Positive Identification?

Hi,
I have just downloaded Visual Studio .NET2003 Professional from MSDN, when I tried to run the executable archive TDS reported a positive Identification, There was no entry in the name column, I assumes that a 'positive ID' meant there the file definatley contains a trojan. and a 'Possible ID' may or may not be a trojan.
I assume there is no trojan in the download as it comes from a trusted source (MSDN downloads)
Surely if there is a positive ID there should be a reason in the 'Name' column?

NOTE: A manual scan of the file shows it to be clean?

Thanks
Tom

 

Can you locate the exact file which was alarmed on? Or is it the download as a whole, the many big MB large file?
Which exactly was the alarm? It would say something like
suspicious ..... <adv> or positive identification ..<adv>
possible.... something.

 

The file downloaded was a self expanding archive called en_vs.net_2003_pro_full.exe it is 560 MB (588,120,576 bytes)

When I tried to run the file TDS execution protection denied it, the error was as shown in the screen dump.

When I manually scanned the file with TDS The positive Id was not there!

 

Hi frogfoot....

There is no name for the positive id in that shot.... which is unusual... but by looking at the file name, it could have alarmed because it looked like it has dual extensions [ . ] being read as extension, but even then, it usually says so.

A manual scan by TDS gives no alarms also, correct?... seems odd..

how about you send the file to DCS... submit@dcs.com.au *I think*...

or... give link, someone may download and test...

also.... go HERE FOR KASPERSKY SINGLE FILE SCAN

Just browse to the file and it will upload and be scanned... just to be sure.

TAS

 

Hi Frogfoot,

I have removed your personal information from your attachment (the blanked out sections in turquoise). If you do post any other images, please blank out any personal information like emails, registration #'s, names, etc., for security reasons.

Regards,

snap

 

Tassie,
The file is 560MB and would take several hours (6 or so) to upload (256k uplink) , plus the fact that distribution is against the terms of the MDSN license. Maybe one of the DCS developers has a MSDN subscription and can download it?

The 'unusual filename' option has been unchecked on my TDS config as I have many 'double extension files. So I dont think it was that.

 

LOL.. oh ok.. I shall just dl that on dial up..

ok mate, sorry, did not realise it was like that... but it does seem it would be fine if it came from the genuine site, and you are the owner of it.

I take it you did scan it with your AV also.

If TDS is blocking it from execution, you may have to temporarily disable TDS and install it like that, provided of course you are confident it's clean.

Cheers, TAS

 

Normally TDS would have big problems to scan such a large file, you could not upload it to DCS nor the KAV online scanner (which is limited to 1 MB )
Think you can risk installing it and scan very deep and carefully after that before doeing anything else.
If you took it from the original site and nothing else shows up on your system... But it IS strange.

I did never configure anothing to not show unusual file names etc, i want to know everything, even double extensions

It's always a risk with exe files in stead of zipped which you can at least scan inside file by file and give extra attantion to suspicious ones.

 

Hi Frogfoot, Most likely to do with the large file size, TDS3 sometimes hiccups on large files of this nature.
If you are sure it is from a trusted source you can exclude it from the TDS scan using Scan Control - Scan exclusions.

HTH Pilli

 

Thanks for all your help.
I assumed that it was to do with the file size, I just thought I would bring it the developers attention.
Bye
Tom

 

It is very good that you did, looking forward to scan results after installing it.