Possible false positives with latest eTrust scan.

"eTrust EZ Antivirus Version 5.4.2.0
Started scanning:      12:50:32 PM, 6/7/2002
Major dat file       v1000
Minor dat file       v2094
Macro dat file      Jun  6 2002 (VMD Ver 1.6)

Scanning file(s)...
C:\WINDOWS\SYSTEM\PAV.SIG - Win95.Bumble.1736/1738 dropper.
C:\WINDOWS\SYSTEM\imscan.dll - infected with Tentacles III virus.

Finished scanning:      12:57:20 PM, 6/7/2002
Number of files scanned: 24489.
Number of infections: 2
Number of infected files not cleaned/deleted/renamed: 2
     C:\WINDOWS\SYSTEM\PAV.SIG (Win95.Bumble.1736/1738 dropper)
     C:\WINDOWS\SYSTEM\imscan.dll (Tentacles III virus)"

Not getting any hits from any of my other programs on those two. Fixing to send it to etrust for analysis. Anybody else seeing this? Pete

*I may need to update the eTrust engine - didn't they go to version 6 something just here lately?

 

Re: Possible false positives with latest eTrust sc

Did you recently use or install Panda Antivirus Pete ?


Technodrome

 

Re: Possible false positives with latest eTrust sc

I've got the Panda cleaner on here that you can get from our d/l page on here, TD. I recognized that one, it was the  other one I wasn't sure about. Of course, they're both being picked up from PAV, so that's probably where both FP's are coming from.

Now I'm trying to remember whether I used my old or new email addy. when I emailed them - oh, well!   Pete

 

Re: Possible false positives with latest eTrust sc

Yup!
Imscan.dll file, if I do recall this right, comes with Pandas Active Scan as well, and is the anti-virus scanning engine.

Technodrome

 

Re: Possible false positives with latest eTrust sc

That's what it was - I ran an ActiveScan at the PCPitStop site not too long ago. Pete

 

Re: Possible false positives with latest eTrust sc

Okay, here's the response from etrust:

Dear  spy1,
This is to notify you of the results of the testing carried out by the
Virtue system on the files that you sent to us.

Unfortunately you have encountered a false positive in our product, which
was not found by our extensive testing in QA. We will fix this problem
asap and notify you of the solution within 48 hours.

=========================================================================



The analysis of the 1st file submitted as "imscan.zip" has been completed.

The PkWare Zip Archive file has been determined to be clean.
There are however
some files contained within this file, which this section of your report
does not cover. Results of the analysis of these files can be found later
in this report.

#########################################################################


The analysis of the  file submitted as "imscan.dll" has been completed.

The Windows Dynamic Link Library file has been determined to be clean.
A human researcher has analysed the file and found nothing suspicious. Researcher comment:
This is a DLL part of Panda Antivirus software. It contains search strings for detecting viruses, but these search strings are not encrypted. Because of this, the file may appear infected to other scanners."

Hasn't been corrected yet - probably in Monday's update. Pete