Thanks, I will try as you suggested as soon as the deep scan I have running on the PC is finished.
OK, I ran the file through VirusTotal and I am a little uncertain how to analyze the results. Here is what it said:
File already submitted: The file sent has already been analysed by VirusTotal in the past. This is same basic info regarding the sample itself and its last analysis:
Date first seen: 2007-01-20 17:35:58 (UTC)
Date last seen: 2010-03-19 15:52:53 (UTC)
Detection ratio: 1/42
Here is the link to the page with the last result:
So if only 1/42 consider it not a virus, am I safe?
Yes and your ZA should not detect it (using kaspersky engine in the list). So, your ZA may not work as it should or your AV definition are outdated.
Did you actually ask to re-scan it and not base your result on past scans? The false positive may have been introduced later.
I have my update set to auto every 12 hours and I do see it updating, but I am not sure if it actually completes. The reason I say that is because a couple days ago I tried a manual update and it downloaded but it gave me an error and said it couldn't update. I assumed this meant it was already up to date and had I intended to pursue it further when I found the time. I am currently showing anti virus engine 220.127.116.11, DAT file version 1031940992. I am not sure if this is the most current and I briefly looked on the ZA site without luck to see which is the most current. I will continue looking.
I am not sure what you mean by asking to re-scan. Yesterday I did a "Deep Scan" of the entire PC and it did not detect the virus again. I looked at the scan settings, but I didn't see a way to "base your result on past scans". I have no exceptions listed in the advanced scanning options.
I am not certain what quarantine means since the original file is still on my drive in the same place it was found. I is still inside the zip archive, which is what I submitted to VirusTotal. I assumed VirusTotal would look at all the contents of a zip archive, but if not, do I need to unzip the executable inside before I submit? I don't want to unzip it for fear of unleashing something and I eventually intend to delete the file off my drive.
Virustotal re-scan. The scan you posted is from last MARCH and has no use for checking false positives.
Originally Posted by bcarson
So check if you get the same detection (kaspersky in the list), if few or only kaspersky detects it then send it to Kaspersky as my link explains. A malware analyst from Kaspersky will confirm it or not and issue a fix.
Note that SP2 is not anymore supported and 12 hours is way too much. You should have 1 hour or 30 minutes.
OK, I submitted it for reanalysis at VirusTotal and got no detection on Kaspersky:
Are you saying I need to upgrade to Win XP SP3 in order for my updates to install? I assume ZA is still working on my SP2 system?
Your DAT numbering is not updated please manually update your antivirus. Take note of the number. After the update you should see a new higher number. Now you should not have anymore that detection and the file will be found clean. If not, your ZA is not working correctly.
From SP2 there has been literally hundreds of vulnerability been fixed. By running SP2 you are exposed to easy infections even with up-to-date antivirus. Not good. ZA support SP2 but works best with SP3.
See here below how to maximise your security:
xyz was not detected. What I should do?