Results 1 to 10 of 11

Thread: Packed.Win32.Katusha.n

Hybrid View

  1. #1
    bcarson Guest

    Default Packed.Win32.Katusha.n

    I am running Zonealarm internet security suite 9.3.037.000 with regular updates on a PC with Win XP SP2.

    Yesterday I clicked on a folder on my desktop and I got a ZA popup that said that it had found Packed.Win32.Katusha.n and quarantined it. I was surprised that it said this was found in a McAfee rootkit detective program (Rootkit_Detective.exe) that I ran once about 3 years ago and is in a zip archive. When I ask for more information on it, the Kaspersky search says no matching records.

    I saw today where there is another file quarantined by ZA, which is a system restore file. also tagged as having Packed.Win32.Katusha.n.

    What should I do now. I still have the zipped archive of the file it alerted on, so should I send it into Kaspersky for analysis? Also, how do I get rid of all my old system restore points?

  2. #2
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,288

    Default Re: Packed.Win32.Katusha.n

    Probably a false positive, check it as suggested here:
    How to diagnose and/or report antivirus/antispyware false positives

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  3. #3
    bcarson Guest

    Default Re: Packed.Win32.Katusha.n

    Thanks, I will try as you suggested as soon as the deep scan I have running on the PC is finished.

  4. #4
    bcarson Guest

    Default Re: Packed.Win32.Katusha.n

    OK, I ran the file through VirusTotal and I am a little uncertain how to analyze the results. Here is what it said:

    File already submitted: The file sent has already been analysed by VirusTotal in the past. This is same basic info regarding the sample itself and its last analysis:
    MD5: 373ee3e147216a7e434ad2c5532d655f
    Date first seen: 2007-01-20 17:35:58 (UTC)
    Date last seen: 2010-03-19 15:52:53 (UTC)
    Detection ratio: 1/42

    Here is the link to the page with the last result:

    http://www.virustotal.com/file-scan/...57d-1269010373

    So if only 1/42 consider it not a virus, am I safe?

  5. #5
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,288

    Default Re: Packed.Win32.Katusha.n

    Yes and your ZA should not detect it (using kaspersky engine in the list). So, your ZA may not work as it should or your AV definition are outdated.

    Did you actually ask to re-scan it and not base your result on past scans? The false positive may have been introduced later.

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  6. #6
    bcarson Guest

    Default Re: Packed.Win32.Katusha.n

    I have my update set to auto every 12 hours and I do see it updating, but I am not sure if it actually completes. The reason I say that is because a couple days ago I tried a manual update and it downloaded but it gave me an error and said it couldn't update. I assumed this meant it was already up to date and had I intended to pursue it further when I found the time. I am currently showing anti virus engine 8.0.2.48, DAT file version 1031940992. I am not sure if this is the most current and I briefly looked on the ZA site without luck to see which is the most current. I will continue looking.

    I am not sure what you mean by asking to re-scan. Yesterday I did a "Deep Scan" of the entire PC and it did not detect the virus again. I looked at the scan settings, but I didn't see a way to "base your result on past scans". I have no exceptions listed in the advanced scanning options.

    I am not certain what quarantine means since the original file is still on my drive in the same place it was found. I is still inside the zip archive, which is what I submitted to VirusTotal. I assumed VirusTotal would look at all the contents of a zip archive, but if not, do I need to unzip the executable inside before I submit? I don't want to unzip it for fear of unleashing something and I eventually intend to delete the file off my drive.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Packed.Win32.Katusha.e
    By funkoligy in forum ZoneAlarm Anti-virus & Anti-spyware
    Replies: 3
    Last Post: January 16th, 2010, 03:24 AM
  2. Packed.Win32.Krap.ag.
    By bcool in forum ZoneAlarm Anti-virus & Anti-spyware
    Replies: 5
    Last Post: November 29th, 2009, 07:32 PM
  3. Packed.Win32.TDSS.y
    By emjaybe2326 in forum Malware Discussion
    Replies: 0
    Last Post: September 15th, 2009, 06:57 AM
  4. Packed.Win32.Katusha.e
    By worenx in forum Malware Discussion
    Replies: 11
    Last Post: August 25th, 2009, 10:43 AM
  5. Replies: 2
    Last Post: March 17th, 2009, 07:31 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •