False Positive !!!!

Download:

hXXp://bbs.ikaka.com//attachment.aspx?attachmentid=479078

It’s not a false positive. NOD32 also alerts on that link…

But Kaspersky Virus Analyst said:“No malicious software was found in the attached file. "

No false positive, 26 of 40 scanners say it is a trojan, see http://www.virustotal.com/analisis/2429198375f59c0aeaa1988e6e6ef839.

Hi 30367
Please make the link non-clickable by hxxp:// etc
This is the DrWeb av link checker verdict on that site:
Checking: hxtp://bbs.ikaka.com//attachment.aspx?attachmentid=479078
Engine version: 5.0.0.12182
Total virus-finding records: 539953
File size: 67.15 KB
File MD5: cf2b3197abfc290593a3d6038d4ff999

hxtp://bbs.ikaka.com//attachment.aspx?attachmentid=479078 - archive RAR

hxtp://bbs.ikaka.com//attachment.aspx?attachmentid=479078/=BB=B3=D2=C9=CE=F3=B1=A8\crdisk.exe packed by ASPACK

hxtp://bbs.ikaka.com//attachment.aspx?attachmentid=479078/=BB=B3=D2=C9=CE=F3=B1=A8\crdisk.exe contains an intrusion tool Tool.HCardCrack

polonus

P.S. avast will flag this risk-tool as Win32:Trojan-gen {Other}

avast sees it as Win32:Small-AFB in the Virustotal results that I posted.

However, this is a different MD5 (MD5…: 3b7a13e903fc555a338d95bc10e42690) than the one you posted. I downloaded and extracted the file from the .rar archive before uploading to VT.

Strictly speaking this document is a crack software, rather than any virus.
Run the file, only to generate a file in ”system32\drivers“, whose name is ”crdisk.sys“.
In addition, there is no danger of any other action.

So you think that because it is cracked software that it isn’t a virus ???

Technically avast doesn’t give a stuff what the file is, it isn’t scanning for cracks but infected files. Cracked software apart from any legal/moral standpoint frequently comes with an unwelcome/unknown guest or action.

So for me the results are conclusive, the detection isn’t an FP, so that’s me done on this particular issue.

A picture is better than 1000 words…