Archief - De topics van lang geleden

Spywarescanner met een false positive.

14-02-2007, 20:30 door G-Force, 1 reacties
Een jaar lang gebruikte ik de spywarescanner CounterSpy en
ben vervolgens op een andere scanner overgestapt. CounterSpy
heb ik niet meer, maar vandaag lag er in mijn spambox
deze mail afkomstig van Eric L. Howes
Director of Malware Research van Sunbelt Software. Wie
CounterSpy wel heeft moet beslist de onderstaande mail
lezen. In defintie 497 is een fout opgetreden waardoor de
computergebruiker denkt dat er een Trojan.Gromozon op zijn
PC zit (dit is niet waar). Gelukkig wordt er niets
verwijderd. De gebruiker wordt geadviseerd om de nieuwste
spyware-definitie 498 te installeren.

Dear CounterSpy customer,

We would like to confirm a false spyware detection that you
may have seen with threat definition 497.

Definitions 497 (released Friday evening) includes a file
trace that is causing an unusual type of false detection for
Trojan.Gromozon. I'm characterizing this detection as
"unusual," because nothing is being removed. In effect,
you're seeing a "phantom" detection on a non-existent file
that's being caused by an unusual interaction between a file
trace in our database and a little-known aspect of the
Windows file system (DOS reserved file names). Windows is
telling CounterSpy that the file is on the drive when in
fact it isn't.

Put very simply: the file isn't there, the Trojan.Gromozon
isn't there, and your boxes are not at risk. This will be
corrected in the next update to CounterSpy's definitions.

We are sorry for any inconvenience this false detection may
have caused. We have corrected this in the latest
definitions version (498). If you are still seeing
Trojan.Gromozon on your computer after updating to the new
definitions, you should take corrective action by
quarantining or removing this threat.

For the more technical consumers of CounterSpy the "phantom"
file in question is "lpt4.ago"

Thanks,

Eric L. Howes
Director of Malware Research
Sunbelt Software

If you do not want to receive any futher email from
Sunbelt Software, please forward this email to:
xxx xxx xxx
This email was sent to: xxxxx xxxxxx xxxx
Reacties (1)
14-02-2007, 21:01 door L.L. Bowen
Hier
http://www.castlecops.com/p896385-Trojan_Gromozon.html
kun je nog wat toegevoegde informatie vinden.

L. L. Bowen
Reageren

Deze posting is gelocked. Reageren is niet meer mogelijk.