Virus Total/Jotti

Hi Guys,

All preformed in the last 5 minutes, so most likely did not miss any updates:

Download from "Bleeping" ADW Cleaner (love this program)

scanned the downloaded file with VT found 1 out of 46 scanners

Antivir -found spr/autolt.gen

Scan same file at Jotti:

Antivir found 0 (note Antivir at jotti showed the umbrella,like Avira are these the same antvir @ VT & Jotti), one finds something the other does not.

Jotti - ClamAV finds pua.win32.packer.upx-53
____________

I like bleeping allot, are downloads for applications on there pages infected?

Is it unfair to believe that downloads, from bleeping be malware free?

Would/should those find(s) (ADW cleaner) be ignored as the overwhelming majority of scanners found nothing.

FP's so use as bleeping downloads are safe?

I advise my club "VT/Jotti" should be 100% malware free, or it's poison, is this too strong language?

Paranoia big destroy ah - sounds like a song

 

Unfair ? Utterly ridiculous/ Yes it does show Avira detection on VT. I have Avira , I just downloaded, scanned with Avira, nothing detected, and installed.
While you cannot trust anything % 100 ( eg accidental virut infected combofix)
You must use your common sense

 

Hi Mick,

Jotti & VT - give a heads up, as to what your getting into.
the more experienced, here might advise otherwise.
_______________

Say you download, from a trusted source, like bleeping or geeks to go, run VT and or Jotti, it finds somethig: Do you trust the source, or jotti/vt? Should there be a discrepancy, 3rd party arbitrary is?

++++++++++++++++++++++

Recently I was looking for a driver, downloaded it from "CNET", scanned with Jotti/VT", both came up with multiple malware attached, to the driver. Who do you trust?

 

It's a false positive - absolutely nothing to worry.

As for the above detection, the file is being flagged because it has been compressed - not due to it being harmful. Malware quite often is compressed in order to make it harder to detect which is why the UPS compressor is being flagged.

Edit:
PUA is an acronym for Potentially Unwanted Application. Note that the UPX compressor is being labelled potentially unwanted, not AdwCleaner.

 

Look at the date of the results, VirusTotal searches the hash and gives you the most recent previous result first.

And I double check with Anubis, Comodo File Verdict Service, and scanning the website URL with VirusTotal. If still suspicious, manual Sandboxie/VirtualBox check, and send to AV vendors.

 

While I never scan any of my downloads myself - I just let the realtime protection of my antivirus do that automatically (or if I don't have antivirus software installed at the time my downloads don't get scanned), I suggest the following:

If a threat is detected by only one or two scanners, there is a good possibility it is a false positive. Also, you need to consider what was detected, e.g. heuristic detection which means that the av software is saying that the file is suspicious - but that does not mean it is actually infected, or detection of PUPs/unwanted software - software which may be of little use but is not malicious.

If you are download software from a trustworthy download site, the chance of downloading something malicious is very slim.

Quite possibly you didn't download the driver itself, but CNET's downloader which will download the driver tries to get you to install other software as well, which could cause it to be detected by antivirus software.