1. Home
  2. UK Do-It-Yourself Forum
  3. Virus check...

Virus check...

I received a suspect mail and sent it off to the virus scan site. ( snipped-for-privacy@virsutotal.com : Subject SCAN. This is what they sent back)

The interesting thing is not that there was a virus there: I was almost sure the was..but how many sites *didn't* find it..

Complete scanning result of "WW_671282.zip", processed in VirusTotal at 08/12/2008 14:39:39 (CET).

[ file data ]
  • name..: WW_671282.zip
  • size..: 49434
  • md5...: aefa2457dce9214b1349403bba664d12
  • sha1..: c4aa3c90299e783113bb5c97d830f15a618bb226
  • peid..: -
[ scan result ] AhnLab-V3 2008.8.12.0/20080812 found nothing AntiVir 7.8.1.19/20080812 found [TR/Spy.ZBot.DPI] Authentium 5.1.0.4/20080812 found [W32/Downldr2.DIFW] Avast 4.8.1195.0/20080811 found nothing AVG 8.0.0.156/20080812 found [Pakes_c.SH] BitDefender 7.2/20080812 found [Trojan.Spy.Wsnpoem.GH] CAT-QuickHeal 9.50/20080811 found nothing ClamAV 0.93.1/20080812 found [Trojan.Zbot-1936] DrWeb 4.44.0.09170/20080812 found nothing eSafe 7.0.17.0/20080811 found nothing eTrust-Vet 31.6.6027/20080812 found [Win32/Kollah.NG] Ewido 4.0/20080812 found nothing F-Prot 4.4.4.56/20080812 found [W32/Downldr2.DIFW] F-Secure 7.60.13501.0/20080812 found [Trojan-Spy.Win32.Zbot.dvy] Fortinet 3.14.0.0/20080812 found nothing GData 2.0.7306.1023/20080812 found [Trojan-Spy.Win32.Zbot.dvy] Ikarus T3.1.1.34.0/20080812 found [Win32.Outbreak] K7AntiVirus 7.10.412/20080812 found nothing Kaspersky 7.0.0.125/20080812 found [Trojan-Spy.Win32.Zbot.dvy] McAfee 5358/20080811 found nothing Microsoft 1.3807/20080812 found [PWS:Win32/Zbot.gen!G] NOD32v2 3348/20080812 found [Win32/Spy.Agent.PZ] Norman 5.80.02/20080812 found nothing Panda 9.0.0.4/20080812 found nothing PCTools 4.4.2.0/20080812 found nothing Prevx1 V2/20080812 found nothing Rising 20.57.12.00/20080812 found nothing Sophos 4.32.0/20080812 found [Troj/Dloadr-BPX] Sunbelt 3.1.1542.1/20080812 found [Trojan-Spy.Win32.Zbot.gen (v)] Symantec 10/20080812 found [Trojan.Wsnpoem] TheHacker 6.2.96.396/20080812 found nothing TrendMicro 8.700.0.1004/20080812 found [TROJ_DLOADR.IM] VBA32 3.12.8.3/20080811 found nothing ViRobot 2008.8.12.1333/20080812 found nothing VirusBuster 4.5.11.0/20080811 found nothing Webwasher-Gateway 6.6.2/20080812 found [Win32.NewMalware.PU!59392]
Reply to
The Natural Philosopher
Loading thread data ...

Interesting, but not surprising. Did you read this article :

----- Begin Quote -----

Eva Chen, chief executive of Trend Micro, has strong views about how effective the antivirus industry has been over the past 20 years. Show related articles

According to Chen, the security industry has over-hyped how effective its products are ? and so has been misleading customers ? for years.

Chen believes that no single company can offer adequate protection against the sheer volume of new viruses that are being churned out by cybercriminals. According to the security industry, five and a half million new samples were detected in 2007.

----- End Quote -----

Reply to
Martin Jay

Not that surprising really. If it's a new one, I imagine it'll take a few days before all the companies become aware of it and update their virus definition files. Probably if you resubmitted it tomorrow, there would be a far higher detection rate.

