cluberti Posted February 10, 2010 Share Posted February 10, 2010 It seems like this has been flagged as a virus by some engines, but not all, we'll all have to hold off to make sure we know for sure if the file is, or is not, infected with a virus or if a false positive is possible.By the way, anyone can submit samples to most A/V vendors (there are usually instructions for each on their respective pages) and get a response within about 24 - 48 hours, depending on vendor. The file has been submitted to AVG, McAfee, Symantec, and Microsoft for analysis, and from there we'll see. Link to comment Share on other sites More sharing options...
cdob Posted February 10, 2010 Share Posted February 10, 2010 If it helps the A/V vendors to solve the matter: integrated file \setup\src\setup.c contain the source code Link to comment Share on other sites More sharing options...
ilko_t Posted February 22, 2010 Share Posted February 22, 2010 Got response from VBA32, at last, still expecting from several of the major vendors, strangely, response time is quite slow.Kaspersky removed it from their signatures a while ago, although didn't respond to the emails.On Sun, 21 Feb 2010 10:06:30 -0800> The attached 2 files are incorrectly detected as> Win32/TrojanDownloader.Agent. These are legitimate files, source code> is included. Password for the archive is 'infected'. Files source and> description:> > > Please reanalyze and remove from virus signatures.Hi,FP will be fixed in one of the nearest updates.Thank you in advance.-- Regards, Mikhail S. PobolovetsVirusBlokAda Ltd., Minsk, Belarushttp://www.anti-virus.by/en/ Link to comment Share on other sites More sharing options...
class101 Posted February 24, 2010 Share Posted February 24, 2010 (edited) Sophos 9 reports \WinSetup-1-0-beta4\files\winsetup\PyronSetup\i386\setup.exe & setup_dbg.exe as Mal/Generic-ABut I think its much about a false warning I dont get suspect activities here and Sophos usually detects a lot of stuffs not supposed to be on an enterprise computer Edited February 24, 2010 by class101 Link to comment Share on other sites More sharing options...
cdob Posted February 24, 2010 Share Posted February 24, 2010 Sophos 9 reports \WinSetup-1-0-beta4\files\winsetup\PyronSetup\i386\setup.exe & setup_dbg.exeBut I think its much about a false warningI'm convinced its a false warning.How to checkout/compile with Git/MinGW the latest Qemu-0.11.x on WindowsFeel free to compile setup.c at MinGW too. Link to comment Share on other sites More sharing options...
ilko_t Posted March 8, 2010 Share Posted March 8, 2010 Another response, few weeks later, from GData:Dear customer,thank you for your request.The 2 files, you send to as, are no longer detected as virus.Please update your virus signatures.Please refer your ticket-number 0000477284 when contacting us again regarding this matter.With best regardsG Data-ServiceTeamG Data Service GmbH * Kцnigsallee 178aD-44799 Bochum, Germany * http://www.gdata.uk Link to comment Share on other sites More sharing options...
ilko_t Posted June 4, 2010 Share Posted June 4, 2010 Respect to the response time from Avira, 3 months and a half later Dear Sir or Madam,Thank you for your email to Avira's virus lab.Tracking number: INC00450039.A listing of files alongside their results can be found below:File ID Filename Size (Byte) Result25587751 setup_dbg.ex_ 2.45 KB CLEANPlease find a detailed report concerning each individual sample below: Filename Result setup_dbg.ex_ CLEANThe file 'setup_dbg.ex_' has been determined to be 'CLEAN'. Our analysts did not discover any malicious content. Dear Sir or Madam,Thank you for your email to Avira's virus lab.Tracking number: INC00450038.A listing of files alongside their results can be found below:File ID Filename Size (Byte) Result25587750 setup.ex_ 2.44 KB CLEANPlease find a detailed report concerning each individual sample below: Filename Result setup.ex_ CLEANThe file 'setup.ex_' has been determined to be 'CLEAN'. Our analysts did not discover any malicious content. Link to comment Share on other sites More sharing options...
