Sign in to follow this  
professional_1

Winavm (False positive?)

Recommended Posts

Hi dear friends. A few days ago, the internet site (giveawayoftheday.com) distibuted a software called "Windows anti-virus mate" It is marked as %100 clean (no virus, no spyware, no form of malware) by Softpedia.com.

A few days ago, a-squared was confirming that those files were clean.

But today, when we get the update for a-squared scanner, we face that "Trojan.Win32.FakeAv!IK" was found in winavm\avm.exe (windows anti-virus mate)

So is this a false positive?

If not, what is the detailed effect of this trojan? Or is this just a fake antivirus but NOT a trojan?

If this is a trojan, do we have to just delete that file or we have to clean the registry?

Thanks to Lynx, and all the other friends who will help us to know about this "Trojan.Win32.FakeAv!IK"

Share this post


Link to post
Share on other sites

**Update:

The strange thing is: the files in softpedia.com are marked to be clean (scanned by a-squared)

The files from giveawayoftheday.com are same size but different content. They probably contain a fraud,trojan or rootkit.

Kaspersky marks this as "Trojan.Win32.FraudPack.amds"

A-squared: "Trojan.Win32.FakeAV"

Any other Anti-virus software: "Clean"

Results:

http://www.virustotal.com/tr/analisis/2c7a4fd5bab1a09e19cec183e563b14ae209df8b20bdd06f24a775c00d36c32b-1266881383

Share this post


Link to post
Share on other sites
... Hi dear friends... Thanks to Lynx, and all the other friends who will help us to know about this "Trojan.Win32.FakeAv!IK"...

Hi professional_1,

Friends are willing to help but you have to do it yourself in the 1st place.

Please submit the flagged item(s) from the detection list

1) Always save report so you cat attach it (when typing you can make a mistake - typo)

2) Provide more info about the System Environment as in Forum Posting Rules #2)

3) I don't have such file. Despite we never rely on file names only different setups as pointed above may have different files/detections

4) By the name if it's correct the file could be indeed malicious according to info that can be gathered

5) have you received the message from a-squared about inability to quarantine/delete or you did not try to quarantine?

My regards

Share this post


Link to post
Share on other sites

I'm sorry dear lynx. I just tought that we could reach the information by just mentioning "Trojan.Win32.FakeAv!IK".

Here are the details:

System Environment: Attached.

Log file: Attached

The suspected file: Attached

The file was succesfully deleted. I sent you from backups. There are lots of modifications in registry (when installing that suspicious software) but unfortunately only file deletion was done with a-squared.

I'm not sure that it's enough. So i decided to contact you. By this way, a lot more people could get benefit. Because this software was distributed to masses via giveawayoftheday.com/ just 4 days ago. And now it's marked as "Trojan.Win32.FakeAv!IK"

A comprehensive trojan? or just a "one-file" exe threat

My regards.

*** attached file in question removed {Lynx}

Share this post


Link to post
Share on other sites

Hi professional_1,

I edited your post.

Please never send / attach files in question.

You can submit flagged items from the detection list or from quarantine to EMSI developers for analysis.

Otherwise if you want to investigate the matter and/or your system is misbehaving

=======

Read the following instructions

START HERE, if you don't we are just going to send you back to this thread <--click

Prepare and post (attach) the required log files into Malware Removal section of the forum

(create new thread there)

Wait for reply from ShadowPuterDude, Katana, or JeanInMontana

for assistance and further instructions.

=======

Translation Links for Forum Instructions

My regards

Share this post


Link to post
Share on other sites

You are the one that says "I don't have such file. Despite we never rely on file names only" and now you are the one that says "never post suspected files" That's weird isn't it? :)

I knew it and that was why i just gave filename and malware name in first post.

I just wanted to find information on "Trojan.Win32.FakeAv!IK"

Unfortunately it seems that this information will be hard to find.

So I will use my backups.

Thanks anyway.

Share this post


Link to post
Share on other sites

No that is not weird.

The submission is the only way to find whether the file is real malware or False Positive if you are not sure.

And that rule applies to any security Software.

But you never post allegedly infectious files or suspicious links into the open forums.

If you have questions about the submission procedure please ask

or

the answers could be given if you visit Malware Removal section and provide all needed info as suggested

My regards

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.