Sorry Mr.D but that is a FalsePositive from Norman, i got it confirmed today
quote:
This a virus cleaning tool created by some researcher which uses some pattern used by Virut virus, hence its detected as Virut. This will not do any malicious activity hence removing it from detection.
Thanks & Regards,
Sukumar
Files:
VirtobCleaner.exe : Processed - KC-Virut.GN
For analysis, sdo
If you scroll down to the end of the VirusTotal result, you will find this
sigcheck: publisher…: Message Labs Pvt. Ltd.
copyright…: Copyright (c) 2008
product…: Message Labs Pvt. Ltd. Clean
description…: Virtob Cleaner
original name: Clean.exe
internal name: Clean
file version.: 1, 0, 0, 8
comments…: Virtob ZVMonNT Event SynChronization
signers…: -
signing date.: -
verified…: Unsigned
and Message Labs is a security company owned by Symantec…
also confirmed CLEAN from Avira
A listing of files alongside their results can be found below:
File ID Filename Size (Byte) Result
25336176 VirtobCleaner.exe 116.07 KB CLEAN
Please find a detailed report concerning each individual sample below:
Filename Result
VirtobCleaner.exe CLEAN
The file ‘VirtobCleaner.exe’ has been determined to be ‘CLEAN’. Our analysts did not discover any malicious content.
Hi Pondus,
Thanks for the heads-up on this Norman NSW’s “Alice in Wonderland” detection. How is the average user to trust these scan details? I always thought reputation scanners weren’t all that reliable, some do not scan deep enough, some get “curious” user input, and the content of websites is sometimes changing from reliable to suspicious to hacked and even to dangerous.
You again demonstrated to us, how important it is not to go on first sight appearances, but to question and establish the facts, thanks for that, By the way there are certainly malicious software instances on mentioned site, so do not venture out there folks…keep your visors up! The source of the virtob cleaner seems to reside here: http://www.unmaskparasites.com/web-page-options/?url=http%3A//www.computerdelhi.com
External references lead me to this conclusion:
\activation.indiaantivirus.com safe? - displaying 1 of 1
* Here - htxp://activation.indiaantivirus.com:81/1.htm
-
wXw.indiaantivirus.com safe? - displaying 2 of 2
- hxtp://www.indiaantivirus.com - htxp://www.indiaantivirus.com
- Paid av- - htxp://www.indiaantivirus.com/OnlinePurchase.asp?tp=PCO
-
74.52.90.50 safe? - displaying 3 of 3
- Download 1 - htxp://74.52.90.50/upgradeall.exe
- InstallNP2010.exe - htxp://74.52.90.50/installnp2010.exe
- InstallNP0.exe - htxp://74.52.90.50/installnp0.exe
-
wXw.computermumbai.com safe? - displaying 1 of 1
- lnk.exe - htxp://www.computermumbai.com/lnk.exe
was checked by someone here, because Google came up with this reference:
htxp://jsunpack.jeek.org/dec/go?report=eba729c97a86b1816ec67da9ac321227c1846d94
Damian