At the end of the day, common sense is your first line of defence against viruses. You'd have to be a real dweeb to imagine that a file with a name like "WW_671282.zip" attched to an email *wasn't" a virus.

Tim

Reply to
Tim Downie

trouble is the Dweebs live amongst us ,I am working with 300+ programmers and professionals for a Major credit card company and last week alone we have had 6 different viruses caused by them opening dodgy emails or surfing weird sites during lunch breaks

Reply to
Kevin

I just don't see them. I don't know what virus filtering services my ISP (34sp) uses but pretty well nothing at all ever gets through.

Look, hardly any email uses actually *want* to receive these viruses, surely to goodness, so why doesn't *every* ISP just silently dump them by default?

Reply to
Tim Ward

I'm surprised it reached there at all...LOL

Reply to
NOSPAMnet

Oh, I totally agree.

But this is not a particularly new one I think.

Reply to
The Natural Philosopher

Oh the payload attached to the UPS emails has been changing pretty rapidly, far faster than some AV vendors update their virus definitions. Once a day doesn't really cut it any more.

The advice not to follow links or open attachments unless you've confirmed in some way that they are genuine is much more useful. Especially as the scam ones like this are getting more convincing.

Reply to
Eleanor Blair

thats ok if your ISP knows its a virus, how it differentiates between an unknown virus and your friend emailing you a holiday video Zipped up is where the problem lies, do you want your ISP to filter out a wanted emails because it might be a virus?

Reply to
Kevin

OH S!!T

I recd. that a few days ago and I opened it as I WAS expecting a dellivery...

I realised what it was too late ...... :-((((

I then updated AVG and did a full scan which found nowt. Everythins _seeeeems_ OK, but....

Now what? Is my Dell going toturn into a pumpkin next Friday the thirtenth?

(Currently rescanning all with updated AVG again....

Reply to
zulu

That happened to me once. It was a 'rare' virus. Had to do a manual removal based on a method from one its cousins !

Graham

Reply to
Eeyore

What happens when a weird attachment arrives that you need just happens to resemble a virus and is silently binned?

Twice in the last year part of an IM program used here was sent to the virus vault by AVG, at least because it was done locally it was possible to resurrect it and put in an exception until AVG corrected the error.

Reply to
Brian Morrison

Reply to
Java Jive

Darned if I can remember now... :o)

AVG is still scanning.

Reply to
zulu

Dunno, but they seem to be good at it.

Ah, well, they've got this clever trick, see, have had for years, which is to look *inside* an archive. (Any worthwhile virus scanner does that.)

Reply to
Tim Ward

Yup, a real risk.

Which so far as I know (and therefore so far as matters to me) has never happened.

So that's fine then.

Reply to
Tim Ward

On Tue, 12 Aug 2008 19:59:40 +0100, Tim Ward passed an empty day by writing:

A great many gateway scanners use clamav - no doubt because it is free, and it's been looking in archives for a long time. AFAIR it is also able to deal with password protected archives and even tell the difference between a spoofed file extension because of the mime type (that is a .exe that has been rename to .jpg). It does depend on how the gateway scanner is set up mind you.

Only problem is Trend have been trying to make a few people shit the bed as far as clamav is concerned, but that is a different story.

The thing is malware (or Window$ self-distributing freeware as I call it) should not be the responsibility of your ISP. Even the best scanners can be spoofed by telneting directly into an ISP's server and dumping a virus on in for a local user by injecting it in base64. You need to be guarding at your own gateway for this.

Reply to
Klunk

That, surely to goodness, is a matter for grown-ups to arrange between themselves. My ISP chooses to offer this service, and I choose to buy it. Neither of us needs anybody else telling us that it's "not [his] responsibility".

Reply to
Tim Ward

trouble is most users have no idea what a virus is or can do and don't use firewalls or virus scanners, they think that the windows must be safe as Microsoft would not sell a insecure system would they???, and these people do exist as I have been asked to fix their pc's

Reply to
Kevin

For everyone else, there are a couple of similar sites that do comparative testing, such as...

formatting link
is also useful for checking out the relative strength of an updated and un-updated machine.

Reply to
Colin Wilson

HomeOwnersHub website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.