multiple online scanners

[bob brozewicz]

hi all,

i seen a post here (i think) where you can submit a file to be scanned
by multiple av scanner. does anyone know what the site is?

i just installed antivir as a second scanner and it found a trojan named
tr/drop.joi.aj.68.a.

i cannot find and info on this virus. i scanned the file
(stellarrium.exe an astronomy program) with nav 2003 and it find nothing.

false positive or trojan?

bob brozewicz

 

[David H. Lipman]

From: "bob brozewicz" <[email protected]>

| hi all,
|
| i seen a post here (i think) where you can submit a file to be scanned
| by multiple av scanner. does anyone know what the site is?
|
| i just installed antivir as a second scanner and it found a trojan named
| tr/drop.joi.aj.68.a.
|
| i cannot find and info on this virus. i scanned the file
| (stellarrium.exe an astronomy program) with nav 2003 and it find nothing.
|
| false positive or trojan?
|
| bob brozewicz


Please submit the sample to Virus Total --
http://www.virustotal.com/flash/index_en.html
The submission will then be tested against several different AV vendor's scanners.

Another way to submit is to send the suspect file to the following email address
scan<at>virustotal.com
{ replace <at> with @ } with only the word SCAN as the subject.

Please post back the EXACT results for assistance.

 

[Spacen Jasset]

hi all,

i seen a post here (i think) where you can submit a file to be scanned
by multiple av scanner. does anyone know what the site is?

i just installed antivir as a second scanner and it found a trojan named
tr/drop.joi.aj.68.a.

i cannot find and info on this virus. i scanned the file
(stellarrium.exe an astronomy program) with nav 2003 and it find nothing.

false positive or trojan?

bob brozewicz

http://virusscan.jotti.org/ is one such site.

 

[bob brozewicz]

From: "bob brozewicz" <[email protected]>

| hi all,
|
| i seen a post here (i think) where you can submit a file to be scanned
| by multiple av scanner. does anyone know what the site is?
|
| i just installed antivir as a second scanner and it found a trojan named
| tr/drop.joi.aj.68.a.
|
| i cannot find and info on this virus. i scanned the file
| (stellarrium.exe an astronomy program) with nav 2003 and it find nothing.
|
| false positive or trojan?
|
| bob brozewicz


Please submit the sample to Virus Total --
http://www.virustotal.com/flash/index_en.html
The submission will then be tested against several different AV vendor's scanners.

Another way to submit is to send the suspect file to the following email address
scan<at>virustotal.com
{ replace <at> with @ } with only the word SCAN as the subject.

Please post back the EXACT results for assistance.

thank you david, this is what is was looking for. the results are posted
below.

Virus Total
_______________________________________________

Scan results
File: stellarium.exe
Date: 09/03/2005 19:11:56 (CET)
----
AntiVir 6.31.1.0/20050902 found [TR/Drop.Joi.aj.68.A]
Avast 4.6.695.0/20050902 found nothing
AVG 718/20050831 found nothing
Avira 6.31.1.0/20050902 found [TR/Drop.Joi.aj.68.A]
BitDefender 7.0/20050902 found nothing
CAT-QuickHeal 8.00/20050903 found nothing
ClamAV devel-20050725/20050903 found nothing
DrWeb 4.32b/20050902 found nothing
eTrust-Iris 7.1.194.0/20050902 found nothing
eTrust-Vet 11.9.1.0/20050902 found nothing
Fortinet 2.41.0.0/20050903 found nothing
F-Prot 3.16c/20050902 found nothing
Ikarus 0.2.59.0/20050902 found nothing
Kaspersky 4.0.2.24/20050903 found nothing
McAfee 4573/20050902 found nothing
NOD32v2 1.1208/20050902 found nothing
Norman 5.70.10/20050902 found nothing
Panda 8.02.00/20050903 found nothing
Sophos 3.97.0/20050903 found nothing
Symantec 8.0/20050902 found nothing
TheHacker 5.8.2.099/20050902 found nothing
VBA32 3.10.4/20050902 found nothing

 

[Art]

From: "bob brozewicz" <[email protected]>

| hi all,
|
| i seen a post here (i think) where you can submit a file to be scanned
| by multiple av scanner. does anyone know what the site is?
|
| i just installed antivir as a second scanner and it found a trojan named
| tr/drop.joi.aj.68.a.
|
| i cannot find and info on this virus. i scanned the file
| (stellarrium.exe an astronomy program) with nav 2003 and it find nothing.
|
| false positive or trojan?
|
| bob brozewicz


Please submit the sample to Virus Total --
http://www.virustotal.com/flash/index_en.html
The submission will then be tested against several different AV vendor's scanners.

Another way to submit is to send the suspect file to the following email address
scan<at>virustotal.com
{ replace <at> with @ } with only the word SCAN as the subject.