ilko_t Posted October 31, 2010 Share Posted October 31, 2010 It turned out quite tricky to contact and report for a false positive some AV vendors. Currently at virustotal 19/43 still detect setup.exe as a virus:http://www.virustotal.com/file-scan/report.html?id=aa68d27eeff208672bd0494a37ddf6f662135a965bb3387378cf43d605e54671-1288529982Just got a response from Panda AV, waiting for the rest 18:Dear customer,After checking in our laboratory the message you submit, we inform you it contains no virus. The detection was caused due to a string coincidence.The incidence is already solved in a Beta version of our Signature File (PAV.SIG), that you can download from the following URL:http://www.pandasecurity.com/homeusers/security-info/disclaimer/disclaimer* If you have CloudAV, you don’t need to download the Beta version of our signature file (PAVSIG), it will be automatically updated in a few hoursWe hope this answer has been helpful and do not hesitate to contact us should you need any suspicious file analyzed in future.Best regards,PandaLabsvirus@pandasecurity.com Link to comment Share on other sites More sharing options...
Sp0iLedBrAt Posted October 31, 2010 Share Posted October 31, 2010 And yet, using database 7.10.13.74 (29Oct2010) from 2 days ago, I get this: Link to comment Share on other sites More sharing options...
ilko_t Posted October 31, 2010 Share Posted October 31, 2010 Go figure...http://analysis.avira.com/samples/ Link to comment Share on other sites More sharing options...
ilko_t Posted November 3, 2010 Share Posted November 3, 2010 Does anyone have a registered McAfee AV? Would someone contact them and report for a false positive?It's probably 10th email going back and forth and they keep asking me for registration email to move further on, although I keep explaining in those semi-automatic emails what the case is. Next I get referred to a web page to submit the sample, which web page doesn't re-analyse it as most other AV vendors did, but rather scans it using current signatures and supposedly gets detected.Then I reply with the results to the semi-automatic email, where yet another guy puts his name on top of a similar answer and asks me again for registration At least there is some progress, 19/43 a few days ago, now 13/43:http://www.virustotal.com/file-scan/report.html?id=aa68d27eeff208672bd0494a37ddf6f662135a965bb3387378cf43d605e54671-1288757982 Link to comment Share on other sites More sharing options...
ilko_t Posted November 9, 2010 Share Posted November 9, 2010 Moving forward, slowly, but moving , AVG and Ikarus replied, awaiting Sophos, Symantec and the troublesome McAfee. Link to comment Share on other sites More sharing options...
jaclaz Posted January 4, 2011 Share Posted January 4, 2011 @ilko_tIf, for any reason, you don't do your computer properly seated on a chair , please do take one and seat comfortably on it before accessing this :http://downloadcenter.mcafee.com/products/tools/foundstone/Directory on McAfee site where free tools are available.I was there getting a fresh copy of the excellent BinText utility (BinText303.zip) today, and noticed file (near the bottom of the list/page): warning.txt I had a look at it:PACKER DETECTION ALERTThe anti-virus scanner has detected a packer program. The file was not cleaned and has been removed.Context: 'SharePointDiscovery.exe'Detection(s): 'PE_Patch.Stolen.d (compressed file)'See your system administrator for further information. Copyright 1999-2007 McAfee, Inc.All Rights Reserved.http://www.mcafee.comTheir Anti-virus detected a packer inside their own file! ...and obviously did NOT delete it as file SharePointDiscovery.exe has the same timestamp 21-Oct-2010 09:04 of warning.txt ...jaclaz Link to comment Share on other sites More sharing options...
ilko_t Posted January 5, 2011 Share Posted January 5, 2011 Wow, well done McAfee, guess next step is the scanner to detect itself as a packer For reference I am posting a link to one of the numerous attempts to report false positive to McAfee:https://community.mcafee.com/thread/29747 Link to comment Share on other sites More sharing options...
gangbang Posted December 3, 2011 Share Posted December 3, 2011 where is the download file. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now