Virus Total/Jotti

Discussion in 'malware problems & news' started by Rico, Aug 20, 2013.

Thread Status:
Not open for further replies.
  1. Rico

    Rico Registered Member

    Joined:
    Aug 19, 2004
    Posts:
    1,699
    Location:
    Texas
    Hi Guys,

    All preformed in the last 5 minutes, so most likely did not miss any updates:

    Download from "Bleeping" ADW Cleaner (love this program)

    scanned the downloaded file with VT found 1 out of 46 scanners

    Antivir -found spr/autolt.gen

    Scan same file at Jotti:

    Antivir found 0 (note Antivir at jotti showed the umbrella,like Avira are these the same antvir @ VT & Jotti), one finds something the other does not.

    Jotti - ClamAV finds pua.win32.packer.upx-53
    ____________

    I like bleeping allot, are downloads for applications on there pages infected?

    Is it unfair to believe that downloads, from bleeping be malware free?

    Would/should those find(s) (ADW cleaner) be ignored as the overwhelming majority of scanners found nothing.

    FP's so use as bleeping downloads are safe?

    I advise my club "VT/Jotti" should be 100% malware free, or it's poison, is this too strong language?

    Paranoia big destroy ah - sounds like a song
     
  2. mick92z

    mick92z Registered Member

    Joined:
    Apr 27, 2007
    Posts:
    499
    Location:
    Nottingham
    Unfair ? Utterly ridiculous/ Yes it does show Avira detection on VT. I have Avira , I just downloaded, scanned with Avira, nothing detected, and installed.
    While you cannot trust anything % 100 ( eg accidental virut infected combofix)
    You must use your common sense
     
  3. Rico

    Rico Registered Member

    Joined:
    Aug 19, 2004
    Posts:
    1,699
    Location:
    Texas
    Hi Mick,

    Jotti & VT - give a heads up, as to what your getting into.
    the more experienced, here might advise otherwise.
    _______________

    Say you download, from a trusted source, like bleeping or geeks to go, run VT and or Jotti, it finds somethig: Do you trust the source, or jotti/vt? Should there be a discrepancy, 3rd party arbitrary is?

    ++++++++++++++++++++++

    Recently I was looking for a driver, downloaded it from "CNET", scanned with Jotti/VT", both came up with multiple malware attached, to the driver. Who do you trust?
     
  4. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    5,242
    It's a false positive - absolutely nothing to worry.

    As for the above detection, the file is being flagged because it has been compressed - not due to it being harmful. Malware quite often is compressed in order to make it harder to detect which is why the UPS compressor is being flagged.

    Edit:
    PUA is an acronym for Potentially Unwanted Application. Note that the UPX compressor is being labelled potentially unwanted, not AdwCleaner.
     
  5. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    Look at the date of the results, VirusTotal searches the hash and gives you the most recent previous result first.

    And I double check with Anubis, Comodo File Verdict Service, and scanning the website URL with VirusTotal. If still suspicious, manual Sandboxie/VirtualBox check, and send to AV vendors.
     
    Last edited: Aug 20, 2013
  6. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    5,242
    While I never scan any of my downloads myself - I just let the realtime protection of my antivirus do that automatically (or if I don't have antivirus software installed at the time my downloads don't get scanned), I suggest the following:

    If a threat is detected by only one or two scanners, there is a good possibility it is a false positive. Also, you need to consider what was detected, e.g. heuristic detection which means that the av software is saying that the file is suspicious - but that does not mean it is actually infected, or detection of PUPs/unwanted software - software which may be of little use but is not malicious.

    If you are download software from a trustworthy download site, the chance of downloading something malicious is very slim.

    Quite possibly you didn't download the driver itself, but CNET's downloader which will download the driver tries to get you to install other software as well, which could cause it to be detected by antivirus software.
     
Loading...
Thread Status:
Not open for further replies.