Weird results

Discussion in 'other anti-virus software' started by mrhero, Aug 7, 2007.

Thread Status:
Not open for further replies.
  1. mrhero

    mrhero Registered Member

    Joined:
    Jul 15, 2005
    Posts:
    297
    Location:
    Ankara , Turkey
    I have a file downloaded from a suspected web site. Virustotal results is this:

    ~VirusTotal scan removed. - Ron~ Send any suspect files to the various antivirus vendors.

    As you can see a lot of scanners sign this file as virus.
    Weird point is; I sent this file to drweb twice and their reply is that this file isn't malicious. And how Kaspersky can't catch when Ahnlab cano_O
    Could anybody explain this results?
     
    Last edited by a moderator: Aug 7, 2007
  2. MalwareDie

    MalwareDie Registered Member

    Joined:
    Dec 8, 2006
    Posts:
    500
    Re: Weir results

    Could be that not all companies are unified in their idea of what is malware. Could be that the file is a false positive, thoguh I am doubtful about this. there could be many reasons but I don't know enough to tell you all of them.
     
  3. Macstorm

    Macstorm Registered Member

    Joined:
    Mar 7, 2005
    Posts:
    2,531
    Location:
    Sneffels volcano
    Re: Weir results

    I want to ask, did you send the file to Kaspersky? newvirus[AT]kaspersky.com
    .
     
  4. mrhero

    mrhero Registered Member

    Joined:
    Jul 15, 2005
    Posts:
    297
    Location:
    Ankara , Turkey
    Re: Weir results

    No i only sent to drweb as i am a customer of them. But i will send to Kaspersky.

    a note to mods : I know virustotal results isn't allowed at this forum but at this situation those results must be seen, they are needed for understanding the question. So please add those results back. And could you change the "weir" with "weird" at the subject. Thanks
     
  5. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,740
    Location:
    Texas
    https://www.wilderssecurity.com/showthread.php?t=180057
     
  6. mrhero

    mrhero Registered Member

    Joined:
    Jul 15, 2005
    Posts:
    297
    Location:
    Ankara , Turkey
    Ron, I agree with that quote but my question isn't "why this vendor cathes but the other misses". I said that drweb analyst says this file is clean but a lot of vendors( as shown in the virustotal result) sign this file as malicious. How could it be? Can an analyst miss the same malicious file twice?
    I've just sent the file to Kaspersky and waiting the result.
     
  7. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,740
    Location:
    Texas
    I can't answer that question.

    I can suggest you send that file to as many antivirus vendors as possible.

    I can also say, if you go looking for virus trouble, you can find it. They all miss on occasion for various reasons. That is why it is important to send the files in to be analyzed.

    One thing for sure, if you go to Jotti's or VirusTotal and upload a cache of malware files dug up on the internet, someone will miss them.

    You have to consider the threat the file poses to computer users first and foremost which is what most antivirus vendors do.
     
  8. Macstorm

    Macstorm Registered Member

    Joined:
    Mar 7, 2005
    Posts:
    2,531
    Location:
    Sneffels volcano
    mrhero,

    I started a similar thread months ago link. I think you may find it interesting. ;)
     
  9. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    If a file is NOT malicious it will not be added to the database, alot of other vendors will add it though, but if drweb have checked it for you and told you why, whats the problem? . . The other vendors probably only detected it by generic signatures
     
  10. mrhero

    mrhero Registered Member

    Joined:
    Jul 15, 2005
    Posts:
    297
    Location:
    Ankara , Turkey
    No they don't detect it by heuristics. Also symantec detects this file, we know symantec is careful about false positives. And for this purpose i said seeing virustotal results is necessary:cautious: but mods don't agree with me. I am sending the results to you via PM.
     
  11. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    thanks for the PM, it does seem some of the AV's are detecting it through generic signatures.

    if drweb has told you that partifuclar file is clean, it is, so dont worry.

    -----------
    ALSO, guess whos back baby!!!!!!!!

    net has 'just' been activated again, damn i missed it..... *lol* :D
     
  12. mrhero

    mrhero Registered Member

    Joined:
    Jul 15, 2005
    Posts:
    297
    Location:
    Ankara , Turkey
    Kaspersky's response is there is nothing malicious in this file:eek: . Situation is going more weirdo_O . I can provide the file if any analyst wish.
     
  13. C.S.J

    C.S.J Massive Poster

    Joined:
    Oct 16, 2006
    Posts:
    5,029
    Location:
    this forum is biased!
    drweb told you twice there was nothing malicious in the file, which is file drweb dont have it as a detection.

    now kaspersky have said there is nothing malicious in the file, but i feel they still have it in detection.

    i checked your VT results, and indeed... there are ALOT of generic detections.

    summary: the file is clean, if you dont trust the analyists, why use them? :)
     
Loading...
Thread Status:
Not open for further replies.