abt PUA.Win32.Packer

system · June 12, 2012, 5:34am

my problem is that in this month of june i saw this malware while scanning ma files over joti or virustotal that calm av detect PUA.Win32.Packer.MasmTasm-3 … avast av is ma default anti virus i made scan with avast, kasper, avira, etc use all application bt its show that ma pc is not infected and its fully clean … bt problem is that if a download a clean exe from a web of a yahoo tool or etc … then how can it infected with out clicking … even i formated ma hard & partition … bt … i just want to know following things ?

1, what is PUA.Win32.Packer.MasmTasm-3 ??
2, is it harmfull ??
3, y antivirus not detecting it if its most active malaware of this month lyk calm av statistic

http://i45.tinypic.com/s2cnjk.jpg

http://i46.tinypic.com/mjle1x.jpg

http://i48.tinypic.com/wshaa.jpg

need a detail response about this issue and help by avast community

thanx in advance

system · June 12, 2012, 6:02am

Upload the files to www.virustotal.com

system · June 12, 2012, 6:15am

yup its happening with me since 1 week only calm av is detecting this …
other wise ma pc is clean …
see i scan same file at virus total

https://www.virustotal.com/file/a07f98aca41d8eed1c41740763f13b55782f75f0130718d474909745f649b840/analysis/1339482116/

following are log ma pc

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:13:24 PM, on 6/12/2012
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\USB 2.0 PC CAMERA\Camera Snap.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Hardcopy\Hardcopy.exe
C:\Program Files\JetAudio\JetAudio.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Snap] C:\Program Files\USB 2.0 PC CAMERA\Camera Snap.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - Startup: Hardcopy.LNK = C:\Program Files\Hardcopy\hardcopy.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\WINDOWS\system32\mfevtps.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

--
End of file - 3353 bytes

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.12.02

Windows XP Service Pack 2 x86 FAT32
Internet Explorer 6.0.2900.2180
smiling :: HEY-D436DDB293D [administrator]

Protection: Enabled

6/12/2012 10:58:09 PM
mbam-log-2012-06-12 (22-58-09).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 176547
Time elapsed: 5 minute(s), 38 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

So true bro as per ur qoute ? Calm av is detecting or giving wrong result … ? em clean ? there is no infection in ma pc ?

and plz also tell what is the meaning of AKA a false positive

Pondus · June 12, 2012, 7:09am

PUA is not virus = Possible Unwnated Application…so not False Positive
a program that can be used for good or bad if abused

http://www.clamav.net/lang/en/faq/pua/

Pondus · June 12, 2012, 7:14am

virustotal info

Sigcheck
publisher…: ArkMicro
product…: ArkMicro
internal name…: VanCamera.exe
file version…: 1.0.0.1
original name…: VanCamera.exe
description…: PC Camera Application

First seen by VirusTotal
2012-03-17 07:12:30 UTC ( 2 måneder, 3 uker ago )

ClamAV PUA Engine
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: http://www.clamav.net/support/faq/pua.

system · June 12, 2012, 1:10pm

Thank u so much guyes giving me lot of detail … now only one thing remaining plz let me know abt it

this is old scan of a exe taken in December 2011
http://virusscan.jotti.org/en/scanresult/3b0323f1b8ee14344c2943b2a18618523f1bc5e8/61175517acb3276bd616a678eb8954ac40af94f6

in this scan Calm Av show or detect nothing

i just download this exe… and put for scan didnt open it as well

bt now calm av shows that its contain PUA.Win32.Packer.MasmTasm-2
http://virusscan.jotti.org/en/scanresult/61175517acb3276bd616a678eb8954ac40af94f6

how can this possibel that with out opening a tool some thing binded to it … in other hand ma pc is totaly clear

avastuser2611 · April 30, 2013, 5:54pm

do you have Oxford Dictionary installed on your computer?
the same thing here, but after installing Oxford dictionary.

abt PUA.Win32.Packer

Announcements