Weird results

I have a file downloaded from a suspected web site. Virustotal results is this:

~VirusTotal scan removed. - Ron~ Send any suspect files to the various antivirus vendors.

As you can see a lot of scanners sign this file as virus.
Weird point is; I sent this file to drweb twice and their reply is that this file isn't malicious. And how Kaspersky can't catch when Ahnlab can
Could anybody explain this results?

 

Re: Weir results

Could be that not all companies are unified in their idea of what is malware. Could be that the file is a false positive, thoguh I am doubtful about this. there could be many reasons but I don't know enough to tell you all of them.

 

Re: Weir results

I want to ask, did you send the file to Kaspersky? newvirus[AT]kaspersky.com
.

 

Re: Weir results

No i only sent to drweb as i am a customer of them. But i will send to Kaspersky.

a note to mods : I know virustotal results isn't allowed at this forum but at this situation those results must be seen, they are needed for understanding the question. So please add those results back. And could you change the "weir" with "weird" at the subject. Thanks

 

Ron, I agree with that quote but my question isn't "why this vendor cathes but the other misses". I said that drweb analyst says this file is clean but a lot of vendors( as shown in the virustotal result) sign this file as malicious. How could it be? Can an analyst miss the same malicious file twice?
I've just sent the file to Kaspersky and waiting the result.

 

mrhero,

I started a similar thread months ago link. I think you may find it interesting.

 

If a file is NOT malicious it will not be added to the database, alot of other vendors will add it though, but if drweb have checked it for you and told you why, whats the problem? . . The other vendors probably only detected it by generic signatures

 

No they don't detect it by heuristics. Also symantec detects this file, we know symantec is careful about false positives. And for this purpose i said seeing virustotal results is necessary but mods don't agree with me. I am sending the results to you via PM.

 

thanks for the PM, it does seem some of the AV's are detecting it through generic signatures.

if drweb has told you that partifuclar file is clean, it is, so dont worry.

-----------
ALSO, guess whos back baby!!!!!!!!

net has 'just' been activated again, damn i missed it..... *lol*

 

Kaspersky's response is there is nothing malicious in this file . Situation is going more weird . I can provide the file if any analyst wish.

 

drweb told you twice there was nothing malicious in the file, which is file drweb dont have it as a detection.

now kaspersky have said there is nothing malicious in the file, but i feel they still have it in detection.

i checked your VT results, and indeed... there are ALOT of generic detections.

summary: the file is clean, if you dont trust the analyists, why use them?