Jump to content
Sign in to follow this  
zip

Trojan.Vundo-Variant/F

Recommended Posts

I downloaded the Pre-release of SAS Free 64bit, updated it & did a full scan.

It found Trojan.Vundo-Variant/F C:\WINDOWS\SYSWOW64\AVSREDIRECT.DLL

I sent C:\WINDOWS\SYSWOW64\AVSREDIRECT.DLL to VirusTotal.

Here is the result: analisis/0fdeec8cb6fe583f7abd03f10ce9aa76b3810865b0e644cde4a777e0f341c22a-1266958333

It seems to be a false positive.

http://www.virustotal.com/reanalisis.html?0fdeec8cb6fe583f7abd03f10ce9aa76b3810865b0e644cde4a777e0f341c22a-1266975572

Share this post


Link to post
Share on other sites

I downloaded the Pre-release of SAS Free 64bit, updated it & did a full scan.

It found Trojan.Vundo-Variant/F C:\WINDOWS\SYSWOW64\AVSREDIRECT.DLL

I sent C:\WINDOWS\SYSWOW64\AVSREDIRECT.DLL to VirusTotal.

Here is the result: analisis/0fdeec8cb6fe583f7abd03f10ce9aa76b3810865b0e644cde4a777e0f341c22a-1266958333

It seems to be a false positive.

http://www.virustotal.com/reanalisis.html?0fdeec8cb6fe583f7abd03f10ce9aa76b3810865b0e644cde4a777e0f341c22a-1266975572

Hi.

When the scan completes, you'll have the option to report a false positive.

Share this post


Link to post
Share on other sites

Here is VirusTotal's results for Trojan.Vundo-Variant/F:

Antivirus Version Last Update Result

a-squared 4.5.0.50 2010.02.23 -

AhnLab-V3 5.0.0.2 2010.02.23 -

AntiVir 8.2.1.172 2010.02.23 -

Antiy-AVL 2.0.3.7 2010.02.23 -

Authentium 5.2.0.5 2010.02.23 -

Avast 4.8.1351.0 2010.02.23 -

AVG 9.0.0.730 2010.02.24 -

BitDefender 7.2 2010.02.24 -

CAT-QuickHeal 10.00 2010.02.23 -

ClamAV 0.96.0.0-git 2010.02.23 PUA.Packed.tElock1.Private

Comodo 4041 2010.02.24 -

DrWeb 5.0.1.12222 2010.02.24 -

eSafe 7.0.17.0 2010.02.23 Suspicious File

eTrust-Vet 35.2.7323 2010.02.23 -

F-Prot 4.5.1.85 2010.02.23 -

F-Secure 9.0.15370.0 2010.02.24 -

Fortinet 4.0.14.0 2010.02.21 -

GData 19 2010.02.24 -

Ikarus T3.1.1.80.0 2010.02.24 -

Jiangmin 13.0.900 2010.02.23 -

K7AntiVirus 7.10.981 2010.02.23 -

Kaspersky 7.0.0.125 2010.02.24 -

McAfee 5901 2010.02.23 -

McAfee+Artemis 5901 2010.02.23 -

McAfee-GW-Edition 6.8.5 2010.02.23 -

Microsoft 1.5406 2010.02.23 -

NOD32 4891 2010.02.23 -

Norman 6.04.08 2010.02.23 -

nProtect 2009.1.8.0 2010.02.23 -

Panda 10.0.2.2 2010.02.23 -

PCTools 7.0.3.5 2010.02.23 -

Prevx 3.0 2010.02.24 -

Rising 22.34.01.03 2010.02.11 -

Sophos 4.50.0 2010.02.23 -

Sunbelt 5696 2010.02.24 -

Symantec 20091.2.0.41 2010.02.24 -

TheHacker 6.5.1.6.208 2010.02.24 W32/Behav-Heuristic-066

TrendMicro 9.120.0.1004 2010.02.23 -

VBA32 3.12.12.2 2010.02.23 -

ViRobot 2010.2.23.2198 2010.02.23 -

VirusBuster 5.0.27.0 2010.02.24 -

Share this post


Link to post
Share on other sites

Here is VirusTotal's results for Trojan.Vundo-Variant/F:

Antivirus Version Last Update Result

a-squared 4.5.0.50 2010.02.23 -

AhnLab-V3 5.0.0.2 2010.02.23 -

AntiVir 8.2.1.172 2010.02.23 -

Antiy-AVL 2.0.3.7 2010.02.23 -

Authentium 5.2.0.5 2010.02.23 -

Avast 4.8.1351.0 2010.02.23 -

AVG 9.0.0.730 2010.02.24 -

BitDefender 7.2 2010.02.24 -

CAT-QuickHeal 10.00 2010.02.23 -

ClamAV 0.96.0.0-git 2010.02.23 PUA.Packed.tElock1.Private

Comodo 4041 2010.02.24 -

DrWeb 5.0.1.12222 2010.02.24 -

eSafe 7.0.17.0 2010.02.23 Suspicious File

eTrust-Vet 35.2.7323 2010.02.23 -

F-Prot 4.5.1.85 2010.02.23 -

F-Secure 9.0.15370.0 2010.02.24 -

Fortinet 4.0.14.0 2010.02.21 -

GData 19 2010.02.24 -

Ikarus T3.1.1.80.0 2010.02.24 -

Jiangmin 13.0.900 2010.02.23 -

K7AntiVirus 7.10.981 2010.02.23 -

Kaspersky 7.0.0.125 2010.02.24 -

McAfee 5901 2010.02.23 -

McAfee+Artemis 5901 2010.02.23 -

McAfee-GW-Edition 6.8.5 2010.02.23 -

Microsoft 1.5406 2010.02.23 -

NOD32 4891 2010.02.23 -

Norman 6.04.08 2010.02.23 -

nProtect 2009.1.8.0 2010.02.23 -

Panda 10.0.2.2 2010.02.23 -

PCTools 7.0.3.5 2010.02.23 -

Prevx 3.0 2010.02.24 -

Rising 22.34.01.03 2010.02.11 -

Sophos 4.50.0 2010.02.23 -

Sunbelt 5696 2010.02.24 -

Symantec 20091.2.0.41 2010.02.24 -

TheHacker 6.5.1.6.208 2010.02.24 W32/Behav-Heuristic-066

TrendMicro 9.120.0.1004 2010.02.23 -

VBA32 3.12.12.2 2010.02.23 -

ViRobot 2010.2.23.2198 2010.02.23 -

VirusBuster 5.0.27.0 2010.02.24 -

I do not believe this is a false positive. If you send us the file by using the built in false positive reporting, we can check out the actual sample.

Share this post


Link to post
Share on other sites

Hi,

Thank you for taking the time to submit a false positive report! We have analyzed the file and we have modified our definition database so that it is not falsely-detected.

Thanks,

Geoff

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

×
×
  • Create New...