Killfiles-L trojan on Wilders?

Discussion in 'malware problems & news' started by Huupi, Sep 21, 2007.

Thread Status:
Not open for further replies.
  1. Huupi

    Huupi Registered Member

    Joined:
    Sep 2, 2006
    Posts:
    2,024
    If i click in a thread in Software and Services [ShadowDefender...new kid on the block],i get an alert from Avast saying ''Killfiles-L Trojan discovered,would you disconnect". Perhaps its a FP but i like to know you that this even can happen here on Wilders.
     
  2. TonyKlein

    TonyKlein Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    4,350
    Location:
    The Netherlands
    Re: Killfiles-L trojan on Wilders

    Yes indeed: False Positives can happen absolutely anywhere... :D

    Could it be Avast objecting to this sample command posted by ErikAlbert:

    [​IMG]

    The command, if run, could indeed wreak havoc, deleting most files in the root of C.

    Just sitting there on the web page it is of course harmless, let alone a 'trojan'.
     
    Last edited by a moderator: Sep 21, 2007
  3. Huupi

    Huupi Registered Member

    Joined:
    Sep 2, 2006
    Posts:
    2,024
    Re: Killfiles-L trojan on Wilders

    Yes but how to get rid of these annoying messages ? And thanks for to give me some peace of mind.
     
  4. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Re: Killfiles-L trojan on Wilders

    I guess that Avast is detecting this command

    [​IMG]

    See a similar behaviour with NOD32.
    EDIT:
    TonyKlein was faster :D
     
    Last edited by a moderator: Sep 21, 2007
  5. TonyKlein

    TonyKlein Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    4,350
    Location:
    The Netherlands
    Re: Killfiles-L trojan on Wilders

    I'm not familiar with Avast myself, but I suspect you can't.

    Why not bring this to their attention by posting at the Avast! forum: http://forum.avast.com/


    No prob, you're welcome. Happy surfing. :)
     
  6. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,875
    Location:
    New England
    FYI - It also appears to be a recent update to avast! that caused this false positive. When I saw this thread, I booted a PC where I have avast! installed, went to the thread in question and didn't get the alert. I had to update avast! in order for it to start flagging the various posts in that thread containing that DOS DEL command. The definitions were probably a week or so old before the update was run and the f/p started appearing.

    So, if it is a recent addition to their detections, they'll simply need to think about just how they added it and come up with a way to tailor it so it doesn't flag by merely reading a webpage with that command in it.


    Note: Since avast! was also flagging this thread for the same reason, I edited the two posts above that originally had copies of the DEL command in text and changed them to images of that command.
     
  7. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    It's the same situation as this one:
     
  8. 19monty64

    19monty64 Registered Member

    Joined:
    Apr 10, 2006
    Posts:
    1,302
    Location:
    Nunya, BZ
    Since ErikAlbert helped us find this "trojan" maybe he should change his sign-in to EicarAlbert roflol He also helped me discover "new" security for my computer. When the "Avast-sirens" sounded out, my dog started barking and alerted the sleeping-household to the intruder-alert roflol The scotty-bark of WinPatrol is nothing compared to the Avast-sirens and Buddy-bark early on a Saturday morn in my house roflol Thanx EicarAlbert roflol
     
  9. 19monty64

    19monty64 Registered Member

    Joined:
    Apr 10, 2006
    Posts:
    1,302
    Location:
    Nunya, BZ
  10. 19monty64

    19monty64 Registered Member

    Joined:
    Apr 10, 2006
    Posts:
    1,302
    Location:
    Nunya, BZ
    Update 000776-0 seems to solve the FP for Avast. Great support, and on a weekend no less, makes a good product a great one! :thumb: :thumb: * * * * *
     
Loading...
Thread Status:
Not open for further replies.