Results 1 to 5 of 5

Thread: False positive or real deal?

  1. #1
    aceross Guest

    Default False positive or real deal?

    Just ran an antivirus scan on my machine--it quarantined a file named Packed.Win32.Katusha.b--which I Googled and I found a thread somewhere on here that it was related to .NET somehow. I am not sure how I contact tech support anyplace but here, but could anyone shed light on this one for me?


    Decription Anti-virus successfully quarantined a virus or viruses
    Date / Time 2009-03-17 22:10:22-7:00
    Type Treat
    Virus name Packed.Win32.Katusha.b
    Filename C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Mic rosoft.Transacti#\1820d6a012fc0e16c3e1d29d973cd2d0 \Microsoft.Transactions.Bridge.Dtc.ni.dll
    Action Quarantined
    Mode Manual
    E-mail

    Operating System:Windows XP Pro
    Software Version:8.0
    Product Name:ZoneAlarm Internet Security Suite

  2. #2
    socalsamurai Guest

    Default Re: False positive or real deal?

    I also got the same problem with ZASS V8.0.298.000 as reported by you and others in Malware Discussion Board. But, thanks to heads-up work already done and posted by "goat_man", this must be a false-positive. You can do Anti-virus/Anti-spyware update to DAT file version 980563537, restore
    'Packed.Win32.Katusha.b' file in quarantine, runa virus scan and confirm that this false-positive file is no longer detected.



    You can contact ZA Tech Support and still report this issue at: http://www.zonealarm.com/tsform. I did and got the normal response that they will respond in 2 working days.

    Zone Alarm Security Suite version 8.0.298.000
    Anti-virus engine version 6.0.2.678, DAT file version 980563537Anti-spyware engine version 5.0.209.0, DAT file version 01.200903.5545

  3. #3
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,286

    Default Re: False positive or real deal?

    Hi!if the false positive is from the side of the antivirus engine then you could reportit directly to Kaspersky instead of passing via the ZA support. See here:http://forum.zonealarm.org/zonelabs/...essage.id=3780Cheers,Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  4. #4
    cwem Guest

    Default Re: False positive or real deal?

    I got my from Packed.Win32.Katusha.b was found in C:\Program Files\HP Games\Luxor 3\Luxor3-WT.exe, a virus
    and is doesn't seem to be on the same file locate like
    from the other members.
    There is listed from Kaspershy was reported on 3/8 without explanation.
    However I found this, the
    only one from google threat:
    Malware: Packed.Win32.Katusha.b
    Information
    Detection added: 27.03.2009
    Behavior: Packed
    This is a detection for files that use some kind of runtime packer.
    A runtime packer can be used to reduce the size of executable files without the need for an external unpacker.
    While this can t be considered malicious in general, runtime packers are widely used with malicious files since they can prevent a already known malware from detection by an Antivirus product.Platform: This malware is a Windows PE EXE file.
    Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows Vista, Windows XP
    True or False?Bottom line I haven't
    open the HP Game yet.

    Message Edited by cwem on 03-29-2009 06:03 AM

  5. #5
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,286

    Default Re: False positive or real deal?

    Hi!report to Kaspersky, malware analyst will confirm to you if false positive or not.If it is a false detection it will be fixed in a day.Cheers,Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •