In this Forum I took notice from the frequently mentioned site novirusthanks.org . They offer a product called ‘Hijack Hunter’ (hXXp://www.novirusthanks.org/products/hijack-hunter/). I downloaded Hijack Hunter v1.4.0 binary ‘hijackhunter_setup.exe’ and sent it to virustotal.com -you never know …
The detection in VT by Symantec uses heuristics that are more prone to false positive, if that is the only one making the detection of 42 scanners than it is more likely to be an FP.
As I understand, ‘Here they give it clean:’ states the site to be clean - not the downloaded file itself. As mentioned: no single AV discovers 100% of malware. Norton is one of many.
‘Look here:’ (good stuff though): if I get it right, jsunpack.jeek.org checks JavaScripts. But what, if the malicious code is in the binary itself (i.e. hijackhunter_setup.exe) ?
@DavidR,
Thank You,
but this does not really calm me.
If someone tries to spread malware - offering a diagnostic tool might be a good way. The idea, that many people, who are looking for help in their crisis blindly trust a (this) tool and this way might catch the next worm or bot, scares me …
So I decided to give both - novirusthanks.org and Symantec - a chance to explain about the dissidence. I will write an e-Mail to both of them tomorrow. And report about the result here.
In the meantime - if someone else has an idea … I´m locking foreward to it.
That is the right attitude, do not trust anything at face value and go to the bottom of the issue. I expect you come back to this thread if you have cleared this. Well I know Germans are known for their “deutsche Gründlichkeit”. On the other hand I have read quite a bit about this “suspicious.Insight” flag and it is really a generic find and can stand for a load of suspicious code characterized by this detection pattern, could be the particular way the software has been packed that is flagged. The online DrWeb url scanner gives it all clean for me.
It could well be that a particular external download site for the software has malcode on or has been hacked to redirect to malicious software and so spreads this, but I would only download from the makers of particular software, and check it before download. My hunch is still a False Positive, but surprise me…
Well anxious to hear what you finally will find,
Hijack Hunter is totally clean and the Suspicious.Insight of Symantec AV is a false positive, you can read more about Suspicious.Insight from these link / link from Symantec. Basically the Suspicious.Insight can display a warning whenever you try to run in your PC a unknown application (from the Symantec Community) and it can easily generate warnings on “not yet known software”.
Reading the Symantec description supplied by Your link about Suspicious.Insight turns my doubt towards zero.
Quota from Symantec´s site regarding Suspicious.Insight:
… When detections of this type are triggered in Norton products the user may be warned that the application is unproven, thus allowing the user to make the final decision …
… The warning typically indicates that the file has very few users or is very new, and therefore has not developed a reputation.
… Symantec recommends software publishers … Digitally sign all software application binaries.
…Software developers who want to accelerate the reputation building process for their new software applications should submit new applications to the Symantec white-listing program.
Quota end
So I learned: before posting to this forum, I should have checked Symantec´s site for Information about Suspicious.Insight. This would have been the easier / time saving way …
Advantage for ‘Hijack Hunter’ from NoVirusThanks.org: Now it has a better reputation
Finally I can devote to my original problem (my first post), the USB Memory Stick, which is probably corrupted. The OS wants to format it on each access. First I will install and run ‘Hijack Hunter’ to inspire my system. By the way, Robert: Many thanks to NoVirusThanks.org for providing such a powerful tool - for free.
@rob_
Thank you for coming here to clarify Hijack Hunter’s position. I hope lots of users will “discover” the valuable services of novirusthanks.org thanks to this thread.
In a time where websites will get infected every 3.6 secs, we cannot stress this enough.
I know a lot of avast users will share our experiences with “Hijack Hunter”. @DoobieBrosFan, again thanks for posting,
