Posted 12 November 2006 - 08:01 AM
Zlob-VU Sophos details
I initially thought it was because my system had been compromised so I downloaded the file
again and it was again detected as the same trojan. I've also downloaded another '.exe' from
another website (Mcafee Stinger) to make sure that the file wasn't being infected after being downloaded.
I was able to download that file and it did not contain the trojan.
Can anyone else verify what I've found or is Sophos wrong?
Posted 12 November 2006 - 09:08 AM
Sophos reported the same trojan in the Winamp and Inkscape install files.
I assume that they're all using the same installer and something in the installer
is setting off the anti-virus.
I've submitted the CCleaner setup file to Sophos and noted with them
that I think it's reporting a false positive. Hopefully they'll sort
it out quickly.
Posted 12 November 2006 - 09:11 AM
Posted 12 November 2006 - 11:53 AM
Yes apparently some virus writes wrote viruses what used NSIS component's or source code. As result pretty much every AV in the market started to detect literally tens of thousands NSIS installers as viruses. The biggest AV companys are aware of the problem and doesn't cause much NSIS false positeves anymore, but the smaller AV companys (mainly free AVs) are still producing "tons" of NSIS false positives.
The same installer you state I think is Nullsoft Scriptable Install System ("NSIS") which recently allot of virus scanners started giving false positives against. Then again it's like the old problem when some virus scanners detect all UPX compressed files as viruses even though they're clean.
As personal opinion I would ditch any AV what still is producing these false positives.
Posted 13 November 2006 - 04:37 AM
I'm posting it here just so that there is a record of it.
/* Start of email */
thank you for your email. The file ccsetup134.exe that you sent to us
for analysis was indeed producing a false-positive report and an
updated IDE file has been released to correct this. Please do not
hesitate to contact me if I can be of any further assistance.
/* End of email */