Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pskavs.dll:sirius.annihilator.272...found By Clamwin


  • Please log in to reply
3 replies to this topic

#1 1Bart

1Bart

  • Members
  • 263 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ-Just across the Hudson from lower Manhattan
  • Local time:09:21 PM

Posted 05 December 2006 - 08:54 PM

After spending too much time everywhere else, I hope the good folks here at BC can assist. I am an avid follower of this sites policies and philosophies and track many topics often.

The consensus out there is that "Annihilator.272" is part of Panda which I have used recently.....therefore it would be a false positive. What may the opinion of this astute and knowledgeable group be?

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:21 PM

Posted 06 December 2006 - 12:49 PM

pskavs.dll is a legitimate file installed by Panda ActiveScan but there are some AV vendors (Avast and ClamAV) that tag it as malicious. This a false positive detection caused by Panda's on-line scanner not encrypting its virus signature files.

avast!WEBforum

...it's a false positive of Panda because Panda does not encrypt its database

avast Virus detection

Viruses have been detected in some of the 'Panda Antivirus' files on my computer...Why is this?...When an antiviral program scans a file for viruses, it compares all the signatures (of all viruses) in the database with the signatures in that file. If the signatures match (they are the same), the file is marked as infected. For an antivirus program, it is important to hide this database of signatures somehow - e.g. by encrypting it. Panda Antivirus does not encrypt its virus database - the signatures inside are clearly "visible" to other antiviral programs, so they detect this file as infected (but there is actually no virus inside - only the signatures are the same).

ClamAV Mailing List Archive

The problem is that Panda still ships files that contain "plain viruscode", other vendors encrypt such files to avoid such false positives. So Clam is right somehow, it found the bytesequence of the virus in the file.


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 1Bart

1Bart
  • Topic Starter

  • Members
  • 263 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ-Just across the Hudson from lower Manhattan
  • Local time:09:21 PM

Posted 06 December 2006 - 06:11 PM

Thanks a GIG!!!!......THAT settles THAT!!!!!!

Just as I suspected but there were just too many "opinions" out there. So Panda had it right (indicating the file has a virus signature) but doesn't tell its search program that it is not a true virus....Go figure and thanks again...I knew I could rely on your folks........TY

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:21 PM

Posted 06 December 2006 - 06:47 PM

Your welcome. :thumbsup:
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users