Results 1 to 5 of 5

Thread: [SOLVED] ClamAV finds Trojan.Generic.Fakesec-9, but ZoneAlarm not --> False positive

  1. #1
    grundfos Guest

    Default [SOLVED] ClamAV finds Trojan.Generic.Fakesec-9, but ZoneAlarm not --> False positive

    I decided to check my Windows disk for Viruses today using ClamAV on Linux.

    The Windows installation is fully updated and is using the latest version of ZoneAlarm Extreme Security, with the latest definitions.

    /media/XP/WINDOWS/system32/dllcache/tourW.exe: Trojan.Generic.Fakesec-9 FOUND
    /media/XP/WINDOWS/Help/Tours/mmTour/tour.exe: Trojan.Generic.Fakesec-9 FOUND

    Trojan.Generic.Fakesec-9 is also known as Packed.Win32.Krap.ai

    How do I know that ZoneAlarm is doing its job now?
    Should I ask for my money back?

  2. #2
    Join Date
    Jun 2006
    Location
    The 3rd Coast - South Central Texas
    Posts
    10,465

    Default Re: ClamAV finds Trojan.Generic.Fakesec-9, but ZoneAlarm apparently cannot

    For peace of mind you can see here below for standard steps:
    Malware Clean-up Guidance

    For better protection see here:
    xyz was not detected. What I should do?

    If you have ZA Extreme I would recommend you turn ON virtualization. If you have then you perfectly protected.
    GeorgeV
    ZoneAlarm® Extreme Security


    Click here for ZA Support
    Monday-Saturday__ 6am to 10pm Central time
    Closed Sundays and Holidays

  3. #3
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,285

    Default Re: ClamAV finds Trojan.Generic.Fakesec-9, but ZoneAlarm apparently cannot

    Sounds like a Clam AV false positive.
    The software seems perfectly legit. See here

    How to check for a false positive:
    How to report antivirus/antispyware false positives
    Upload the files to virustotal for a check.

    Please remember that running multiple AVs can cause issues, software fighting for resources, conflicts in the background and finally possible mulfunctions at the time of detecting and cleaning. End result --> less security.

    Cheers,
    Fax
    Last edited by fax; August 11th, 2010 at 12:30 AM.

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  4. #4
    grundfos Guest

    Default Re: ClamAV finds Trojan.Generic.Fakesec-9, but ZoneAlarm apparently cannot

    Thanks for the virustotal URL.

    I think it was a true positive for ClamAV and a false negative for the other 40 Virus Scanners.

    Going to do a safe mode full scan now with ZoneAlarm.

    If that doesn't find it then it will be a bootable CD with Sophos sweep.exe and latest definitions.

    I want to see if Sophos or ZA can "confirm" what ClamAV says.

    If not then I will remove the TCPIP settings form Windows installation and only use Linux for Internet access from then on. Maybe it would also be a good time to try Wine.


    Antivirus Version Last Update Result
    AhnLab-V3 2010.08.11.00 2010.08.10 -
    AntiVir 8.2.4.34 2010.08.10 -
    Antiy-AVL 2.0.3.7 2010.08.11 -
    Authentium 5.2.0.5 2010.08.11 -
    Avast 4.8.1351.0 2010.08.10 -
    Avast5 5.0.332.0 2010.08.10 -
    AVG 9.0.0.851 2010.08.10 -
    BitDefender 7.2 2010.08.11 -
    CAT-QuickHeal 11.00 2010.08.11 -
    ClamAV 0.96.0.3-git 2010.08.11 Trojan.Agent-167127
    Comodo 5711 2010.08.11 -
    DrWeb 5.0.2.03300 2010.08.11 -
    Emsisoft 5.0.0.37 2010.08.11 -
    eSafe 7.0.17.0 2010.08.09 -
    eTrust-Vet 36.1.7780 2010.08.11 -
    F-Prot 4.6.1.107 2010.08.10 -
    F-Secure 9.0.15370.0 2010.08.11 -
    Fortinet 4.1.143.0 2010.08.10 -
    GData 21 2010.08.11 -
    Ikarus T3.1.1.87.0 2010.08.11 -
    Jiangmin 13.0.900 2010.08.10 -
    Kaspersky 7.0.0.125 2010.08.11 -
    McAfee 5.400.0.1158 2010.08.11 -
    McAfee-GW-Edition 2010.1 2010.08.11 -
    Microsoft 1.6004 2010.08.11 -
    NOD32 5356 2010.08.10 -
    Norman 6.05.11 2010.08.11 -
    nProtect 2010-08-11.01 2010.08.11 -
    Panda 10.0.2.7 2010.08.10 -
    PCTools 7.0.3.5 2010.08.11 -
    Rising 22.60.02.01 2010.08.11 -
    Sophos 4.56.0 2010.08.11 -
    Sunbelt 6716 2010.08.11 -
    SUPERAntiSpyware 4.40.0.1006 2010.08.11 -
    Symantec 20101.1.1.7 2010.08.11 -
    TheHacker 6.5.2.1.342 2010.08.11 -
    TrendMicro 9.120.0.1004 2010.08.11 -
    TrendMicro-HouseCall 9.120.0.1004 2010.08.11 -
    VBA32 3.12.12.8 2010.08.10 -
    ViRobot 2010.8.9.3978 2010.08.11 -
    VirusBuster 5.0.27.0 2010.08.10 -

  5. #5
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,285

    Default Re: ClamAV finds Trojan.Generic.Fakesec-9, but ZoneAlarm apparently cannot

    Uuum looks like you scanned a different file and having a different detection.
    Please report directly to ClamAV or Kaspersky, not here.

    To avoid unhelpful discussions or discussion on another antivirus detections (not the scope of this section) I Am closing this thread. You can followup (if needed) on PM to post more details.

    Links to relevant threads about viruses/false positives and reporting have already been given.

    Thanks,
    Fax
    Last edited by fax; August 11th, 2010 at 12:51 AM.

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. [SOLVED] Cant get helpsvc.exe out of quarantine --> False positive
    By rinda in forum ZoneAlarm Configuration
    Replies: 3
    Last Post: August 6th, 2010, 05:51 AM
  2. Real Trojan or False Positive?
    By morey in forum Malware Discussion
    Replies: 2
    Last Post: November 9th, 2009, 08:15 AM
  3. Win32.Trojan.Generic.73887 false positive for NirSoft PSPV.EXE...
    By j_hallgren in forum Malware Discussion
    Replies: 0
    Last Post: December 23rd, 2007, 12:18 PM
  4. Win32.Trojan.Poebot.9 - False positive?
    By sanjeevravindra in forum Malware Discussion
    Replies: 1
    Last Post: May 1st, 2007, 08:56 PM
  5. win32.trojan.dialer.hz - False Positive?
    By atsfrw in forum Windows and ZoneAlarm Messages and Alerts
    Replies: 5
    Last Post: March 28th, 2006, 10:37 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •