Sorry - it was 3041 last week - now it's 3054 http://www.virustotal.com/file-scan/report.html?id=594d97054e3a8034d8bc3ae3b9cd8a00d95bb68f8cda84e96d8ee08d5f24e101-1315184892
On 05/09/11 19:20, Al Varnell wrote: > > That's strange I am unable to locate "Trojan.Rootkit-3041" in the current > clamav db or on VirusTotal. When I Google that name the only thing I find > is your message. Do you have the VirusTotal ID? > > > -Al- > > -- > Al Varnell > Mountain View, CA > > On 9/4/11 6:57 PM, "Jason Haar" <[email protected]> wrote: > > > Hi there > > > > We picked up an infected machine, and ran ClamAV over it. ClamAV picked > > up iastor.sys as Trojan.Rootkit-3041 > > > > However according to virustotal.com, only ClamAV claims this is infected > > - so I'm wary of it. > > > > However... the machine it was got from WAS infected with other viruses, > > and windows\system32 contains THREE copies of iastor.sys: "iastor.sys", > > "iaStor.sys" and "IaStor.sys" - which have two different sizes (but both > > were detected as Trojan.Rootkit-3041 by ClamAV and nothing else) > > > > So, that smells really suspicious to me - but I'm surprised no other AV > > picks it. It isn't impossible ClamAV is ahead of everyone else on this > > particular virus, so I thought I'd check here > > > > Update: a week has past since I saved this email to my Drafts - as I > > initially decided to report it as a FP via the clamav.net website > > instead. Anyway, a week has past and clamav just declared a different > > box as being infected - this time iastor.sys is Trojan.Rootkit-3054. > > Again, nothing else picks it as a virus on virustotal.com, AND clamav > > says copies of this file under "WINDOWS/dell/iastor/iastor.sys" and > > "Drivers/DELL/SATA_RAID/driver_only/iastor.sys" are also infected - > > which I find very hard to believe a virus would bother looking for. > > > > Has anyone else been seeing FPs with iastor.sys? > > > _______________________________________________ > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > http://www.clamav.net/support/ml > -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +1 408 481 8171 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
