WIN32 Kuang2 Is now in my Avast CHEST -
Your scan found this today May 1 2005
could it be because I let Panda antivirus scan run a web scan last night?
0517-6 04/30/2005 is my Version
4.6 Home version
I installed Avast on April 21 2005
Windows 98SE is my version
512 memory
Disk is 14gb
PC is Gateway Essential 667
Pentium III
Intel 667 MHz Pentium III
Fat32
ZoneAlarm free firewall
Lavasoft Ad-aware SE … is current
Spybot S&D …is current
windows critical updates are Current
CWShredder … is current
Security is medium on internet options screen
DSL connection thru Verizon
infexted file
.
Name
Imscan.dll
.
Original location
c:\WINDOWS\SYSTEM\ActiveScan
.
last changes
04/19/2005 5:24
.
transfer time
05/01/2005 9:23
.
Virus
Win32:Kuang2
.
From your location this is a detection of unencrypted virus pattern signatures from panda’s on-line scan. There are many other on-line scanners that don’t cause the same problem, e.g. they encrypt ther VPS file so it doesn’t cause a false positive by the resident scanner.
RejZor’s Website - Security Ops
On-line Virus Scanners and other useful Links Security.Ops.tk
I have been running Avast for several years now. Love this program.
YOU may have insufficient information to confirm or deny Kuanga2’s association with Panda, but I have direct evidence. I just came in here to ask what it was.
I was on http://www.virusportal.com (hey… I may love Avast! but one can never be too careful when it comes to viruses) and it linked to Panda for online scans. Attempting to do a Panda online scan which includes the download of a small file 8mb, (ActiveX controls (8 MB). The time it takes to download these can vary between 15 minutes, for a 56 Kbps modem, and 30 seconds, with a 1.5 Mbps connection.: or so it says.) Avast! Virus warning popped up to tell me that this download was carrying Kuanga2. My husband attempted the same download and got the same virus message:
Yes that would be a very good indication that this is down to panda’s on-line scan (the elements it downloads to do the scan) and its unencrypted virus pattern file. So this is not a virus, but its signature, by which AVs detect it, this is called a false positive because the virus pattern files can be scanned as they haven’t been encrypted.
If you are interested in gaining further information (although you don’t have to worry, your not infected), check these out.
A google search for win32:Kuang2 search returns many hits.
Check out this for what other AV companies call it VGrep the aliases and you will see there are many, you will see some of the links will take you to more detailed information about it.
I would say No, since viruses are detected by their signature and not their location and/or infected file name a lot of extra processing effort to check if it is a certain virus (Kuang2 in this case), what is the infected file name and location and if they match those parameters ignore it. Otherwise how is avast to determine that this signature is false and another is correct?
This extra processing effort is very likely to slow scanning on your system and you will be the first to complain when it slows.
There are other false positives associated with Panda’s on-line scanner and its practice of using unencrypted virus signatures files. Why should avast and every other AV cater for Panda’s shortcomings? Not to mention the additional development cost implications.
Me I wouldn’t use Panda’s on-line scanner, there are many others - as in the link to Security Ops in one of my posts.
Even if avast detects kuang2 in a panda file and you delete it, this shouldn’t harm your system. So again this extra processing effort would be a waste as the consequence of the false positive in this case is nil.