swebb at sourcefire
Jun 29, 2013, 6:54 AM
Post #2 of 2
(455 views)
Permalink
|
|
Re: False positive Win.Trojan.Bamital-1158 for explorer.exe ?
[In reply to]
|
|
On Sat, Jun 29, 2013 at 8:45 AM, Peter Maffter <petermaffter [at] yahoo>wrote:
>
>
> > From time to time I am checking my Windows partitions when using Linux
> on the
> > same machine.
> > Yesterday I got:
> > /windows/C/Windows/SysWOW64/explorer.exe: Win.Trojan.Bamital-1158 FOUND
> >
> /windows/C/Windows/winsxs/wow64_microsoft-windows-explorer_[...]_6.1.7601.17567_none_[...]/explorer.exe:
> > Win.Trojan.Bamital-1158 FOUND
> >
> >
> > The clamscan call:
> > clamscan --max-recursion=300 --max-dir-recursion=300 --max-files=1000000
> > --max-filesize=4095M --max-scansize=4095M -r --detect-pua=yes
> --log=reportclam
> >
> >
> > Both files are the same according to Linux diff.
> > clamscan is the only AV that finds these Trojans, I also tried
> VirusTotal and
> > Metascan on the Web.
> > The other AVs that I use for Linux also do not find these 2.
> >
> >
> > This explorer.exe has a MD5:
> > md5sum explorer.exe
> > 8b88ebbb05a0e56b7dcc708498c02b3e explorer.exe
>
> I forgot:
> clamscan -V
> ClamAV 0.97.8/17435/Sat Jun 29 06:39:26 2013
Hey Peter,
Thank you for using ClamAV and letting us know of a potential FP. You can
submit your FP report through the official channel here:
http://www.clamav.net/lang/en/sendvirus/submit-fp/
If you have any questions, comments, or concerns, please let me know.
Thanks,
Shawn
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
|
