False Positive Chernobyl?

Discussion in 'other anti-virus software' started by ccsito, Dec 28, 2006.

Thread Status:
Not open for further replies.
  1. ccsito

    ccsito Registered Member

    Joined:
    Jul 27, 2006
    Posts:
    1,579
    Location:
    Nation's Capital
    I scanned one of my PCs with Antivir and Kaspersky's online scanner and they detected the W95/CIH virus in two EXE files in a Canon printer driver folder (within the main WINDOWS folder). The message box said the virus signature was "inactive". The files are dated back from 2001 when I first installed the printer. Is this a valid virus detection?

    http://www.symantec.com/security_response/writeup.jsp?docid=2000-122010-2655-99
     
  2. tomazyk

    tomazyk Guest

    I would try to send files on virustotal.com. See what other products say about them.
     
  3. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,411
    Perhaps some benign Chernobyl remnants?
     
  4. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    most likely a false positive,

    dr.web and panda (only 2 i tried) both found dell printer drivers as w32 virus, sent to dr.web and they said it was a FP. (still to this day, dont know if panda fixed this one)
     
  5. FRug

    FRug Registered Member

    Joined:
    Feb 7, 2006
    Posts:
    309
    my bet is an incomplete repair, which is quite common for cih (chernobyl) infected files.

    hard to find out exactly without the files.
     
  6. ccsito

    ccsito Registered Member

    Joined:
    Jul 27, 2006
    Posts:
    1,579
    Location:
    Nation's Capital
    I don't use that printer anymore so I went ahead and just quarantined the two items. They appear to be from a particular company that placed their software along with the other Canon printer files. I guess I can also send them to other online scanners to see what they say. Thanks.
     
Loading...
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.