Panda Activescan triggers Win32:CTX

When trying to use http://www.pandasoftware.com/activescan/ Avast WebShields claims a Win32:CTX virus in ActiveScan Install files.

This has been checked on three machines now, seems like a false warning.

Panda has the nasty habit of not encrypting its signature files so it could be nothing more than that. You don’t say what the full url path was to the suspect file, that would help to confirm or deny.

I suggest using a different on-line scanner.
RejZoR’s Website - Security Ops
On-line Virus Scanners and other useful Links Security-Ops.eu.tt

Thanks for the link.

C/P from log:

Sign of “Win32:CTX” has been found in “http://www.pandasoftware.com/ActiveScan/as5/motor.cab\pskavs.DLL” file.

Something similar happened to me the other day. I checked with Otti page and it tells me something like " scanner with hight rate of positives false detected it as malware or virus". Well, that was not in the same words. So, if that files are signature of Panda then they are NOT actual virus, so a GOOD antivirus dont detected it as virus. You can’t give resposability to Panda because they dont encrypt their signature. WHY AVAST IS THE ONLINE SCANNER TO DETECT A VIRUS IN IT?

Sorry, but we can - and we do. Not encrypting virus signatures is a very bad practice. We are not going to change hundreds of our signatures just because somebody else is not doing his homework.

calcu007,

Avast, Symantec (Norton), McAfee, F-Prot and about all other av’s do detect infection if you try to run anything from Panda. Are they all wrong? NO, they are definatly not. As Igor said, it’s the people at Panda that are not doing their homework, so if you want to blame someone, blame the correct one. In this case the programmers of Panda. Don’t use your finger to point if you don’t know the real guilty one.

You can't give responsibility to Panda because they dont encrypt their signature. WHY AVAST IS THE ONLINE SCANNER TO DETECT A VIRUS IN IT?

Yes we can, an AV detects viruses but detecting virus signatures, not the location or circumstances when/where it was detected. If it were to attempt to rationalise the signature/location/circumstances, etc. that would severely hamper the speed. Not to mention maintaining a database for these locations and circumstances relating to a particular signature (which is a valid virus signature and should be detected) would be a nightmare.

Also your statement about ‘Why is avast the only on-line scanner to detect a virus in this.’

  1. there is no need to shout CAPS.
  2. the detection was by avast’s web shield scanner which isn’t an on-line scanner.
  3. many other AVs detect these unencrypted signature files.
  4. it really would be no big deal for panda to encrypt them rather than the rest of the AV community to have to compensate for the tardiness of panda.
  5. you should temporaly disable local system AVs when doing an on-line scan. This however, doesn’t get round the fact that panda also leave behind the unencrypted signature files on your HDD after the scan to be detected on your next local HDD scan.