[clamav-users] Malware alert???
Al Varnell
alvarnell at mac.com
Sat Oct 13 21:46:17 UTC 2018
It's not unusual to see such things on machines running multiple A-V software packages. Vendors do their best to obfuscate and protect signatures for that reason, but it usually happens during updates when the signatures are unpacked to a tmp area as plain text before moving them to a protected area. If both are using the same strings as signatures, they will undoubtedly see such updates as matching.
-Al-
On Sat, Oct 13, 2018 at 09:40 AM, Jean-Francois Tasse wrote:
> no, when I wanted to get it out of quarantine I was unable to get it because it came from a tmp folder during the update. I have attached a screenshot to this email, that is the best I can do. To translate it, it's saying that it is a trojan that is downloading other programs.
>
> I have 3 virtual machine with Avast, AVG and Avira, I will see if I can reproduce it with the other antivirus. Up to now AVG did not see anything wrong.
>
> JF
> De : clamav-users <clamav-users-bounces at lists.clamav.net <mailto:clamav-users-bounces at lists.clamav.net>> de la part de Alain Zidouemba <azidouemba at sourcefire.com <mailto:azidouemba at sourcefire.com>>
> Envoyé : 13 octobre 2018 11:59:57
> À : ClamAV users ML
> Objet : Re: [clamav-users] Malware alert???
>
> Do you have the specific signature name that alerted?
>
> -Alain
>
> On Oct 13, 2018, at 11:12 AM, Matthes, Marc <matthes at iowacentral.edu <mailto:matthes at iowacentral.edu>> wrote:
>
>> Same here
>>
>> Marc Matthes
>> Director of Computer Networking Programs
>> Iowa Central CC
>> 5155741099
>>
>> From: clamav-users <clamav-users-bounces at lists.clamav.net <mailto:clamav-users-bounces at lists.clamav.net>> on behalf of Jean-Francois Tasse <jft_quebec at hotmail.com <mailto:jft_quebec at hotmail.com>>
>> Sent: Saturday, October 13, 2018 10:10:56 AM
>> To: ClamAV users ML
>> Subject: [clamav-users] Malware alert???
>>
>> Today during ClamWin update:
>> main.cvd version 58
>> daily.cvd version 25033
>> bytecode version 327
>>
>> Windows Defender stopped the update process saying that "TrojanDownloader:JS/Nemucod" was present. Scanned all of my system nothing found and tried updating ClamWin again and everything was ok.
>>
>> anyone else got a weird message like that today?
>>
>> JF
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20181013/a9a3e67a/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5260 bytes
Desc: not available
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20181013/a9a3e67a/attachment.bin>
More information about the clamav-users
mailing list