Trojan.VB.VZO

Mercurial said:

which AV you using?

Hi Mercurial,

I'm using Agnitum's Outpost Security Suite, the latest release which just went public.

DJG said:

Hi Mercurial,

I'm using Agnitum's Outpost Security Suite, the latest release which just went public.

Have you tried a few of the online scanners?
Im sure this has ben resolved due to the newest untouched RTM available so you prob. reinstalled.
Any resolution?

The file is ~.7 GB. I calculate it takes me over 2.5 hrs to upload if all goes well at my 800Kbs upstream rate, and renders the rest of my internet activity pretty useless as it sucks up all my upstream bandwidth. I'm doing one upload to Agnitum - one attempt already got canned as I tried some other internet surfing, and I have to remember not to reboot while this is going on . I'll post when I have more details. Meanwhile my house and tenants need some looking after .

Well, as I was about to start a new upload marathon, I suddenly had the idea, if it was scanning OK before and then starts scanning positive after the update from 7/23 (verified in two images - I hadn't used 7232 since the 18th, and when I first booted the scan was OK, then after the latest update it scanned positive like in 7600), maybe the new updates would correct a false positive?

Well, I just scanned it again since I've had a bunch of updates since the 23rd, and I'm back to negative again! Woo-hoo! Either way I'll send it to them and have them peruse it.

all's well that ends well - good to see that it was indeed a false positive

one day AV makers will get it right...

mickey megabyte said:

all's well that ends well - good to see that it was indeed a false positive

one day AV makers will get it right...

Yes, and pigs will fly, and the governments (all of them) will be just, efficient and effective, and relatively tax-free . I'm appreciative of AV being part science, part black art .

Well my second upload attempt crapped out also sometime while I was having lunch - I think the file is just too big. I'll see if I get any response in their forum.

did you say in the OP that the file was part of a zip archive?

can you isolate the 'suspect' file and just upload that, rather than the whole zip?

Well, I have been reluctant to do anything that might remotely trigger the potential malware, not even opening the archive with Winzip (I actually have a license, how anal is that!) until I have a better handle on the sitch.

And unfortunately it appears my false positive gone experience wasn't quite true. What happened is I did a file-specific right-click / Scan for malware, and apparently that works different, or possible doesn't work as expected in Win 7 which is still in beta trim for this release. I just did another full system scan and they (I have two copies currently) showed up again.

The good news? The same sig showed up this time three times, the two zip archives, and an OCX in my 7232 partition's SysWOW64, mswinsck.ocx which is a skimpy 106KB. And it matches what might have been installed by that installation ZIP. I'll send that and see what happens now.

BTW, the right-click / Scan for malware gives positive on the OCX file, but not on the ZIP that seems to contain it.