders

Huupi said:

Yes but how to get rid of these annoying messages ?
Click to expand...

I'm not familiar with Avast myself, but I suspect you can't.

Why not bring this to their attention by posting at the Avast! forum: http://forum.avast.com/

And thanks for to give me some peace of mind.
Click to expand...

No prob, you're welcome. Happy surfing.

LowWaterMark · Sep 21, 2007

FYI - It also appears to be a recent update to avast! that caused this false positive. When I saw this thread, I booted a PC where I have avast! installed, went to the thread in question and didn't get the alert. I had to update avast! in order for it to start flagging the various posts in that thread containing that DOS DEL command. The definitions were probably a week or so old before the update was run and the f/p started appearing.

So, if it is a recent addition to their detections, they'll simply need to think about just how they added it and come up with a way to tailor it so it doesn't flag by merely reading a webpage with that command in it.

Note: Since avast! was also flagging this thread for the same reason, I edited the two posts above that originally had copies of the DEL command in text and changed them to images of that command.

lucas1985 · Sep 21, 2007

It's the same situation as this one:

Schouw said:

Yes, there is malware code, but in this form it poses no threat.

AV experts still debate about this issue.

Imo this is one of the cases where there's no false positive and no false negative.

I don't think any AVendor will add detection for this, nor will there be AVendors who will remove detection.
Click to expand...

Inspector Clouseau said:

As Schouw KL stated already - that is basically a "drawn"
It is NOT a malicious website from the point that something could execute, but it contains well know script parts from the worm. Now the thing is that .HTML files basically are belonging into the AV "Script-Type". Loveletter to.
That means the "matching filetype" condition is even fulfilled It would be worse if someone finds a Windows Executable FileInfector in a HTML file...

However, i ALWAYS adviced to such guys which are trying to explain how Viruses are working NOT TO QUOTE OR PASTE directly source code into HTML files, because this always might lead to false positives. Instead of this a black and white PNG picture with the code is ABSOLUTELY SAFE regarding false positives of text based detections.

Mike
Click to expand...

19monty64 · Sep 22, 2007

LowWaterMark said:

Note: Since avast! was also flagging this thread for the same reason, I edited the two posts above that originally had copies of the DEL command in text and changed them to images of that command.
Click to expand...

Since ErikAlbert helped us find this "trojan" maybe he should change his sign-in to EicarAlbert roflol He also helped me discover "new" security for my computer. When the "Avast-sirens" sounded out, my dog started barking and alerted the sleeping-household to the intruder-alert roflol The scotty-bark of WinPatrol is nothing compared to the Avast-sirens and Buddy-bark early on a Saturday morn in my house roflol Thanx EicarAlbert roflol

19monty64 · Sep 22, 2007

I posted about KillFiles-L (a.k.a.EicarAlbert lol) at avast forums and waiting for a response http://forum.avast.com/index.php?topic=30578.0

19monty64 · Sep 23, 2007

Update 000776-0 seems to solve the FP for Avast. Great support, and on a weekend no less, makes a good product a great one! * * * * *

Log in or Sign up

Killfiles-L trojan on Wilders?

Huupi Registered Member

TonyKlein Security Expert

Huupi Registered Member

lucas1985 Retired Moderator

TonyKlein Security Expert

LowWaterMark Administrator

lucas1985 Retired Moderator

19monty64 Registered Member

19monty64 Registered Member

19monty64 Registered Member

Log in or Sign up

Killfiles-L trojan on Wilders?

Huupi Registered Member

TonyKlein Security Expert

Huupi Registered Member

lucas1985 Retired Moderator

TonyKlein Security Expert

LowWaterMark Administrator

lucas1985 Retired Moderator

19monty64 Registered Member

19monty64 Registered Member

19monty64 Registered Member

Useful Searches