VirusTotal?

Discussion in 'other anti-virus software' started by ErikAlbert, Dec 12, 2007.

Thread Status:
Not open for further replies.
  1. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    If I have to believe VirusTotal, every file is infected :

    ShadowProtect Desktop is infected.
    Karen's Replicator is infected.
    Firefox is infected.
    Thunderbird is infected.

    Is this website a collection of false positives or what ?
     
  2. IBK

    IBK AV Expert

    Joined:
    Dec 22, 2003
    Posts:
    1,819
    Location:
    Innsbruck (Austria)
    which av reports what?
    you could blame the av but not VT for showing what the av reports.
     
  3. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    TheHacker reported a Trojan in ShadowProtect Desktop.
    Prevx1 : Heuristic: Suspicious Self Modifying File in Firefox and Thunderbird.
    Prevx1 : Heuristics: Suspicious Hijacker in Sandboxie
    Panda : Suspicious file in Karen's Replicator.
    Prevx1 : Heuristic: suspicious self modifying file in R-Wipe & Clean
    Prevx1: Heuristic: Suspicious File With Bad Parent Associations in IZArc
    Prevx1: Heuristic: Suspicious File With Persistence in Returnil :D :D :D
    Prevx1: Heuristic: Suspicious File With Code Injection Technology in DeepFreeze. :D :D :D

    How many examples do you need ?
     
    Last edited: Dec 12, 2007
  4. dawgg

    dawgg Registered Member

    Joined:
    Jun 18, 2006
    Posts:
    817
    Heloooo! does the detection look like its saying the file's definatley infected?

    Some AVs give FPs, some have heuristics (which may be incorrectly detecting the file and which may be loose... call many files suspicious or detect it with heurstics), some give true detections (heuristics/signatures).
    Look at what the majority and come to your own conclusion whether the census is that its infected or not. If in doubt, send the file to your AV and they should check it and reply to you.
     
  5. HURST

    HURST Registered Member

    Joined:
    Jul 20, 2007
    Posts:
    1,419
    AKLT test is also flagged by prevx1

    Heuristic: Suspicious File With Code Injection Technology

    Heloooo! I think most of people here know what an heuristic is, but I guess ErikAlbert was remarking how you can't trust those scanners 100%.

    PS: it looks like prevx1 is a FP factory.
     
  6. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    You got that right. :)
     
  7. Long View

    Long View Registered Member

    Joined:
    Apr 30, 2004
    Posts:
    2,295
    Location:
    Cromwell Country
    Just ran prevx csi and found nothing. Guess my false positives are hiding :'(
     
  8. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    Judging by his swipe at VirusTotal I was expecting some new message perhaps, but it turns out it's still the same, tired old tune?
     
  9. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Prevx1: Heuristic: Suspicious File with bad parent associations in VirtualDub
    eSafe : suspicious Trojan/Worm in VirtualDub
    Webwasher-Gateway : Win32.Modified.gen! 90 (suspicious) in VirtualDub

    So VirtualDub has 3 infections. Isn't that an open source software ?

    EDIT :
    VirtualDub is malware free according Jotti, but there is a problem : Jotti has no Prevx1, eSafe and Webwasher-Gateway and that creates a dilemma. :eek:
     
    Last edited: Dec 12, 2007
  10. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    IrfanView v410 : 4 infections

    eSafe: suspicious Trojan/Worm in IrfanView
    Panda: suspicious file in IrfanView
    Prevx1: Heuristic: suspicious file with outbound communications in IrfanView
    Webwasher-Gateway : worm.win32.modifiedUPX.gen!84 (suspicious) in IrfanView

    EDIT:
    IrfanView v410 is MALWARE-FREE according Jotti So don't you panic IrfanView-users there is still hope.
     
    Last edited: Dec 12, 2007
  11. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    I run prevx 2.0 and it doesn't flag firefox or thunderbird, so maybe you are infected
     
  12. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Did you run the installation files of FF and TB through VirusTotal or not ?
     
  13. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    That's enough for today. It was amusing to see 32 scanners at work. :D
     
    Last edited: Dec 12, 2007
  14. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    This is the joke of today :

    VirusTotal
    Panda : Suspicious file in Karen's Replicator. (= Mr. Hide)

    Jotti
    Panda : Found nothing in Karen's Replicator. (= Dr. Jekyll)

    So Panda has a different opinion at both websites. ROFLMAO. I love absurdity.
     
    Last edited: Dec 12, 2007
  15. HURST

    HURST Registered Member

    Joined:
    Jul 20, 2007
    Posts:
    1,419
    This is a good one:
    HijackThis.exe

    Panda: suspicious file
    eSafe: suspicious Trojan/Worm
     
  16. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    LOL. eSafe always reports the same thing. VirtualDub and IrfanView have also a suspicious Trojan/Worm according eSafe. :D
     
  17. Inspector Clouseau

    Inspector Clouseau AV Expert

    Joined:
    Apr 2, 2006
    Posts:
    1,329
    Location:
    Maidenhead, UK
    Before making such stupid posts it would help if you take into consideration that

    1. They are different server based services; that said they might use different versions of engines from the same product eg. Windows version or Linux Version
    2. Within 2 different platform versions there can be differences
    3. That the options (heuristic levels etc) are not equal on both online scanning sides
    4. and finally it's not absurd if you just spend 2 min of thinking WHY such things can happen. It's really not that difficult to understand.
     
  18. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    Of course it is different, what do you expect from two different websites, that they would do exactly the same thing ?
     
  19. mrfargoreed

    mrfargoreed Registered Member

    Joined:
    Jun 16, 2006
    Posts:
    356
    Ah yes, the deadly VirtualDub! A menace of a movie converter if ever there was one. ROFL. Think I'll pass on eSafe thank you very much. Wonder if it's ok to use Notepad?
     
  20. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    No, Notepad isn't safe either according VirusTotal : Webwasher-Gateway : BlockReason.0 in Notepad
    Notepad is safe according Jotti.
     
  21. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,041
    As this thread really doesn't seem to be much more than an anti-AV rant, it's made it's point. Thread closed.

    Pete
     
Thread Status:
Not open for further replies.