Trojan.Downloader.AdMSI = false postive?

[geronimo]

I currently have the lates AntiVir guard running and it's
last scan failed to detect any threats. Afterwards
Microsoft Antispy detected Trojan.Downloader.AdMSI. I did a
search on this Trojan and found that this trojan is
possibly a false positive meaning that many antivirus
engines did not detect it whereas microsoft antispy did.
The other possibility is that microsoft antispy is a better
product in detecting this trojan that other applications
are. Any feedback in regard to this issue would be greatly
appreciated.

 

[Alan]

I have used both Norton and McAfee. I always kept them
up-to-date. I ran a scan at least once a week. I also
had them set to scan any files opening or being
downloaded from the Internet. They never found any
Trojans.

I then ran a scan using the trial version of Giant
AntiSpyware, now better known as MSAS. It found at least
three or four Trojans on my system. A couple of them
were of the Trojans.Downloader class.

Many people think that running a scan with an antivirus
app is enough to keep Trojans off a system. The problem
is that antivirus apps tend to be very good at detecting
and removing viruses, but are not so good when dealing
with Trojans and other infections.

Some products out there focus mainly on Trojans. These
are the products that are a good defense againt these
type of infections. One of those products is syslean.com
(http://www.trendmicro.com/ftp/products/tsc/sysclean.com)
from Trend Micro. NOTE: When using this product,
download the latest definitions in the form of lpt???.zip
from
http://www.trendmicro.com.au/download/pattern_update.htm.
Decompress this file and store the definition file in
the same folder as the sysclean.com app. When running
this app it is a good idea to show hidden folders (open
My Computer > Tools > View Options... > View and click
the "Show hidden files and folders" radio button, also
remove the check mark next to "Hide protected operating
system files (Recommended)." This app will take about an
hour to scan your system and it will report any
infections and ask you what you want to do if there are
infected files. When you are done, go and change the
settings back to hide the protected system files and hide
hidden files and folders.

The reason that other scanners might not have picked up
on the infection is they aren't scanning protected system
files, nor hidden files and folders. This is just a
thought though, as they might be.

Let me know what results you get.

Alan

 

[AndyManchesta]

Check the Signatures group for the Topic I started about
this Trojan Detection, I believe it's a Microsoft file
and may be related to "Inno Setup" so I'd agree its a
False Positive, See that topic for more details.

Regards

Andy