new update = new trojan?
So can I trust this scan result?
An anti-virus company gets hold of malicious files, examines them, and works out how to instruct their anti-virus program to identify the malicious files in question. If the file has been scanned before, and passed, then you can say that the detection is new, but the file may have been around for some time but not analysed by the security companies.
Although they try their best, sometimes these security companies incorrectly update their AV programs and they identify, as malicious, files that are in fact legitimate - false positive detections. The fact that some scanners report the file as legitimate may be due to the fact that the file is indeed legitimate or these companies may not have analysed this malicious file yet.
Unfortunately unless somebody reverse engineers the file to check whether it is malicious or not, and that's probably not going to happen here, you have limited options:
1) If you know where the file originated and you know others who trust this file then you can ally yourself with them and dismiss the detections as false positives. Bear in mind that a legitimate file can be patched or a malicious file can be given a legitimate file's name, so do make sure that if people vouch for the file's integrity that it is the same file and not just one with the same name.
2) Trust the majority of scanners that don't identify this file as malicious and dismiss the detections as false positives.
3) Contact the person who coded the file and ask them if their file is malicious or not, and then trust them if they say it is legitimate.
Edited by Noviciate, 28 December 2012 - 05:27 PM.