Kaspersky said this isn't infected while 13 other AVs do

Discussion in 'other anti-virus software' started by mvdu, Oct 21, 2008.

Thread Status:
Not open for further replies.
  1. mvdu

    mvdu Registered Member

    Joined:
    Oct 14, 2003
    Posts:
    1,151
    Location:
    PA
    I just got the e-mail from Kaspersky that the file jar_cache23989.tmp and a few others like it are clean, but Avira detects as JAVA/Exploit.Bytverify.4 and 12 other AVs also detect it at VirusTotal. I'm confused: I submitted the files to Avira from Avira's Quarantine, but I think I should keep the files quarantined for now. Do you agree? Kaspersky DID detect other jar cache temp files in another location on the computer.
     
  2. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    Yes it can not hurt you in guarantine.I would wait a bit and check it again at VT if more scaners are added to the detection list is probably real.
     
  3. DarkButterfly

    DarkButterfly Registered Member

    Joined:
    Jul 18, 2008
    Posts:
    82
    I agree with djohn. It may be nothing (FP), or it may be malware and Kaspersky not be able to detect it.

    Kaspersky AV engine lost power over time.
     
  4. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
    not lost its power just more malware out there now
     
  5. btman

    btman Registered Member

    Joined:
    Feb 11, 2006
    Posts:
    576
    They could be corrupted files or simply clean. I'm not a computer expert but when quite a few av's detected samples and I sent them to Kaspersky... The lab sent me an email saying it was corrupted and thus not detected... One day I decided to test my faith and run the undetected files to see what harm would do... And they all were.. Harmless.
     
  6. mvdu

    mvdu Registered Member

    Joined:
    Oct 14, 2003
    Posts:
    1,151
    Location:
    PA
    They told me the file is clean, not corrupted. I'll see if Avira removes the samples after I sent them. Is disagreement among vendors something that happens?
     
  7. Medank

    Medank Registered Member

    Joined:
    Aug 25, 2008
    Posts:
    102
    even if 13 AV's out there detect it doesn't mean that the file is a threat, for example if Ikarus, AhnLab, Authentium, CAT-QuickHeal, eSafe, Fortinet, K7AntiVirus, PCTools, Rising, SecureWeb-Gateway, TheHacker, ViRobot, all thus AV's often shows a FP file and it's not a real threat, so it really depend on which AV's detected it.

    Let us know later what the result are.
     
  8. tiagozt

    tiagozt Registered Member

    Joined:
    Feb 28, 2004
    Posts:
    331
    If we will discuss how many malwares Kaspersky didn't detect and how manu malwares ONLY Kaspersky detects it will probaly result positive to Kaspersky and negative for a lot of other poor AVs. Kaspersky isn't perfect... No AV is perfect...
     
  9. mvdu

    mvdu Registered Member

    Joined:
    Oct 14, 2003
    Posts:
    1,151
    Location:
    PA
    I can't post a VT shot per rules, but major AVs like AntiVir, Norton, and NOD32 detect it.
     
  10. mvdu

    mvdu Registered Member

    Joined:
    Oct 14, 2003
    Posts:
    1,151
    Location:
    PA
    Not really about that, though. I'm just trying to figure out if this is malware on my machine.
     
  11. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    Agree with Medank and would not be a first for that many to produce a FP.But if Nod,Norton,Drweb etc,start to show something if not already then I would say there is some concern.If not then perhaps kaspersky did its job accurate.Until then as long as there quarantined don't panic and dont release them out of there cage.opps just seen your post above about major vendors still await avira analysis and they still can be FP.
     
    Last edited: Oct 21, 2008
  12. mvdu

    mvdu Registered Member

    Joined:
    Oct 14, 2003
    Posts:
    1,151
    Location:
    PA
    Thanks, djohn - sounds like a good plan of action. I did have some real malware that Kaspersky detected and I'm afraid these files are connected. Will await the Avira analysis and keep them in quarantine.
     
  13. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    No I don't agree. The email from Kaspersky's virus lab means someone actually looked at the files you submitted as opposed to the scanners simply picking them up. Sometimes one vendor will detect a file and others will add it automatically without looking at it. If Kaspersky emailed you that it's clean then it is.
     
  14. Medank

    Medank Registered Member

    Joined:
    Aug 25, 2008
    Posts:
    102
    absolutely and i have seen and test it myself sent a FP file to 1 av-vendor if they add it then every other AV does the same without looking at the sample.

    Thanks djohn as i said above many popular AV's just add some files and the file is clean, but thanks again for agree with me,
     
  15. thathagat

    thathagat Guest

    um mmm....so even greats have off days.....or maybe for the run of mill kind every day is an off day...we'll know soon.................
     
  16. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    your welcome,So the Files are clean thats good news.:thumb:
     
  17. mvdu

    mvdu Registered Member

    Joined:
    Oct 14, 2003
    Posts:
    1,151
    Location:
    PA
    I'll see if Avira removes it or not. I won't be able to tell right away I guess, but I could always submit via the website after a while. Then they respond to you.
     
  18. harlan4096

    harlan4096 Registered Member

    Joined:
    May 6, 2008
    Posts:
    113
    Location:
    Almería (Spain)
    I have also some files that are clean yet and KLab told me that are clean too, I tried them in a VM by myself and they are hamrless at all! but many AVs in VT still are detecting them as malware (Avira, NOD32 ... )

    Regards.
     
  19. Jin K

    Jin K Registered Member

    Joined:
    Apr 9, 2008
    Posts:
    105
    if there’s more malware that’s mean i must make something new to fight against them!! and for kaspersky they have a powerfull signature detection no 1 can disagree ، but they are lacking generic detection >< if they just can focus more on it believe me it will be on the same bar with avira!!
     
  20. Medank

    Medank Registered Member

    Joined:
    Aug 25, 2008
    Posts:
    102
    well i've seen that Kaspersky has pretty good generic detection, but kaspersky write generic detection and name it (example) Trojan-Agent.Ra ad not Generic-Trojan.Agent.Ra, that's why alot of people think that Kasperskys generic is not good but i belive it's really strong & good.
     
  21. Jin K

    Jin K Registered Member

    Joined:
    Apr 9, 2008
    Posts:
    105
    you know i have test the new emulator and its showing the same result as the old one >< ، also emulator mean heurstic detection and you know its easily to bypass it compared to generic detection. anyway i think its a matter of time untill kaspersky using it but the question is >>>>> when o_O
     
  22. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
    i didnt know you had tested the emulator beta update. i dono tbh.
     
  23. Jin K

    Jin K Registered Member

    Joined:
    Apr 9, 2008
    Posts:
    105
    you mean

    Trojan-Agent.Ra
    Generic-Trojan.Agent.Ra

    i haven’t seen 1 detection with that name o_O
     
  24. Medank

    Medank Registered Member

    Joined:
    Aug 25, 2008
    Posts:
    102

    what i meant is that Trojan.Agent.** or example* Trojan-Dropper.Delf those can be generic detection as well and i've seen that Kaspersky often name generic detection with normal name as Trojan.Agent or Trojan-Dropper ,
     
  25. Jin K

    Jin K Registered Member

    Joined:
    Apr 9, 2008
    Posts:
    105
    i dont think so o_O

    but to make sure i will ask rinat from kl about it
     
Loading...
Thread Status:
Not open for further replies.