zip Posted February 24, 2010 I downloaded the Pre-release of SAS Free 64bit, updated it & did a full scan. It found Trojan.Vundo-Variant/F C:\WINDOWS\SYSWOW64\AVSREDIRECT.DLL I sent C:\WINDOWS\SYSWOW64\AVSREDIRECT.DLL to VirusTotal. Here is the result: analisis/0fdeec8cb6fe583f7abd03f10ce9aa76b3810865b0e644cde4a777e0f341c22a-1266958333 It seems to be a false positive. http://www.virustotal.com/reanalisis.html?0fdeec8cb6fe583f7abd03f10ce9aa76b3810865b0e644cde4a777e0f341c22a-1266975572 Share this post Link to post Share on other sites
Seth Posted February 24, 2010 I downloaded the Pre-release of SAS Free 64bit, updated it & did a full scan. It found Trojan.Vundo-Variant/F C:\WINDOWS\SYSWOW64\AVSREDIRECT.DLL I sent C:\WINDOWS\SYSWOW64\AVSREDIRECT.DLL to VirusTotal. Here is the result: analisis/0fdeec8cb6fe583f7abd03f10ce9aa76b3810865b0e644cde4a777e0f341c22a-1266958333 It seems to be a false positive. http://www.virustotal.com/reanalisis.html?0fdeec8cb6fe583f7abd03f10ce9aa76b3810865b0e644cde4a777e0f341c22a-1266975572 Hi. When the scan completes, you'll have the option to report a false positive. Share this post Link to post Share on other sites
zip Posted February 26, 2010 Here is VirusTotal's results for Trojan.Vundo-Variant/F: Antivirus Version Last Update Result a-squared 4.5.0.50 2010.02.23 - AhnLab-V3 5.0.0.2 2010.02.23 - AntiVir 8.2.1.172 2010.02.23 - Antiy-AVL 2.0.3.7 2010.02.23 - Authentium 5.2.0.5 2010.02.23 - Avast 4.8.1351.0 2010.02.23 - AVG 9.0.0.730 2010.02.24 - BitDefender 7.2 2010.02.24 - CAT-QuickHeal 10.00 2010.02.23 - ClamAV 0.96.0.0-git 2010.02.23 PUA.Packed.tElock1.Private Comodo 4041 2010.02.24 - DrWeb 5.0.1.12222 2010.02.24 - eSafe 7.0.17.0 2010.02.23 Suspicious File eTrust-Vet 35.2.7323 2010.02.23 - F-Prot 4.5.1.85 2010.02.23 - F-Secure 9.0.15370.0 2010.02.24 - Fortinet 4.0.14.0 2010.02.21 - GData 19 2010.02.24 - Ikarus T3.1.1.80.0 2010.02.24 - Jiangmin 13.0.900 2010.02.23 - K7AntiVirus 7.10.981 2010.02.23 - Kaspersky 7.0.0.125 2010.02.24 - McAfee 5901 2010.02.23 - McAfee+Artemis 5901 2010.02.23 - McAfee-GW-Edition 6.8.5 2010.02.23 - Microsoft 1.5406 2010.02.23 - NOD32 4891 2010.02.23 - Norman 6.04.08 2010.02.23 - nProtect 2009.1.8.0 2010.02.23 - Panda 10.0.2.2 2010.02.23 - PCTools 7.0.3.5 2010.02.23 - Prevx 3.0 2010.02.24 - Rising 22.34.01.03 2010.02.11 - Sophos 4.50.0 2010.02.23 - Sunbelt 5696 2010.02.24 - Symantec 20091.2.0.41 2010.02.24 - TheHacker 6.5.1.6.208 2010.02.24 W32/Behav-Heuristic-066 TrendMicro 9.120.0.1004 2010.02.23 - VBA32 3.12.12.2 2010.02.23 - ViRobot 2010.2.23.2198 2010.02.23 - VirusBuster 5.0.27.0 2010.02.24 - Share this post Link to post Share on other sites
SUPERAntiSpy Posted March 3, 2010 Here is VirusTotal's results for Trojan.Vundo-Variant/F: Antivirus Version Last Update Result a-squared 4.5.0.50 2010.02.23 - AhnLab-V3 5.0.0.2 2010.02.23 - AntiVir 8.2.1.172 2010.02.23 - Antiy-AVL 2.0.3.7 2010.02.23 - Authentium 5.2.0.5 2010.02.23 - Avast 4.8.1351.0 2010.02.23 - AVG 9.0.0.730 2010.02.24 - BitDefender 7.2 2010.02.24 - CAT-QuickHeal 10.00 2010.02.23 - ClamAV 0.96.0.0-git 2010.02.23 PUA.Packed.tElock1.Private Comodo 4041 2010.02.24 - DrWeb 5.0.1.12222 2010.02.24 - eSafe 7.0.17.0 2010.02.23 Suspicious File eTrust-Vet 35.2.7323 2010.02.23 - F-Prot 4.5.1.85 2010.02.23 - F-Secure 9.0.15370.0 2010.02.24 - Fortinet 4.0.14.0 2010.02.21 - GData 19 2010.02.24 - Ikarus T3.1.1.80.0 2010.02.24 - Jiangmin 13.0.900 2010.02.23 - K7AntiVirus 7.10.981 2010.02.23 - Kaspersky 7.0.0.125 2010.02.24 - McAfee 5901 2010.02.23 - McAfee+Artemis 5901 2010.02.23 - McAfee-GW-Edition 6.8.5 2010.02.23 - Microsoft 1.5406 2010.02.23 - NOD32 4891 2010.02.23 - Norman 6.04.08 2010.02.23 - nProtect 2009.1.8.0 2010.02.23 - Panda 10.0.2.2 2010.02.23 - PCTools 7.0.3.5 2010.02.23 - Prevx 3.0 2010.02.24 - Rising 22.34.01.03 2010.02.11 - Sophos 4.50.0 2010.02.23 - Sunbelt 5696 2010.02.24 - Symantec 20091.2.0.41 2010.02.24 - TheHacker 6.5.1.6.208 2010.02.24 W32/Behav-Heuristic-066 TrendMicro 9.120.0.1004 2010.02.23 - VBA32 3.12.12.2 2010.02.23 - ViRobot 2010.2.23.2198 2010.02.23 - VirusBuster 5.0.27.0 2010.02.24 - I do not believe this is a false positive. If you send us the file by using the built in false positive reporting, we can check out the actual sample. Share this post Link to post Share on other sites
geoff Posted March 3, 2010 Hi, Thank you for taking the time to submit a false positive report! We have analyzed the file and we have modified our definition database so that it is not falsely-detected. Thanks, Geoff Share this post Link to post Share on other sites