Please post back the EXACT results for assistance.

thank you david, this is what is was looking for. the results are posted
below.

Virus Total
_______________________________________________

Scan results
File: stellarium.exe
Date: 09/03/2005 19:11:56 (CET)
----
AntiVir 6.31.1.0/20050902 found [TR/Drop.Joi.aj.68.A]
Avast 4.6.695.0/20050902 found nothing
AVG 718/20050831 found nothing
Avira 6.31.1.0/20050902 found [TR/Drop.Joi.aj.68.A]
BitDefender 7.0/20050902 found nothing
CAT-QuickHeal 8.00/20050903 found nothing
ClamAV devel-20050725/20050903 found nothing
DrWeb 4.32b/20050902 found nothing
eTrust-Iris 7.1.194.0/20050902 found nothing
eTrust-Vet 11.9.1.0/20050902 found nothing
Fortinet 2.41.0.0/20050903 found nothing
F-Prot 3.16c/20050902 found nothing
Ikarus 0.2.59.0/20050902 found nothing
Kaspersky 4.0.2.24/20050903 found nothing
McAfee 4573/20050902 found nothing
NOD32v2 1.1208/20050902 found nothing
Norman 5.70.10/20050902 found nothing
Panda 8.02.00/20050903 found nothing
Sophos 3.97.0/20050903 found nothing
Symantec 8.0/20050902 found nothing
TheHacker 5.8.2.099/20050902 found nothing
VBA32 3.10.4/20050902 found nothing

Looks like a false positive but wait a few days and upload it again.
Virus Total claims it distributes the files to av vendors for
analysis.

Art

http://home.epix.net/~artnpeg

 

[Ian Kenefick]

Looks like a false positive but wait a few days and upload it again.
Virus Total claims it distributes the files to av vendors for
analysis.

It distributes to some vendors. Clam for example recieved many of it's
malware samples from virustotal.

 

[David H. Lipman]

From: "Art" <[email protected]>


|
| Looks like a false positive but wait a few days and upload it again.
| Virus Total claims it distributes the files to av vendors for
| analysis.
|
| Art
|
| http://home.epix.net/~artnpeg

I have a sneaky suspicion that this is a adware/spyware Trojan.

Please download, install and update the following software...

Ad-aware SE v1.06
http://www.lavasoft.de/
http://www.lavasoftusa.com/

SpyBot Search and Destroy v1.4
http://security.kolla.de/

After the software is updated, I suggest scanning the system in Safe Mode.

 

[bob brozewicz]

From: "Art" <[email protected]>


|
| Looks like a false positive but wait a few days and upload it again.
| Virus Total claims it distributes the files to av vendors for
| analysis.
|
| Art
|
| http://home.epix.net/~artnpeg

I have a sneaky suspicion that this is a adware/spyware Trojan.

Please download, install and update the following software...

Ad-aware SE v1.06
http://www.lavasoft.de/
http://www.lavasoftusa.com/

SpyBot Search and Destroy v1.4
http://security.kolla.de/

After the software is updated, I suggest scanning the system in Safe Mode.

david,

i follow the privacy news group as well and see your posts there.

i already have this software installed the defs are up to date. the
software runs a few times a week. my system restore point are turned off
(temporarily). i dump my firefox cache and delete my temp and temp
internet folder contents using crap cleaner, cleanup!, internet eraser
and cyberscrub daily. i also have m$ anti spyware installed and this
runs nightly at 04:00 and nav is scheduled daily at 06:00.

i have run these scans in safe mode as suggested. they show nothing.

none of the products show anything except antivir anti virus software.

i have only used stellarium one time after i installed it. in fairness i
will report the detection to the author on sourceforge.net and see if
he/she has seen this being reported as a trojan.

until i hear something the software will be unistalled. im not chancing
anything.

thank you again for all your suggestions.

 

[David H. Lipman]

From: "bob brozewicz" <[email protected]>


| david,
|
| i follow the privacy news group as well and see your posts there.
|
| i already have this software installed the defs are up to date. the
| software runs a few times a week. my system restore point are turned off
| (temporarily). i dump my firefox cache and delete my temp and temp
| internet folder contents using crap cleaner, cleanup!, internet eraser
| and cyberscrub daily. i also have m$ anti spyware installed and this
| runs nightly at 04:00 and nav is scheduled daily at 06:00.
|
| i have run these scans in safe mode as suggested. they show nothing.
|
| none of the products show anything except antivir anti virus software.
|
| i have only used stellarium one time after i installed it. in fairness i
| will report the detection to the author on sourceforge.net and see if
| he/she has seen this being reported as a trojan.
|
| until i hear something the software will be unistalled. im not chancing
| anything.
|
| thank you again for all your suggestions.

