Panda Software Gave Me A Virus.

Hello,

 I am new to this Forum, I joined it to share with you how a simple web-based scan frustrated me and revealed to me the weak and stupid policy from Panda Software.

A few days ago I was reading up on a new virus that would encrypt all of your data and make you pay a ransom in order to decrypt them. This type of malware is known as Ransomware. When I finished reading the article on a trusted site the author posted a link to Panda Software, one of the major security companies working on this new threat along with Kaspersky Labs, once I loaded the page http://www.nanoscan.com/ I was greeted with a big green button to scan my computer. Now remember that nanoscan.com is owned by Panda Software (Here is a WHOIS search of it: http://www.networksolutions.com/whois/results.jsp?domain=nanoscan.com) After a very pleasing results page ( no viruses detected ), I was recommended to head on over to TotalScan (http://www.nanoscan.com/as/v1/?lang=en) another website owned and operated by Panda Software. When I started to scan, I chose the option QuickScan, Mozilla Firefox asked me if I would like to install TotalScan’s detection Plug-In. I installed it and then…

  • aVast! completely freaked out telling me that the virus “Win32:CTX” was attempting a connection from nanoscan.com.
7/19/2007 4:03:50 PM	SYSTEM	1716	Sign of "Win32:CTX" has been found in "http://www.nanoscan.com/as/v1/cabs/ascguiie.cab\pskavs.dll" file.  

  • I terminated all of the connections at once. I ran a standard scan using aVast to flush out any thing that remained. I was very frustrated by this, but nothing would frustrate me more then what you are about to read.

Twenty minutes after my encounter with “Win32:CTX” I sent Panda Software an e-mail trying to get some information from them to what went wrong. Was it my fault? Had I been infected with a virus that both aVast (up-to-date) AND their nanoscan web-based scanner missed? The chances of that were very slim since aVast did detect it when the installation of Panda’s TotalScan Plug-In ended. The next morning I was happy to find that I had one new message in my inbox. Was it the answers I was seeking for? Was it an apology? Nope it was this:

Dear customer,

We regret to tell you we have not found you in our database with the information you provided us.

If you write from one of the countries that appear in our web site (www.pandasoftware.com → Click on the “Contact” area ->at the top of the web page. Select your country at the bottom of the screen) please send your question to the correspondent e-mail address.

Otherwise, please send us your question with the following information to locate you;

Customer Number:

Activation Code:

Registered name (Name and surname or company name)

Country (This is very important)

Complete address and Telephone

E-mail you registered with.

As soon as I get this information, I will try to find your registry. I am sorry for all the inconveniences.

Yours faithfully,

Now that does’t surprise me at all. I am not one of there customers and I am not going to buy a security suite from them in order to obtain a simple answer to why they had a virus running around lose on their servers.

I sent them an e-mail asking them for an answer, and I am still waiting for a reply.

What do you guys think I should do?

Thomas

Don’t Panic! Panda didn’t give you a virus.

A forum search will reveal the answer.

As in here:

http://forum.avast.com/index.php?topic=28612.0

And here:

http://forum.avast.com/index.php?topic=23746.0

Thanks a lot! I read your previous posts on this matter and I should of looked into this myself!

Thanks again,

Thomas

Famous FP. Panda doesn’t encrypt it signatures I think, lots of AV think it is malware…

Actually only these 5:

AntiVir 7.4.0.27 05.29.2007 Frisk #2
Avast 4.7.997.0 05.29.2007 Win32:CTX
ClamAV devel-20070416 05.29.2007 CyberTech.578
Sophos 4.18.0 05.28.2007 W95/Whog-878b
Webwasher-Gateway 6.0.1 05.29.2007 Win32.Bumble

5 now eh (actually 4, WebWasher -Gateway is probably reacting cos of AntiVir signatures), that’s not bad…

I bet you though pretty much every antivirus you can think of as detected panda related products at one time or another due to the not encrypting problem at one time or another…

Also I guess it comes and goes… check another couple of months later or a new version of the online scanner,you will find another bunch of AVs detecting it, until they catch on and whitelist it. Damn Panda why can’t they just encrypt signatures like everyone else, it’s not hard.

In fact, this might give bad guys and idea …