DrWeb AV - FP, re HijackThis?

Discussion in 'other anti-virus software' started by SG1, Dec 31, 2005.

Thread Status:
Not open for further replies.
  1. SG1

    SG1 Registered Member

    Joined:
    Jan 16, 2003
    Posts:
    430
    In below screenshot, look at download dates of HT copies, and
    the size file difference. I'm curious about that, as DrWeb AV (just a while ago) pegged HijackThis1981.exe as "Probably WIN SCRIPT.Virus."

    As I recall, this isn't 1st time DrWeb AV marked HT as such, (and I've found in the past DrWeb pegged the most FPs, for a time anyway). But this is only file it marked in a recent scan of C drive. I do have latest ver. of DrWeb and the latest defs. loaded, so I wondered - is it "just a probable" FP? Ideas?

    Thanks, SG1 (Pat)
     

    Attached Files:

    • HT.gif
      HT.gif
      File size:
      4.4 KB
      Views:
      27
  2. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    Submit the sample to DrWeb in here,

    http://support.drweb.com/sendnew/

    after a couple of hours I think the FP is corrected.

    Best regards,
    Firefighter!
     
  3. SG1

    SG1 Registered Member

    Joined:
    Jan 16, 2003
    Posts:
    430
    Firefighter;

    Tried several right click choices, re winzip for suspect file: error msg I got was...

    Action: Add (and replace) files Include subfolders: no Save
    full path: no
    Include system and hidden files: yes
    Adding HijackThis1981.exe
    Warning: could not open for reading:
    C:/Holding/HijackThis1981.exe
    copying Zip file

    So, seems I can't zip and send file to DrWeb folks, as far as I can tell. Odd, that...

    SG1 (Pat)
     
  4. Firefighter

    Firefighter Registered Member

    Joined:
    Oct 28, 2002
    Posts:
    1,670
    Location:
    Finland
    Pause the SpIDerGuard first, then add that sample to a password protected archive. If you have troubles in it, you can always use this free archiver, it's very comfortable.

    http://www.izarc.org/download.html

    Best regards,
    Firefighter!
     
  5. SG1

    SG1 Registered Member

    Joined:
    Jan 16, 2003
    Posts:
    430
    Firefighter;

    Thanks for info about pausing SpiderGuardNT, before attempting to zip a file and I've also never had to or tried to password protect any given zip file.

    FURTHER RECAP-UPDATE:

    DrWeb AV scanned a possible FP last night (stating a file was "probably WIN SCRIPT.virus" and this wasn't 1st time DrWeb had FP over that file or versions of it. So, I went to zip the file, to send to DrWeb and got msg.

    Action: Add (and replace) files Include subfolders: no Save full path: no
    Include system and hidden files: yes
    Adding HijackThis1981.exe

    Warning: could not open for reading: C:/Holding/HijackThis1981.exe
    copying Zip file

    ++++++++

    TrojanHunter, after recent update, said:

    File scan

    C:\Holding\HijackThis1981.exe Not scanned (in use by another application)

    MY NOTE: a file in storage - in use - by what?

    C:\pagefile.sys Not scanned (in use by another application)
    No trojan files found
    11030 files scanned in 1323 seconds

    ++++++++

    Then today, ran CWshredder for the heck of it, and am told that I had the cws variant CWS.Msconfig - that's why msconfig kept coming up at bootup all the time? Thought it did that, as I've messed with it so much, and that it came up upon bootup in case you wanted to change something yet again.

    What is this business, of a sudden? No security app sees zip, and then I have a Shredder variant - or at least per CWshredder? Unless even that app had an FP? After letting CWshredder fix it, however, msconfig now no longer starts at every bootup; I can, however, start it in the usual fashion from Start/Run box.

    ++++++++

    P.S. I'd over time seen, I think on this newer drive and maybe last one, the HijackThis icon on varied files - and I thought perhaps I'd screwed up a file assoc. or icon/s in general when messing about with that stuff at one time or another. Now, it makes me wonder... But again, all security apps in general, tell me that I have a clean machine; Ewido's the only app that has "burped" about alleged spware cookies, in D drive's storage, then locked them up.

    SG1 (Pat) * Will try archiver app that you mention; thanks.

    SpiderGuard wasn't on at time of scan, rather, just ran the DrWeb scanner proper, while offline. (Unless Guard comes on in auto pilot mode, when one runs the scanner module)?
     
Loading...
Thread Status:
Not open for further replies.