Follow Art Kopp's advice...
"Looks like a false positive but wait a few days and upload it again."

Do the above to see if other AV vendors pick up on it.

You can get a relatively quick response if you create an account and submit a sample to
McAfee AVERT Web Immune
https://www.webimmune.net/default.asp

 

[bob brozewicz]

From: "bob brozewicz" <[email protected]>


| david,
|
| i follow the privacy news group as well and see your posts there.
|
| i already have this software installed the defs are up to date. the
| software runs a few times a week. my system restore point are turned off
| (temporarily). i dump my firefox cache and delete my temp and temp
| internet folder contents using crap cleaner, cleanup!, internet eraser
| and cyberscrub daily. i also have m$ anti spyware installed and this
| runs nightly at 04:00 and nav is scheduled daily at 06:00.
|
| i have run these scans in safe mode as suggested. they show nothing.
|
| none of the products show anything except antivir anti virus software.
|
| i have only used stellarium one time after i installed it. in fairness i
| will report the detection to the author on sourceforge.net and see if
| he/she has seen this being reported as a trojan.
|
| until i hear something the software will be unistalled. im not chancing
| anything.
|
| thank you again for all your suggestions.

Follow Art Kopp's advice...
"Looks like a false positive but wait a few days and upload it again."

Do the above to see if other AV vendors pick up on it.

You can get a relatively quick response if you create an account and submit a sample to
McAfee AVERT Web Immune
https://www.webimmune.net/default.asp

interesting...

i had this scanned again and the multiple scanners found nothing (see
below). i also updated the antivir software and it also finds nothing
once updated. im guessing a false positive.

gentlemen thanks once again for your assistance. it is/was greatly
appreciated.

bob brozewicz

Virus Total
_______________________________________________

Scan results
File: stellarium.exe
Date: 09/07/2005 11:36:48 (CET)
----
AntiVir 6.31.1.0/20050906 found nothing
Avast 4.6.695.0/20050906 found nothing
AVG 718/20050831 found nothing
Avira 6.31.1.0/20050907 found nothing
BitDefender 7.0/20050902 found nothing
CAT-QuickHeal 8.00/20050907 found nothing
ClamAV devel-20050725/20050907 found nothing
DrWeb 4.32b/20050907 found nothing
eTrust-Iris 7.1.194.0/20050906 found nothing
eTrust-Vet 11.9.1.0/20050907 found nothing
Fortinet 2.41.0.0/20050907 found nothing
F-Prot 3.16c/20050907 found nothing
Ikarus 0.2.59.0/20050906 found nothing
Kaspersky 4.0.2.24/20050907 found nothing
McAfee 4575/20050906 found nothing
NOD32v2 1.1210/20050906 found nothing
Norman 5.70.10/20050906 found nothing
Panda 8.02.00/20050906 found nothing
Sophos 3.97.0/20050907 found nothing
Symantec 8.0/20050907 found nothing
TheHacker 5.8.2.101/20050906 found nothing
VBA32 3.10.4/20050906 found nothing

 

[David H. Lipman]

From: "bob brozewicz" <[email protected]>


| interesting...
|
| i had this scanned again and the multiple scanners found nothing (see
| below). i also updated the antivir software and it also finds nothing
| once updated. im guessing a false positive.
|
| gentlemen thanks once again for your assistance. it is/was greatly
| appreciated.
|
| bob brozewicz
|
| Virus Total
| _______________________________________________
|
| Scan results
| File: stellarium.exe
| Date: 09/07/2005 11:36:48 (CET)
| ----
| AntiVir 6.31.1.0/20050906 found nothing
| Avast 4.6.695.0/20050906 found nothing
| AVG 718/20050831 found nothing
| Avira 6.31.1.0/20050907 found nothing
| BitDefender 7.0/20050902 found nothing
| CAT-QuickHeal 8.00/20050907 found nothing
| ClamAV devel-20050725/20050907 found nothing
| DrWeb 4.32b/20050907 found nothing
| eTrust-Iris 7.1.194.0/20050906 found nothing
| eTrust-Vet 11.9.1.0/20050907 found nothing
| Fortinet 2.41.0.0/20050907 found nothing
| F-Prot 3.16c/20050907 found nothing
| Ikarus 0.2.59.0/20050906 found nothing
| Kaspersky 4.0.2.24/20050907 found nothing
| McAfee 4575/20050906 found nothing
| NOD32v2 1.1210/20050906 found nothing
| Norman 5.70.10/20050906 found nothing
| Panda 8.02.00/20050906 found nothing
| Sophos 3.97.0/20050907 found nothing
| Symantec 8.0/20050907 found nothing
| TheHacker 5.8.2.101/20050906 found nothing
| VBA32 3.10.4/20050906 found nothing

Proof of a previous False Positive declaration !
Just another example of the value of Virus Total service !!