Jump to content
lantern

False Positive with Kaspersky or Missed by SAS?

Recommended Posts

I ran the online scan of Kaspersky AV and it gave the following report:

KASPERSKY ONLINE SCANNER REPORT

Tuesday, December 18, 2007 8:04:20 PM

Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)

Kaspersky Online Scanner version: 5.0.98.0

Kaspersky Anti-Virus database last update: 18/12/2007

Kaspersky Anti-Virus database records: 486393

____________________________________________________________

C:\Documents and Settings\XXXXXX\Application Data\Sun\Java\Deployment\cache\6.0\32\7836d960-25b04c2d/BnnnnBaa.class Infected: Trojan.Java.ClassLoader.as skipped

C:\Documents and Settings\XXXXXXX\Application Data\Sun\Java\Deployment\cache\6.0\32\7836d960-25b04c2d/VaannnaaBaa.class Infected: Trojan.Java.ClassLoader.as skipped

C:\Documents and Settings\XXXXXXXX\Application Data\Sun\Java\Deployment\cache\6.0\32\7836d960-25b04c2d/Bnnnnn.class Infected: Trojan.Java.ClassLoader.as skipped

C:\Documents and Settings\XXXXXXXX\Application Data\Sun\Java\Deployment\cache\6.0\32\7836d960-25b04c2d ZIP: infected - 3 skipped

C:\Program Files\PGCEdit\bin\pskill.exe Infected: not-a-virus:RiskTool.Win32.PsKill.k skipped

C:\Program Files\PGCEdit\pgcedit.exe/Tcl/work/PGCEDIT/bin/pskill.exe Infected: not-a-virus:RiskTool.Win32.PsKill.k skipped

C:\Program Files\PGCEdit\pgcedit.exe ZIP: infected - 1 skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{FEAA21CD-54B1-4BE2-BC53-E2FC99A413CB}\RP1001\change.log Object is locked skipped

C:\System Volume Information\_restore{FEAA21CD-54B1-4BE2-BC53-E2FC99A413CB}\RP993\A0116886.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped

C:\System Volume Information\_restore{FEAA21CD-54B1-4BE2-BC53-E2FC99A413CB}\RP993\A0116887.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped

C:\System Volume Information\_restore{FEAA21CD-54B1-4BE2-BC53-E2FC99A413CB}\RP993\A0116888.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped

E:\Software\VideoCD\PGCEdit\pgcedit_winexe.zip/PgcEdit.exe/Tcl/work/PGCEDIT/bin/pskill.exe Infected: not-a-virus:RiskTool.Win32.PsKill.k skipped

E:\Software\VideoCD\PGCEdit\pgcedit_winexe.zip/PgcEdit.exe Infected: not-a-virus:RiskTool.Win32.PsKill.k skipped

E:\Software\VideoCD\PGCEdit\pgcedit_winexe.zip ZIP: infected - 2 skipped

L:\Software\AceHTML6Pro.7z/acehtml6pro.exe/data0007/data0146 Infected: not-a-virus:AdWare.Win32.BHO.w skipped

L:\Software\AceHTML6Pro.7z/acehtml6pro.exe/data0007 Infected: not-a-virus:AdWare.Win32.BHO.w skipped

L:\Software\AceHTML6Pro.7z/acehtml6pro.exe Infected: not-a-virus:AdWare.Win32.BHO.w skipped

L:\Software\AceHTML6Pro.7z 7-Zip: infected - 3 skipped

So, I ran a full scan with SAS and it said there was nothing. I then went in and scanned each file individually and nothing. Is this a false positive for Kaspersky or is SAS missing the possible infections?

Thanks!

Share this post


Link to post
Share on other sites
I ran the online scan of Kaspersky AV and it gave the following report:

KASPERSKY ONLINE SCANNER REPORT

Tuesday, December 18, 2007 8:04:20 PM

Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)

Kaspersky Online Scanner version: 5.0.98.0

Kaspersky Anti-Virus database last update: 18/12/2007

Kaspersky Anti-Virus database records: 486393

____________________________________________________________

C:\Documents and Settings\Joseph Gunoskey\Application Data\Sun\Java\Deployment\cache\6.0\32\7836d960-25b04c2d/BnnnnBaa.class Infected: Trojan.Java.ClassLoader.as skipped

C:\Documents and Settings\Joseph Gunoskey\Application Data\Sun\Java\Deployment\cache\6.0\32\7836d960-25b04c2d/VaannnaaBaa.class Infected: Trojan.Java.ClassLoader.as skipped

C:\Documents and Settings\Joseph Gunoskey\Application Data\Sun\Java\Deployment\cache\6.0\32\7836d960-25b04c2d/Bnnnnn.class Infected: Trojan.Java.ClassLoader.as skipped

C:\Documents and Settings\Joseph Gunoskey\Application Data\Sun\Java\Deployment\cache\6.0\32\7836d960-25b04c2d ZIP: infected - 3 skipped

C:\Program Files\PGCEdit\bin\pskill.exe Infected: not-a-virus:RiskTool.Win32.PsKill.k skipped

C:\Program Files\PGCEdit\pgcedit.exe/Tcl/work/PGCEDIT/bin/pskill.exe Infected: not-a-virus:RiskTool.Win32.PsKill.k skipped

C:\Program Files\PGCEdit\pgcedit.exe ZIP: infected - 1 skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{FEAA21CD-54B1-4BE2-BC53-E2FC99A413CB}\RP1001\change.log Object is locked skipped

C:\System Volume Information\_restore{FEAA21CD-54B1-4BE2-BC53-E2FC99A413CB}\RP993\A0116886.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped

C:\System Volume Information\_restore{FEAA21CD-54B1-4BE2-BC53-E2FC99A413CB}\RP993\A0116887.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped

C:\System Volume Information\_restore{FEAA21CD-54B1-4BE2-BC53-E2FC99A413CB}\RP993\A0116888.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped

E:\Software\VideoCD\PGCEdit\pgcedit_winexe.zip/PgcEdit.exe/Tcl/work/PGCEDIT/bin/pskill.exe Infected: not-a-virus:RiskTool.Win32.PsKill.k skipped

E:\Software\VideoCD\PGCEdit\pgcedit_winexe.zip/PgcEdit.exe Infected: not-a-virus:RiskTool.Win32.PsKill.k skipped

E:\Software\VideoCD\PGCEdit\pgcedit_winexe.zip ZIP: infected - 2 skipped

L:\Software\AceHTML6Pro.7z/acehtml6pro.exe/data0007/data0146 Infected: not-a-virus:AdWare.Win32.BHO.w skipped

L:\Software\AceHTML6Pro.7z/acehtml6pro.exe/data0007 Infected: not-a-virus:AdWare.Win32.BHO.w skipped

L:\Software\AceHTML6Pro.7z/acehtml6pro.exe Infected: not-a-virus:AdWare.Win32.BHO.w skipped

L:\Software\AceHTML6Pro.7z 7-Zip: infected - 3 skipped

So, I ran a full scan with SAS and it said there was nothing. I then went in and scanned each file individually and nothing. Is this a false positive for Kaspersky or is SAS missing the possible infections?

Thanks!

Without analyzing the files, they look to be false positives to me.

Share this post


Link to post
Share on other sites

Hi,

You can submit them to the Kaspersky Viruslab for review, and they should email you back to either confirm FP, or confirm that they are correct detections.

Collect the files you want to be analysed, pack them into a (preferably password protected) archive, and send them to newvirus@kaspersky.com.... include "Possible False positive" in the title.... and a brief description of the detection given on the item(s).... you should get an email reply back pretty quickly :)

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

×