Killfiles-L trojan on Wilders?

Discussion in 'malware problems & news' started by Huupi, Sep 21, 2007.

Thread Status:
Not open for further replies.
  1. Huupi

    Huupi Registered Member

    Joined:
    Sep 2, 2006
    Posts:
    2,024
    If i click in a thread in Software and Services [ShadowDefender...new kid on the block],i get an alert from Avast saying ''Killfiles-L Trojan discovered,would you disconnect". Perhaps its a FP but i like to know you that this even can happen here on Wilders.
     
  2. TonyKlein

    TonyKlein Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    4,356
    Location:
    The Netherlands
    Re: Killfiles-L trojan on Wilders

    Yes indeed: False Positives can happen absolutely anywhere... :D

    Could it be Avast objecting to this sample command posted by ErikAlbert:

    [​IMG]

    The command, if run, could indeed wreak havoc, deleting most files in the root of C.

    Just sitting there on the web page it is of course harmless, let alone a 'trojan'.
     
    Last edited by a moderator: Sep 21, 2007
  3. Huupi

    Huupi Registered Member

    Joined:
    Sep 2, 2006
    Posts:
    2,024
    Re: Killfiles-L trojan on Wilders

    Yes but how to get rid of these annoying messages ? And thanks for to give me some peace of mind.
     
  4. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Re: Killfiles-L trojan on Wilders

    I guess that Avast is detecting this command

    [​IMG]

    See a similar behaviour with NOD32.
    EDIT:
    TonyKlein was faster :D
     
    Last edited by a moderator: Sep 21, 2007
  5. TonyKlein

    TonyKlein Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    4,356
    Location:
    The Netherlands
    Re: Killfiles-L trojan on Wilders

    I'm not familiar with Avast myself, but I suspect you can't.

    Why not bring this to their attention by posting at the Avast! forum: http://forum.avast.com/


    No prob, you're welcome. Happy surfing. :)
     
  6. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    18,127
    Location:
    New England
    FYI - It also appears to be a recent update to avast! that caused this false positive. When I saw this thread, I booted a PC where I have avast! installed, went to the thread in question and didn't get the alert. I had to update avast! in order for it to start flagging the various posts in that thread containing that DOS DEL command. The definitions were probably a week or so old before the update was run and the f/p started appearing.

    So, if it is a recent addition to their detections, they'll simply need to think about just how they added it and come up with a way to tailor it so it doesn't flag by merely reading a webpage with that command in it.


    Note: Since avast! was also flagging this thread for the same reason, I edited the two posts above that originally had copies of the DEL command in text and changed them to images of that command.
     
  7. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    It's the same situation as this one:
     
  8. 19monty64

    19monty64 Registered Member

    Joined:
    Apr 10, 2006
    Posts:
    1,302
    Location:
    Nunya, BZ
    Since ErikAlbert helped us find this "trojan" maybe he should change his sign-in to EicarAlbert roflol He also helped me discover "new" security for my computer. When the "Avast-sirens" sounded out, my dog started barking and alerted the sleeping-household to the intruder-alert roflol The scotty-bark of WinPatrol is nothing compared to the Avast-sirens and Buddy-bark early on a Saturday morn in my house roflol Thanx EicarAlbert roflol
     
  9. 19monty64

    19monty64 Registered Member

    Joined:
    Apr 10, 2006
    Posts:
    1,302
    Location:
    Nunya, BZ
  10. 19monty64

    19monty64 Registered Member

    Joined:
    Apr 10, 2006
    Posts:
    1,302
    Location:
    Nunya, BZ
    Update 000776-0 seems to solve the FP for Avast. Great support, and on a weekend no less, makes a good product a great one! :thumb: :thumb: * * * * *
     
Loading...
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.