Possible false positive detection of Trojan-Banker.Win32.Banbra.cex
Today ZA Suite found the Trojan-Banker.Win32.Banbra.cex virus in a Visual CADD V5 setup program called TriTools_Setup.exe. I believe that this is a false positive because a) this file has been on my machine and not changed in about four years, b) this is the ONLY file out of 400,000+ scanned with this (or any other) virus, and c) the actual installed program was not called out as infected.
But using VirusTotal I got the following results:
F-Secure 7.60.13501.0 2008.08.17 Trojan-Banker.Win32.Banbra.cex
GData 2.0.7306.1023 2008.08.17 Trojan-Banker.Win32.Banbra.cex
Ikarus T22.214.171.124.0 2008.08.17 Virus.Win32.VB.FLB
Kaspersky 126.96.36.199 2008.08.17 Trojan-Banker.Win32.Banbra.cex
The other 31 engines found nothing. There is no information available in the ZA database, (nor the Kasparsky database) when I click on 'more Info' in ZA, so I don't know what to look for.
Operating System:Windows XP Pro
Product Name:ZoneAlarm Internet Security Suite
Re: Possible false positive detection of Trojan-Banker.Win32.Banbra.cex
Hi!yes, it looks like a false. ZA uses the Kaspersky engine.Just report it to newvirus at kaspersky dot com. Attach the file in a password protected zip. Subject: false positivesMentioned the trojan detected and remember to include the password.A malware specialist will confirm the false positive and/or a signature update will correct the issue.Cheers,Fax
Message Edited by fax on 08-17-2008 11:20 PM