Weird FP from NIS after boot-up?

Discussion in 'malware problems & news' started by denniz, May 2, 2008.

Thread Status:
Not open for further replies.
  1. denniz

    denniz Registered Member

    Joined:
    Jul 26, 2007
    Posts:
    431
    Location:
    The Netherlands
    Yesterday I scanned my computer's boot drive (C: drive) with several manual scans, I started with NIS 2008, after that NOD32 2.7, after that Threatfire ondemand 3.5, after that SuperAntiSpyware 4.0 and I concluded with Malwarebytes' Anti-Malware 1.11. My C: drive was all clean, then today I booted up my computer and NIS 2008 instantly popped up a small Window that something had been removed and that my computer was secure.

    So I checked what the problem was, it seems that a program (UltraISO) which I've been trialing for a couple of weeks now and is also installed on my C: drive, had been infected with Bloodhound.Overpacked. I found this weird, since yesterday my computer (C: drive) was all clean, the program UltraISO had been installed as trial version for a couple of weeks which I also downloaded from the official website and now for the most weird thing of all, I restored the threat and rescanned with NIS 2008 and it then reports no problems at all. It seems that the heuristic scanner of NIS 2008 detected the threat at first, why wouldn't it detect it for a 2nd time?

    I then uploaded the file to http://www.virustotal.com and http://virusscan.jotti.org and only this came up: "Webwasher-Gateway 6.6.2 2008.05.02 Win32.Malware.gen (suspicious)" the rest of the scanners reported all clean.

    NIS2008.jpg

    o_O
     
  2. dawgg

    dawgg Registered Member

    Joined:
    Jun 18, 2006
    Posts:
    817
    Looks like its just a generic packer detection... submit it to Symantec as a FP.
    ... although on rare occasions, I have seen FPs like this remain detected because it has indeed been packed many times. Whether it is actually malicious or not is not always considered.
     
  3. denniz

    denniz Registered Member

    Joined:
    Jul 26, 2007
    Posts:
    431
    Location:
    The Netherlands
    But why is it just a 1 time detection? Why didn't it detect it a 2nd or 3rd time?
     
  4. dawgg

    dawgg Registered Member

    Joined:
    Jun 18, 2006
    Posts:
    817
    ohh, dont know about that!
     
Loading...
Thread Status:
Not open for further replies.