Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Stumped: 3 Online AntiVirus Scanners with Different Results


  • Please log in to reply
3 replies to this topic

#1 gonwk

gonwk

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:09 AM

Posted 13 January 2013 - 10:12 AM

Hi folks,

I hope I can get one of you AV experts respond on my delimma.

I ran a small file "WinDom364.exe" from ccDominoes.com thru the following 3 online Single File AV Scanners ...

1- VirusTotal
2- Metascan-Online
3- Jottie

and online scanners #1 & #2 gave it a "Clean" bill of health ... BUT, Jottie #3 the "ClamAV" AV says it has
"2013-01-12 PUA.Win32.Packer.WwpackV"

Now I am confused ...

- ClamAV in VirusTotal with the same date of signature says this File is Clean.

- ClamWin in Metascan with the same date of signature Also says this File is Clean.

Q1: How can this be ... same Antivirus Scanner with the same Definition date on different sites return different response?

Q2: Which one am I to Believe? Is Jottie Correct?

From my readings PUA is a Super Nasty and UnCleanable Virus/Trojan ... so!

Thanks in Advnace?

G! :)
Totally a Newbie, Eager to Learn!

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:09 PM

Posted 13 January 2013 - 11:42 AM

Hello,It's a False Positive. Clam needs to turn off its PUA (Potentially Unwanted Applications) detection for Jotti.
Many of these are legitimate and with PUA on they cannot determine good ones from bad ones. If you are using ClamAV set its PUA detection to quarantine. So you can recover these files if needed.

The file is clean as the other what 60 AV's detected nothing.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:09 AM

Posted 13 January 2013 - 03:25 PM

Q1: How can this be ... same Antivirus Scanner with the same Definition date on different sites return different response?

Because of the configuration of the scanner. They are most likely different on these 2 sites.

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#4 gonwk

gonwk
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:09 AM

Posted 14 January 2013 - 09:07 PM

Hi boopme & Didier Stevens,

Thanks for taking the time and responding to my Qs ... I really like to play this Dominoe game.

Appreciate your Help again!

G! :thumbsup:
Totally a Newbie, Eager to Learn!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users