Could this be a False Positive???

Discussion in 'other anti-virus software' started by fredra, Mar 23, 2005.

Thread Status:
Not open for further replies.
  1. fredra

    fredra Registered Member

    Joined:
    Jul 25, 2004
    Posts:
    366
    Hi
    I have this file in the WS_FTP Pro folder and only one AV seem to detect it as "malware". See the below analysis from jotti's site.
    My question is
    -Could this be a FP?
    -What is modification of Win95.Werther.1224o_O
    Only the good doctor has picked this up, hence my question.

    Thanks for your response.
    Cheers :)

    Service load: 0% 100%

    File: wsbho2k0.dll
    Status: INFECTED/MALWARE
    Packers detected: -

    AntiVir No viruses found
    Avast No viruses found
    AVG Antivirus No viruses found
    BitDefender No viruses found
    ClamAV No viruses found
    Dr.Web modification of Win95.Werther.1224
    F-Prot Antivirus No viruses found
    Fortinet No viruses found
    Kaspersky Anti-Virus No viruses found
    mks_vir No viruses found
    NOD32 No viruses found
    Norman Virus Control No viruses found
     
  2. AndreyKa

    AndreyKa Registered Member

    Joined:
    Feb 25, 2005
    Posts:
    93
    Location:
    Russia
  3. tahoma

    tahoma Registered Member

    Joined:
    May 31, 2003
    Posts:
    228
    in my experience it isnt a virus if kav says it isnt. best way to get a quick reply is (also in my opinion) to send it to newvirus@kaspersky.com - usually u get a reply within a couple of hours
     
  4. fredra

    fredra Registered Member

    Joined:
    Jul 25, 2004
    Posts:
    366
    Hi
    To AndreyKa and tahoma
    Thanks for your input...I took your advuce and sent the file off to both locations as you suggested. If I receive any replies, I will update this thread.
    Your help is appreciated.
    Cheers :)
     
  5. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    7,927
    Location:
    The land of no identity :D
    You can contact stormbyte here at Wilders' and ask him the email for sending samples...
     
  6. fredra

    fredra Registered Member

    Joined:
    Jul 25, 2004
    Posts:
    366
    To anyone who maybe interessted.
    I got a e-mail reply from Kav

    "Hello. That is a false positive of Dr.Web antivirus."

    So far, no response from Dr. Web, so I will assume that this file is ok, and the good doctor had a hiccup.

    Thanks for your feedback.
    Cheers :)
     
  7. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    7,927
    Location:
    The land of no identity :D
    Does KAV test with Dr.Web or have relations with Dr.Webo_O

    Maybe it can be called an FP b'coz it may contain virus code from Win95.Werther but it musta been modified so the file is harmless now. At least thats the way I figure it.
     
Loading...
Thread Status:
Not open for further replies.