Uncertain positive result from CPSecure at Jotti and VirScan

Discussion in 'other anti-trojan software' started by Tim Tylor, Feb 16, 2009.

Thread Status:
Not open for further replies.
  1. Tim Tylor

    Tim Tylor Registered Member

    Joined:
    Aug 25, 2008
    Posts:
    7
    I've submitted an .exe file to the Jotti, Virscan and VirusTotal malware scanning sites. The CPSecure scanner on Jotti and VirScan reports Troj.Spy.W32.Banker.bve, but every other scanner finds the file clean. ESET NOD32 antivirus on my computer finds it clean as well. Would it be sensible for me to dismiss the lone CPSecure result as a false positive? I'm new to this stuff and I'd be glad of advice. (I'm reluctant to post the name and source of the file here as I don't want to make trouble for its creator.)
     
  2. dorgane

    dorgane Registered Member

    Joined:
    Oct 17, 2007
    Posts:
    362
    can you paste virustotal link plz ?

    thank you.
     
  3. Tim Tylor

    Tim Tylor Registered Member

    Joined:
    Aug 25, 2008
    Posts:
    7
  4. GES/POR

    GES/POR Registered Member

    Joined:
    Nov 26, 2006
    Posts:
    1,490
    Location:
    Armacham
    ppl need to stop using viruscanning engines sites as the gospel, theres plenty of malware undetected by all av's so yes be suspicious and send it in to a few av vendors, professional analysis would provide you with a more certain outcome.
     
  5. NoIos

    NoIos Registered Member

    Joined:
    Mar 11, 2009
    Posts:
    607
    If the hash of the file you submit is already in the databases of sites like virustotal and the date of the initial submission is at least 4 - 5 days old, considering that virustotal collects data and samples for the various security companies, then there is a high possibility that your file already passed from the labs of the antivirus companies. Request a rescan from virustotal. The new results will be safer to accept.

    My strategy was always to leave a suspected file zipped in a password protected archive for at least a week and then rescan it. That does not work when you have to immediately open or run the file...for your job or other important tasks.
     
Thread Status:
Not open for further replies.