Panda ActiveScan

Hi, I went to run Panda’s online scanner and avast popped up that Win32:CTX virus was found. Is this a false positive?

Thanks

These are false detections due to Panda active scan: http://forum.avast.com/index.php?topic=12432.msg104932#msg104932
Read: http://www.avast.com/eng/virus_detection_and.html#idt_1554

Unfortunatelly, a well-known problem of Panda not encrypting its signatures :stuck_out_tongue:

Every virus can be identified, because it contains some unique signatures. Antiviral programs have their own database of that signatures. We call this database the "virus definition file". When an antiviral program scans a file for viruses, it compares all the signatures (of all viruses) in the database with the signatures in that file. If the signatures match (they are the same), the file is marked as infected. For an antivirus program, it is important to hide this database of signatures somehow - e.g. by encrypting it. Panda Antivirus does not encrypt its virus database - the signatures inside are clearly "visible" to other antiviral programs, so they detect this file as infected (but there is actually no virus inside - only the signatures are the same).

If you want to remove Panda: http://www.pandasoftware.com/resources/sop/UNINST_v1012.exe

Thanks, do you recommend any online scanners?

The answer is Yes and No.

Yes, because it is not a virus but a collection of virus signatures in a file. Panda doesn’t ebcrypt its signatures so another antivirus can detect those signatures.

No, because avast is a signature based antivirus and it is looking for the tell-tale virus signatures in a file, so it has found one and it alerts. They also don’t dump them in your system folder making it harder to get rid of as they are then in the system volume information folder by system restore where they are promptly detected again.

There are numerous other on-line scanners that aren’t so tardy in not encrypting their signature files. On-line Virus Scanners and other useful Links Security-Ops.eu.tt.

Full computer on-line scanning:
Kaspersky (very good detection rates)
ESET NOD32
Trendmicro housecall
F-Secure
BitDefender (free removal of the malware)

Yea, its recommended to disable all AV when doing an online scan. i really like kaspersky’s online scanner. :slight_smile:

avast will detect Panda unencrypted signatures even when the user is not running on-line scanning. I do not disable avast for nothing… good on-line scanners can be used with resident avast running.

The problem with Panda is its dumping of its unencrypted signature files on your system folder so it doesn’t matter if you disabled your AV it would detect the signatures later on the next scan.

If I use an on-line or off-line scan with another security program I pause the Standard Shield:
a) to avoid possible conflict, if both scanners are capable of detecting the same virus in a file, etc.
b) this will sped the overall scan duration as there will be no duplication of scanning as one AV wants to open a file to scan, the other will try to intercept that and scan it before handing over to the calling scanner.

So there you have two sides of the coin to make your informed decision as to what to do ;D

It won’t happen if you set Standard Shield to Normal level… avast should have detected the file yet.

It shouldn’t happen if you (like me) have Standard Shield at Custom level without scanning open/created/modified files. There isn’t double scanning in this case.

It is no different to having two active resident scanners installed, scanner a wants to open a file for scanning, scanner b (the resident off-line scanner) intercepts the call and scans the file, so there is a dual scan of that file.

If that happens to be an archive file, then scanners b might unpack it to scan the content, now here is the question will scanner a get in on the act because it is trying to scan that file (e.g. will it try to scan the unpacked files). For me there is enough of a possibility no matter how slim of conflict that I won’t have the standard shield whilst running third party security scans.

We are talking normal user here not one who has their sensitivity on custom not scanning opened files. But one with Normal sensitivity on the standard shield, scanning files that are opened (depending on their file type), so it will result in an amount of dual scanning.