Re: [clamav-users] Major new false positive? BC.Exploit.CVE_2012_0184
* Cedric Knight ced...@gn.apc.org: Hi I'm seeing BC.Exploit.CVE_2012_0184 hit a wide variety of attachments as of 14:40 UTC this afternoon. Will submit a sample the usual way, but wanted to warn that it just seems to be quite extensive. (also possibly BC.Exploit.CVE_2012_0165). Anyone else seeing this? Yes, I'm also seeing a lot of FP's for BC.Exploit.CVE_2012_0184 -- Ralf Hildebrandt Charite Universitätsmedizin Berlin ralf.hildebra...@charite.deCampus Benjamin Franklin http://www.charite.de Hindenburgdamm 30, 12203 Berlin Geschäftsbereich IT, Abt. Netzwerk fon: +49-30-450.570.155 ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [clamav-users] Major new false positive? BC.Exploit.CVE_2012_0184
* Joel Esler jes...@sourcefire.com: Please run Freshclam. This has already been cleared up. Thanks for the heads up. Time to release stuff from the quarantine. -- Ralf Hildebrandt Charite Universitätsmedizin Berlin ralf.hildebra...@charite.deCampus Benjamin Franklin http://www.charite.de Hindenburgdamm 30, 12203 Berlin Geschäftsbereich IT, Abt. Netzwerk fon: +49-30-450.570.155 ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
[clamav-users] From a newbie: ClamAV scans shut down Google Chrome
Dear ClamAV Users List: For the past several weeks, I've had several viruses detected by ClamAV that show as real viruses, not false positives, although I haven't had any false positives since the first detection. The first detection showed blue false positives and maroon viruses both. I have tried several times to report as I have done in the past via the web interface, but I can't browse to these files as they are under another User Identity although detected by my Administrative Identity. I run Windows Vista Home Premium 32 bit SP 2. These are the files as picked up and pasted from a ClamAV scan report 5-6-12. They are maroon bold-faced in the report: C:\Users\tkfowler\AppData\Local\Google\Chrome\Application\18.0.1025.168\chro me.dll: W32.Virut.Gen.D-148 FOUND C:\Users\tkfowler\AppData\Local\Google\Chrome\Application\18.0.1025.168\Inst aller\chrome.7z: W32.Virut.Gen.D-148 FOUND C:\Users\tkfowler\AppData\Roaming\.clamwin\quarantine\chrome.7z.infected: W32.Virut.Gen.D-148 FOUND C:\Users\tkfowler\AppData\Roaming\.clamwin\quarantine\chrome.dll.infected: W32.Virut.Gen.D-148 FOUND C:\Users\tkfowler\AppData\Roaming\.clamwin\quarantine\chrome.dll.infected.00 0.infected: W32.Virut.Gen.D-148 FOUND What happens as I am running a ClamAV scan is all the Google Chrome shortcuts are inactivated. When it is done, I can't bring up Google Chrome. From Control Panel/Programs, the first time Google Chrome already was uninstalled. The other four or five times, I've had to uninstall and reinstall. So far, I've been able to get back my Favorites, which I use to track research. Since I like Google Chrome, I haven't been running ClamAV very often in the past week, just getting the automatic updates. I've been running ClamAV for at least 6 years, no problems, recommended by my ISP, who uses ClamAV for their email. They can't help me with this and haven't heard of it happening to anyone else. I haven't tried uninstalling and reinstalling ClamAV; not sure if it is a good idea yet. I have run ClamAV in the quarantine option, but two files don't show they are quarantined. I need to know how to proceed: a substitute browser or ClamAV solution? I also run MalwareBytes Anti-Malware, SUPER Anti-Spyware Free Edition, both recommended by my ISP, and Windows Defender. None of these other three have picked up any of the above files. I also wanted to notify in case anyone else is experiencing this problem. Hope this isn't TMI. Joel Esler, Senior Research Engineer, VRT, OpenSource Community Manager, Sourcefire, recommended that I offer this to the group. Thanks to all members more experienced than me. Teresa, teaquil...@lighthouse.net. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [clamav-users] From a newbie: ClamAV scans shut down Google Chrome
Teresa, Would you mind submitting the files below to http://www.clamav.net/lang/en/sendvirus/submit-fp/? This will help us fix the problem you are experiencing. C:\Users\tkfowler\AppData\Local\Google\Chrome\Application\18.0.1025.168\chro me.dll C:\Users\tkfowler\AppData\Local\Google\Chrome\Application\18.0.1025.168\Inst aller\chrome.7z Thanks, - Alain On Sat, May 12, 2012 at 2:06 PM, Teresa K. Fowler teaquil...@lighthouse.net wrote: Dear ClamAV Users List: For the past several weeks, I've had several viruses detected by ClamAV that show as real viruses, not false positives, although I haven't had any false positives since the first detection. The first detection showed blue false positives and maroon viruses both. I have tried several times to report as I have done in the past via the web interface, but I can't browse to these files as they are under another User Identity although detected by my Administrative Identity. I run Windows Vista Home Premium 32 bit SP 2. These are the files as picked up and pasted from a ClamAV scan report 5-6-12. They are maroon bold-faced in the report: C:\Users\tkfowler\AppData\Local\Google\Chrome\Application\18.0.1025.168\chro me.dll: W32.Virut.Gen.D-148 FOUND C:\Users\tkfowler\AppData\Local\Google\Chrome\Application\18.0.1025.168\Inst aller\chrome.7z: W32.Virut.Gen.D-148 FOUND C:\Users\tkfowler\AppData\Roaming\.clamwin\quarantine\chrome.7z.infected: W32.Virut.Gen.D-148 FOUND C:\Users\tkfowler\AppData\Roaming\.clamwin\quarantine\chrome.dll.infected: W32.Virut.Gen.D-148 FOUND C:\Users\tkfowler\AppData\Roaming\.clamwin\quarantine\chrome.dll.infected.00 0.infected: W32.Virut.Gen.D-148 FOUND What happens as I am running a ClamAV scan is all the Google Chrome shortcuts are inactivated. When it is done, I can't bring up Google Chrome. From Control Panel/Programs, the first time Google Chrome already was uninstalled. The other four or five times, I've had to uninstall and reinstall. So far, I've been able to get back my Favorites, which I use to track research. Since I like Google Chrome, I haven't been running ClamAV very often in the past week, just getting the automatic updates. I've been running ClamAV for at least 6 years, no problems, recommended by my ISP, who uses ClamAV for their email. They can't help me with this and haven't heard of it happening to anyone else. I haven't tried uninstalling and reinstalling ClamAV; not sure if it is a good idea yet. I have run ClamAV in the quarantine option, but two files don't show they are quarantined. I need to know how to proceed: a substitute browser or ClamAV solution? I also run MalwareBytes Anti-Malware, SUPER Anti-Spyware Free Edition, both recommended by my ISP, and Windows Defender. None of these other three have picked up any of the above files. I also wanted to notify in case anyone else is experiencing this problem. Hope this isn't TMI. Joel Esler, Senior Research Engineer, VRT, OpenSource Community Manager, Sourcefire, recommended that I offer this to the group. Thanks to all members more experienced than me. Teresa, teaquil...@lighthouse.net. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
