Spyware, Viruses, & Security forum

General discussion

Confusing results

by Damn_machine / April 2, 2006 5:55 AM PDT

I did an online virus scan using Pandasoft's scanner. It indicated the presence of 3 instances of the Netsky worm. AVG did not find it, nor did the Symantec Netsky removal tool. The Pandasoft scan also "found" several spyware items which are not found in my system by Spybot, Adaware, Ewido or Windows Defender. What's the story? Is Pandasoft just trying to sell me their product with false positives, or is it really finding stuff that the others are missing?

Discussion is locked
You are posting a reply to: Confusing results
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: Confusing results
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
There are a world of false positives.
by R. Proffitt Forum moderator / April 2, 2006 7:23 AM PDT
In reply to: Confusing results

But if Housecall doesn't find it... It is, in my opinion a false positive.

Bob

Collapse -
false positives
by Damn_machine / April 2, 2006 9:11 AM PDT

TrendMicro's Housecall also fails to find any problems. Must be a false positive. Thanks.

Collapse -
Re: confusing results
by Kees Bakker / April 2, 2006 7:36 AM PDT
In reply to: Confusing results

Maybe, if you tell more about these finds, we can say something more. A worm is a program, and you are supposed to know what programs you installed into what folder and when you did it. If suddenly there's a new folder in Program Files, created yesterday, and you didn't do it, it's likely to be malware, in my opinion. Anything other than dc* in your recycle bin is highly suspect. All Microsoft programs have a name and description and author in their properties. Anything in c:\windows folder that doesn't and isn't recognisable (from the filename or the creation date) as something belonging to your printer (hp* or cj*) is suspect. With dll's and ocx's it's comparable. Files with names like msdrivr1.exe that can't be found with google are suspect.

It could very well be a false positive. But it's nice to know for sure.

Kees

Collapse -
reply
by Damn_machine / April 2, 2006 11:14 AM PDT
In reply to: Re: confusing results

Kees - thanks for responding to my post. I am unsure about how to interpret your statement "A worm is a program, and you are supposed to know what programs you installed into what folder and when you did it."

According to Panda Software "Netsky.P is a worm that deletes the entries that belong to several worms, including Mydoom.A, Mydoom.B, Mimail.T and several variants of Bagle."
"Netsky.P spreads via e-mail in a message with variable characteristics, and through peer-to-peer (P2P) file sharing programs."
"Netsky.P is automatically activated when the e-mail message is viewed through Outlook's Preview Pane. It does this by exploiting a vulnerability in Internet Explorer, which allows e-mail attachments to be automatically run. This vulnerability exploit is known as Exploit/iFrame."

Visible Symptoms:

"Netsky.P is difficult to recognize, as it does not show any messages or warnings that indicate it has reached the computer."

I don't believe that I (as you suggest) installed Netsky into my system. In fact, when I subsequently ran the Pandasoft removal tool, like the other removal programs that I had run previously, it detected no trace of Netsky. False positive I think.

Collapse -
I Agree w/ Bob & Kees! In Another Post I Said:" Panda Not ..
by tobeach / April 2, 2006 4:14 PM PDT
In reply to: reply

being one of my favorites"...and the unusual level of what I perceive to be false positives is one reason why.
I would trust the other removal tools "failure to find" as most likely correct. Happy

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

Does BMW or Volvo do it best?

Pint-size luxury and funky style

Shopping for a new car this weekend? See how the BMW X2 stacks up against the Volvo XC40 in our side-by-side comparison.