petermaffter at yahoo
Jun 29, 2013, 5:45 AM
Post #1 of 1
(101 views)
Permalink
|
|
Re: False positive Win.Trojan.Bamital-1158 for explorer.exe ?
|
|
> From time to time I am checking my Windows partitions when using Linux on the
> same machine.
> Yesterday I got:
> /windows/C/Windows/SysWOW64/explorer.exe: Win.Trojan.Bamital-1158 FOUND
> /windows/C/Windows/winsxs/wow64_microsoft-windows-explorer_[...]_6.1.7601.17567_none_[...]/explorer.exe:
> Win.Trojan.Bamital-1158 FOUND
>
>
> The clamscan call:
> clamscan --max-recursion=300 --max-dir-recursion=300 --max-files=1000000
> --max-filesize=4095M --max-scansize=4095M -r --detect-pua=yes --log=reportclam
>
>
> Both files are the same according to Linux diff.
> clamscan is the only AV that finds these Trojans, I also tried VirusTotal and
> Metascan on the Web.
> The other AVs that I use for Linux also do not find these 2.
>
>
> This explorer.exe has a MD5:
> md5sum explorer.exe
> 8b88ebbb05a0e56b7dcc708498c02b3e explorer.exe
I forgot:
clamscan -V
ClamAV 0.97.8/17435/Sat Jun 29 06:39:26 2013
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
|
