krassonkel wrote:Hm my McAfee VirusScan reports a
W32/Sdbot.worm.gen.bj
when scanning the AMPstart.exe from
http://www.ampstart.com/Any notes on that?
What version of
ampstart.exe does your post refer?
I find it hard to believe the file is infected but what is believable is that certain anti-virus software are prone to giving false positives when they have a suspicion rather than a known issue with a file.
Many anti-virus scanners add weight to a suspicion when they detect that the file is a
self modifying executable as in the case of ampstart.exe.
Note
The software's authors maybe the ones to answer why the need for this file to be self modifying and to perceivably irritate some scanners to display cautions and warnings.
/Note
Scanners then turn this detection weight into either the closest Worm variant or mark the file as
suspicious.
EDIT - 09/20/07 ******
This link below has expired but if you download to your PC the latest ampstart.exe and then visit
http://www.virustotal.com/ you will see that now
8 out of
35 (25%) scanners detected various versions of
MalWare some of which are reported as being related to a self modifying exe or a compressed exe file which can only be addressed by the files authors.
You only need just 1 negative anti-virus result to sow the seeds of suspicion and here we have 8 scanners of which major players like
McAfee (Worm) and
AVG (BackDoor) have declared the file to contain
MalWare.
It is now up to the individual whether to trust a suspicious file or not.
Dead link now - Click on the link below to see a single file online scanner report using multiple scanner sources:
File AMPstart_1.2.1.8.zip received on 09.19.2007 03:49:09 (CET)
Current status: finished
Result: 7/32 (21.88%)
/EDIT
So it would always appear to be a safe bet to check out the suspicious file with as many
quality online file scanning services as you deem to be comfortable with.
One of the many advantages of this double checking method is you can be assured of the very latest detection methods and lists, often only a few hours old.
These
Google search results have many of the top anti-virus software developers that provide an online file scanning facility.
This site uses several of the leading anti-virus companies to do multiple scans all at once with a report feature.
http://virusscan.jotti.org/
I scanned version 1.2.1.8 (fresh download from the developers site) with F-Prot and a couple of online services.
The results in all scans was
File OK no Virus/Worms/Trojans or indeed any malware of any description.
If, after you have double checked your file and hopefully found it to be also
OK by the majority, then you might like to say so in another reply as it would then prompt others to do the right thing and check the file (indeed all downloaded files) to their level of confidence and satisfaction.
=================================================
Take a look at the new
DeskTopXampp launch control for
XAMPP and
XAMPPlite (DTX.exe)
http://nat32.com/dtx/
posted by
ridgewood:
http://community.apachefriends.org/f/viewtopi ... 967#103967
Also available here:
http://zedfiles.com/DTX/
I highly recommend DTX.
=================================================[/i]