Results 1 to 5 of 5

Thread: juz downloaded this thing... virus?

  1. #1
    Regular Member _uNDeRsCoRE's Avatar
    Join Date
    Jun 2002
    Posts
    252

    Question juz downloaded this thing... virus?

    http://www.webattack.com/get/compusec.html
    download the file...


    hav it scanned & logged w/ avg:

    Day 1:

    Results of Complete Test, date and time 11/1/03 0:01:54 :

    G:\_UNDERSC.ORE\COMPUSEC\COMPUSEC._EN:\CompuSec._En\compusec\installa.tio\flp_mbr.bin Could be infected Moloch
    G:\_UNDERSC.ORE\COMPUSEC\COMPUSEC._EN:\CompuSec._En\compusec\installa.tio\mbr.bin Could be infected Moloch

    Test finished, duration 00:18:35.5 s
    23441 objects tested, 2 found infected


    Day 2:

    Results of Complete Test, date and time 11/2/03 0:01:44 :

    G:\_UNDERSC.ORE\COMPUSEC\COMPUSEC._EN:\CompuSec._En\compusec\installa.tio\flp_mbr.bin Moloch G:\_UNDERSC.ORE\COMPUSEC\COMPUSEC._EN:\CompuSec._En\compusec\installa.tio\mbr.bin Moloch

    Test finished, duration 00:18:09.6 s
    23448 objects tested, 2 found infected


    and why is avg not certain...

    Day 1 indicates = Could be infected Moloch
    Day 2 confirms it is really = Moloch

    can some1 d/l and scan the file & post results? tnx

  2. #2
    SG DC Team Member Paft's Avatar
    Join Date
    Feb 2001
    Location
    Norfolk, VA
    Posts
    5,714

    Re: juz downloaded this thing... virus?

    Originally posted by _uNDeRsCoRE
    G:\_UNDERSC.ORE\COMPUSEC\COMPUSEC._EN:\CompuSec._En\compusec\installa.tio\flp_mbr.bin Could be infected Moloch
    G:\_UNDERSC.ORE\COMPUSEC\COMPUSEC._EN:\CompuSec._En\compusec\installa.tio\mbr.bin Could be infected Moloch
    I downloaded the .zip and even unzipped it (AFTER scanning the zip); and I don't have any virus warnings from Avast 4... but.

    I ran the scanner at housecall.antivirus.com and came out with 4 positives.

    flp_mbr and mbr are both "boot.generic*" according to housecall. So I would trust AVG in this case to know what it's talking about.

    Score one AGAINST Avast 4; for now.

  3. #3
    Dr Tweak mnosteele52's Avatar
    Join Date
    Jul 2001
    Location
    Chesapeake, VA
    Posts
    11,916
    I believe this is a false positive. Antivirus apps detect changes to your MBR (master boot record) as virus activity and this app alters your MBR, this is why I belive it is detected.


  4. #4
    Regular Member _uNDeRsCoRE's Avatar
    Join Date
    Jun 2002
    Posts
    252

    ...

    tnx mno,

    never installed the thing, juz downloaded it.
    so it cannot alter MBR. ryt?

    & der r so many boot-viruses, how come avg only detected it positively as moloch? do u think the file is doing a virus-like activity?

  5. #5
    Regular Member _uNDeRsCoRE's Avatar
    Join Date
    Jun 2002
    Posts
    252

    ...

    tnx Paft 4 d inputs

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •