False Positive Chernobyl?

Discussion in 'other anti-virus software' started by ccsito, Dec 28, 2006.

Thread Status:
Not open for further replies.
  1. ccsito

    ccsito Registered Member

    Joined:
    Jul 27, 2006
    Posts:
    1,579
    Location:
    Nation's Capital
    I scanned one of my PCs with Antivir and Kaspersky's online scanner and they detected the W95/CIH virus in two EXE files in a Canon printer driver folder (within the main WINDOWS folder). The message box said the virus signature was "inactive". The files are dated back from 2001 when I first installed the printer. Is this a valid virus detection?

    http://www.symantec.com/security_response/writeup.jsp?docid=2000-122010-2655-99
     
  2. tomazyk

    tomazyk Guest

    I would try to send files on virustotal.com. See what other products say about them.
     
  3. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Perhaps some benign Chernobyl remnants?
     
  4. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    most likely a false positive,

    dr.web and panda (only 2 i tried) both found dell printer drivers as w32 virus, sent to dr.web and they said it was a FP. (still to this day, dont know if panda fixed this one)
     
  5. FRug

    FRug Registered Member

    Joined:
    Feb 7, 2006
    Posts:
    309
    my bet is an incomplete repair, which is quite common for cih (chernobyl) infected files.

    hard to find out exactly without the files.
     
  6. ccsito

    ccsito Registered Member

    Joined:
    Jul 27, 2006
    Posts:
    1,579
    Location:
    Nation's Capital
    I don't use that printer anymore so I went ahead and just quarantined the two items. They appear to be from a particular company that placed their software along with the other Canon printer files. I guess I can also send them to other online scanners to see what they say. Thanks.
     
Thread Status:
Not open for further replies.