Ravantivirusscanner found something TDS didn't?

Discussion in 'Trojan Defence Suite' started by ronny, Jun 16, 2004.

Thread Status:
Not open for further replies.
  1. ronny

    ronny Registered Member

    Joined:
    Feb 18, 2004
    Posts:
    231
    Location:
    Belgium
    My friend did an online scan with www.ravantivirus.com. It detected in C:\Program Files\Common files\Webroot Shared\Internet.dll the following threat: Backdom:win32/Ferat1_0.
    Because my computer has more security programs, I copied her Webrootfolder to my computer and let my securityprograms run a scan.
    But neither TDS-3, Boclean, TrojanHunter, Trojanremover, eTrust, Kaspersky online, Norton 2004,... found any suspicious file. However, when i do an online ravantiscan, it find it on my computer too.
    I already send an email to Ravanti but haven't got a reply yet.
    Could this be a false positive?

    To Diamond CS: is it alright that i submit this file to you?
     
    Last edited: Jun 16, 2004
  2. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Hi there Ronny,
    can you please be so kind as to send a copy of the file to submit@diamondcs.com.au too for advice?
    It might be a false positive, of course, but those only excist after Gavin examined them!
     
  3. ronny

    ronny Registered Member

    Joined:
    Feb 18, 2004
    Posts:
    231
    Location:
    Belgium
    Ok i did. Was hoping you would ask me :D
    ( I am a little afraid to bother Diamondcs with perhaps false positives, you know ;) )
     
    Last edited: Jun 16, 2004
  4. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    No, not at all, Gavin is not on any anti-submitting diet yet, you keep them coming those files!
     
  5. ronny

    ronny Registered Member

    Joined:
    Feb 18, 2004
    Posts:
    231
    Location:
    Belgium
    Again Diamondcs did it: they set my mind at rest :) :
    "Yes this is definitely a false alarm and you should submit the file to them so they can fix it."
    What a company, thanks again!

    I wish i could say that also of www.ravantivirus.com because i FIRST submitted the "suspicious" file to them but haven't got an answer yet...but perhaps my judgement is a bit harsh , let's wait a bit longer.

    But although it is perhaps inevitable, those "false positives" are a real nightmare.
    Why is it for some companies so difficult to avoid them?
    Sorry no offence :oops: .
     
    Last edited: Jun 17, 2004
  6. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    think that question can best be answered by the tech guys. It must have to to with having the definitions too general.
    It might corrected the databases in the meantime --which you can only find out by a new scan and did not take time to thank you.
    They must get hundreds of samples a day.
    Glad it is a false positive! Congratulations with that find!
     
Thread Status:
Not open for further replies.