Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Packed.Win32.Katusha.n

  1. #1
    bcarson Guest

    Default Packed.Win32.Katusha.n

    I am running Zonealarm internet security suite 9.3.037.000 with regular updates on a PC with Win XP SP2.

    Yesterday I clicked on a folder on my desktop and I got a ZA popup that said that it had found Packed.Win32.Katusha.n and quarantined it. I was surprised that it said this was found in a McAfee rootkit detective program (Rootkit_Detective.exe) that I ran once about 3 years ago and is in a zip archive. When I ask for more information on it, the Kaspersky search says no matching records.

    I saw today where there is another file quarantined by ZA, which is a system restore file. also tagged as having Packed.Win32.Katusha.n.

    What should I do now. I still have the zipped archive of the file it alerted on, so should I send it into Kaspersky for analysis? Also, how do I get rid of all my old system restore points?

  2. #2
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,289

    Default Re: Packed.Win32.Katusha.n

    Probably a false positive, check it as suggested here:
    How to diagnose and/or report antivirus/antispyware false positives

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  3. #3
    bcarson Guest

    Default Re: Packed.Win32.Katusha.n

    Thanks, I will try as you suggested as soon as the deep scan I have running on the PC is finished.

  4. #4
    bcarson Guest

    Default Re: Packed.Win32.Katusha.n

    OK, I ran the file through VirusTotal and I am a little uncertain how to analyze the results. Here is what it said:

    File already submitted: The file sent has already been analysed by VirusTotal in the past. This is same basic info regarding the sample itself and its last analysis:
    MD5: 373ee3e147216a7e434ad2c5532d655f
    Date first seen: 2007-01-20 17:35:58 (UTC)
    Date last seen: 2010-03-19 15:52:53 (UTC)
    Detection ratio: 1/42

    Here is the link to the page with the last result:

    http://www.virustotal.com/file-scan/...57d-1269010373

    So if only 1/42 consider it not a virus, am I safe?

  5. #5
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,289

    Default Re: Packed.Win32.Katusha.n

    Yes and your ZA should not detect it (using kaspersky engine in the list). So, your ZA may not work as it should or your AV definition are outdated.

    Did you actually ask to re-scan it and not base your result on past scans? The false positive may have been introduced later.

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  6. #6
    bcarson Guest

    Default Re: Packed.Win32.Katusha.n

    I have my update set to auto every 12 hours and I do see it updating, but I am not sure if it actually completes. The reason I say that is because a couple days ago I tried a manual update and it downloaded but it gave me an error and said it couldn't update. I assumed this meant it was already up to date and had I intended to pursue it further when I found the time. I am currently showing anti virus engine 8.0.2.48, DAT file version 1031940992. I am not sure if this is the most current and I briefly looked on the ZA site without luck to see which is the most current. I will continue looking.

    I am not sure what you mean by asking to re-scan. Yesterday I did a "Deep Scan" of the entire PC and it did not detect the virus again. I looked at the scan settings, but I didn't see a way to "base your result on past scans". I have no exceptions listed in the advanced scanning options.

    I am not certain what quarantine means since the original file is still on my drive in the same place it was found. I is still inside the zip archive, which is what I submitted to VirusTotal. I assumed VirusTotal would look at all the contents of a zip archive, but if not, do I need to unzip the executable inside before I submit? I don't want to unzip it for fear of unleashing something and I eventually intend to delete the file off my drive.

  7. #7
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,289

    Default Re: Packed.Win32.Katusha.n

    Quote Originally Posted by bcarson View Post
    I am not sure what you mean by asking to re-scan.
    Virustotal re-scan. The scan you posted is from last MARCH and has no use for checking false positives.

    Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  8. #8
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,289

    Default Re: Packed.Win32.Katusha.n

    So check if you get the same detection (kaspersky in the list), if few or only kaspersky detects it then send it to Kaspersky as my link explains. A malware analyst from Kaspersky will confirm it or not and issue a fix.

    Note that SP2 is not anymore supported and 12 hours is way too much. You should have 1 hour or 30 minutes.

    Cheers,
    Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  9. #9
    bcarson Guest

    Default Re: Packed.Win32.Katusha.n

    OK, I submitted it for reanalysis at VirusTotal and got no detection on Kaspersky:

    http://www.virustotal.com/file-scan/...57d-1291316443

    Are you saying I need to upgrade to Win XP SP3 in order for my updates to install? I assume ZA is still working on my SP2 system?

  10. #10
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,289

    Default Re: Packed.Win32.Katusha.n

    Your DAT numbering is not updated please manually update your antivirus. Take note of the number. After the update you should see a new higher number. Now you should not have anymore that detection and the file will be found clean. If not, your ZA is not working correctly.

    From SP2 there has been literally hundreds of vulnerability been fixed. By running SP2 you are exposed to easy infections even with up-to-date antivirus. Not good. ZA support SP2 but works best with SP3.

    See here below how to maximise your security:
    xyz was not detected. What I should do?

    Cheers,
    Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Packed.Win32.Katusha.e
    By funkoligy in forum ZoneAlarm Anti-virus & Anti-spyware
    Replies: 3
    Last Post: January 16th, 2010, 03:24 AM
  2. Packed.Win32.Krap.ag.
    By bcool in forum ZoneAlarm Anti-virus & Anti-spyware
    Replies: 5
    Last Post: November 29th, 2009, 07:32 PM
  3. Packed.Win32.TDSS.y
    By emjaybe2326 in forum Malware Discussion
    Replies: 0
    Last Post: September 15th, 2009, 06:57 AM
  4. Packed.Win32.Katusha.e
    By worenx in forum Malware Discussion
    Replies: 11
    Last Post: August 25th, 2009, 10:43 AM
  5. Replies: 2
    Last Post: March 17th, 2009, 07:31 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •