x404.co.uk
http://www.x404.co.uk/forum/

Virus detection
http://www.x404.co.uk/forum/viewtopic.php?f=4&t=2440		 Page 1 of 1
Author:  koli [ Mon Aug 24, 2009 9:30 pm ]
Post subject:  Virus detection
I scanned my pc with Avira antivirus and it found this

Code:
Starting the file scan:

Begin scan in 'C:\'
C:\Program Files (x86)\Custom PC Benchmarks Suite 2007\Source\MPlayer-1.0rc1.tar.bz2
  [0] Archive type: BZ2
    --> MPlayer-1.0rc1.tar
      [1] Archive type: TAR (tape archiver)
      --> MPlayer-1.0rc1/stream/asf_mmst_streaming.c
        [DETECTION] Contains recognition pattern of the HTML/Silly.Gen HTML script virus
    [WARNING]   This file is a mailbox. To avoid damaging your emails this file will not be repaired or deleted.


As you can see this is a file in CPC benchmark suite. I had it on my drive for two years and it has never been a problem, until today.

So what I uploaded file to online scanner http://www.virustotal.com/ and this is what came out:

Code:
Antivirus     Version     Last Update     Result
a-squared   4.5.0.24   2009.08.24   -
AhnLab-V3   5.0.0.2   2009.08.24   -
AntiVir   7.9.1.3   2009.08.24   HTML/Silly.Gen
Antiy-AVL   2.0.3.7   2009.08.24   -
Authentium   5.1.2.4   2009.08.24   -
Avast   4.8.1335.0   2009.08.24   -
AVG   8.5.0.406   2009.08.24   -
BitDefender   7.2   2009.08.24   -
CAT-QuickHeal   10.00   2009.08.24   -
ClamAV   0.94.1   2009.08.24   -
Comodo   2080   2009.08.24   -
DrWeb   5.0.0.12182   2009.08.24   -
eSafe   7.0.17.0   2009.08.24   -
eTrust-Vet   31.6.6698   2009.08.24   -
F-Prot   4.4.4.56   2009.08.24   -
Fortinet   3.120.0.0   2009.08.24   -
GData   19   2009.08.24   -
Ikarus   T3.1.1.68.0   2009.08.24   -
Jiangmin   11.0.800   2009.08.23   -
K7AntiVirus   7.10.826   2009.08.24   -
Kaspersky   7.0.0.125   2009.08.24   -
McAfee   5719   2009.08.24   -
McAfee+Artemis   5719   2009.08.24   -
McAfee-GW-Edition   6.8.5   2009.08.24   Script.Silly.Gen
Microsoft   1.4903   2009.08.24   -
NOD32   4364   2009.08.24   -
Norman      2009.08.24   -
nProtect   2009.1.8.0   2009.08.24   -
Panda   10.0.0.14   2009.08.24   -
PCTools   4.4.2.0   2009.08.24   -
Prevx   3.0   2009.08.24   -
Rising   21.43.62.00   2009.08.24   -
Sophos   4.44.0   2009.08.24   -
Sunbelt   3.2.1858.2   2009.08.24   -
Symantec   1.4.4.12   2009.08.24   -
TheHacker   6.3.4.3.386   2009.08.22   -
TrendMicro   8.950.0.1094   2009.08.24   -
VBA32   3.12.10.9   2009.08.24   -
ViRobot   2009.8.24.1899   2009.08.24   -
VirusBuster   4.6.5.0   2009.08.24   -

Additional information
File size: 8414213 bytes
MD5...: 18c05d88e22c3b815a43ca8d7152ccdc
SHA1..: a450c0b0749c343a8496ba7810363c9d46dfa73c
SHA256: 8dd9dd61a0fe56904f5b76ddedb99bd359abaaf486e0b83b45e3357fecc81063
ssdeep: 196608:DuTPvvISjbr+5OiA31LyajGgE8zVol/ZFLVv6+BBM:+xbRiXrwSl/Z/v6
+/M
PEiD..: -
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: bzip2 compressed archive (100.0%)
packers (F-Prot): packed


I know that formating is all over the place but point is that two antiviruses out of 40 reported a trojan.
I guess I should ignore but I will ask here to make sure. If this is a virus it would be my first in 6 years...

What do you guys think?
Author:  forquare1 [ Mon Aug 24, 2009 9:54 pm ]
Post subject:  Re: Virus detection
As I've mentioned before, I've seen a PC have five different anti-virus suites on, one at a time, two were paid for, all were up to date. They all came up with a certain list of the same virus', and each seemed to add a few virus' of their own... :?
Author:  RossDargan [ Tue Aug 25, 2009 6:46 am ]
Post subject:  Re: Virus detection
Call my an idiot but up until a few days ago I never ran anti-virus software (and as far as I can tell I never got a virus). I say a few days ago because I installed windows home server and it basically threatens to send Bill round if you don't install some.
Author:  Linux_User [ Tue Aug 25, 2009 12:34 pm ]
Post subject:  Re: Virus detection
Most likely a false positive.
Author:  koli [ Wed Aug 26, 2009 12:13 am ]
Post subject:  Re: Virus detection
Thanks guys, I will let it be then...
Page 1 of 1 All times are UTC
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/