lucid
09-03-2009, 01:44 AM
I'm using the latest SD with AV on XP pro SP3 PC fully updated.
Product version 6.1.0.447
Database version 6.13180
Intelli sigs. 1597220
AV Engine 6.1.0.50
Infection was detected on this computer
Threat Name - Trojan-PWS.Bancos
Type - File
Risk Level - High
Infection - avidemux_2.4_r4532_win32.exe
This is a legitimate application used to edit and encode video files. from here:
http://fixounet.free.fr/avidemux/
A virus total scan is clean even on PC Tools:
http://www.virustotal.com/analisis/16920fc77137472a1d94bc5c941c9544ae8ed77b4744921524 fd7bba0801d9ae-1251914512
I think that this is a false positive it has been scanned before and has been fine its installed and works just fine. This has just popped up since the new update that required a couple of reboots.
Here is a link to download the file:
http://rapidshare.com/files/274928934/avidemux_2.4_r4532_win32.zip.html
MD5: DAB32E9F5D1FD113F83C7CD5756CDABC
I also have the registry entries that have popped up on this topic about a false positive:
http://www.pctools.com/forum/showthread.php?t=59350
Threat Name - Trojan.Generic
Type - Registry Value
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\Interface\{248 DD892-BB45-11CF-9ABC-0080C7E7B78D}\ProxyStubClsid, (Default)
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\Interface\{248 DD892-BB45-11CF-9ABC-0080C7E7B78D}\ProxyStubClsid
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\Interface\{248 DD892-BB45-11CF-9ABC-0080C7E7B78D}\ProxyStubClsid32, (Default)
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\Interface\{248 DD892-BB45-11CF-9ABC-0080C7E7B78D}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\Interface\{248 DD892-BB45-11CF-9ABC-0080C7E7B78D}\TypeLib, (Default)
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\Interface\{248 DD892-BB45-11CF-9ABC-0080C7E7B78D}\TypeLib, Version
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\Interface\{248 DD892-BB45-11CF-9ABC-0080C7E7B78D}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\Interface\{248 DD892-BB45-11CF-9ABC-0080C7E7B78D}
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TypeLib\{248DD 890-BB45-11CF-9ABC-0080C7E7B78D}\1.0, (Default)
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TypeLib\{248DD 890-BB45-11CF-9ABC-0080C7E7B78D}\1.0\0\win32, (Default)
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TypeLib\{248DD 890-BB45-11CF-9ABC-0080C7E7B78D}\1.0\0\win32
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TypeLib\{248DD 890-BB45-11CF-9ABC-0080C7E7B78D}\1.0\0
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TypeLib\{248DD 890-BB45-11CF-9ABC-0080C7E7B78D}\1.0\FLAGS, (Default)
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TypeLib\{248DD 890-BB45-11CF-9ABC-0080C7E7B78D}\1.0\FLAGS
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TypeLib\{248DD 890-BB45-11CF-9ABC-0080C7E7B78D}\1.0\HELPDIR, (Default)
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TypeLib\{248DD 890-BB45-11CF-9ABC-0080C7E7B78D}\1.0\HELPDIR
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TypeLib\{248DD 890-BB45-11CF-9ABC-0080C7E7B78D}\1.0
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TypeLib\{248DD 890-BB45-11CF-9ABC-0080C7E7B78D}
Product version 6.1.0.447
Database version 6.13180
Intelli sigs. 1597220
AV Engine 6.1.0.50
Infection was detected on this computer
Threat Name - Trojan-PWS.Bancos
Type - File
Risk Level - High
Infection - avidemux_2.4_r4532_win32.exe
This is a legitimate application used to edit and encode video files. from here:
http://fixounet.free.fr/avidemux/
A virus total scan is clean even on PC Tools:
http://www.virustotal.com/analisis/16920fc77137472a1d94bc5c941c9544ae8ed77b4744921524 fd7bba0801d9ae-1251914512
I think that this is a false positive it has been scanned before and has been fine its installed and works just fine. This has just popped up since the new update that required a couple of reboots.
Here is a link to download the file:
http://rapidshare.com/files/274928934/avidemux_2.4_r4532_win32.zip.html
MD5: DAB32E9F5D1FD113F83C7CD5756CDABC
I also have the registry entries that have popped up on this topic about a false positive:
http://www.pctools.com/forum/showthread.php?t=59350
Threat Name - Trojan.Generic
Type - Registry Value
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\Interface\{248 DD892-BB45-11CF-9ABC-0080C7E7B78D}\ProxyStubClsid, (Default)
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\Interface\{248 DD892-BB45-11CF-9ABC-0080C7E7B78D}\ProxyStubClsid
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\Interface\{248 DD892-BB45-11CF-9ABC-0080C7E7B78D}\ProxyStubClsid32, (Default)
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\Interface\{248 DD892-BB45-11CF-9ABC-0080C7E7B78D}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\Interface\{248 DD892-BB45-11CF-9ABC-0080C7E7B78D}\TypeLib, (Default)
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\Interface\{248 DD892-BB45-11CF-9ABC-0080C7E7B78D}\TypeLib, Version
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\Interface\{248 DD892-BB45-11CF-9ABC-0080C7E7B78D}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\Interface\{248 DD892-BB45-11CF-9ABC-0080C7E7B78D}
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TypeLib\{248DD 890-BB45-11CF-9ABC-0080C7E7B78D}\1.0, (Default)
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TypeLib\{248DD 890-BB45-11CF-9ABC-0080C7E7B78D}\1.0\0\win32, (Default)
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TypeLib\{248DD 890-BB45-11CF-9ABC-0080C7E7B78D}\1.0\0\win32
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TypeLib\{248DD 890-BB45-11CF-9ABC-0080C7E7B78D}\1.0\0
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TypeLib\{248DD 890-BB45-11CF-9ABC-0080C7E7B78D}\1.0\FLAGS, (Default)
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TypeLib\{248DD 890-BB45-11CF-9ABC-0080C7E7B78D}\1.0\FLAGS
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TypeLib\{248DD 890-BB45-11CF-9ABC-0080C7E7B78D}\1.0\HELPDIR, (Default)
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TypeLib\{248DD 890-BB45-11CF-9ABC-0080C7E7B78D}\1.0\HELPDIR
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TypeLib\{248DD 890-BB45-11CF-9ABC-0080C7E7B78D}\1.0
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TypeLib\{248DD 890-BB45-11CF-9ABC-0080C7E7B78D}