Tweaking.com Support Forums

Main Forum => Tweaking.com Support & Help => Topic started by: NoWhereMan on May 17, 2013, 01:44:31 pm

Title: Sophos - Virus 'Mal/Behav-035' found - false positive?
Post by: NoWhereMan on May 17, 2013, 01:44:31 pm

Although, I think it is a false positive, here is what the Sophos Virus Removal Tool
2013-05-17 07:26:22   Component rkdisk.dll version 1.5.30.0
2013-05-17 07:26:22   Version info:   Product version   2.3
2013-05-17 07:26:22   Version info:   Detection engine   3.43.0
2013-05-17 07:26:22   Version info:   Detection data   4.89G
2013-05-17 07:26:22   Version info:   Build date   5/8/2013
2013-05-17 07:26:22   Version info:   Data files added   292
2013-05-17 07:26:22   Version info:   Last successful update   5/17/2013 7:26:18 AM
 
>>> Virus 'Mal/Behav-035' found in file D:\Download\Tweaking.com - Utils\svchost.exe Lookup Tool v1.5.0\Tweaking.com - svchost.exe Lookup Tool\lookup_svchost.exe
========================================================
Mal/Behav-035 is a file that displays characteristics or behavior found exclusively within malware.
=========================================================
www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Mal~Behav-035/detailed-analysis.aspx
=========================================================
Regards,

Title: Re: Sophos - Virus 'Mal/Behav-035' found - false positive?
Post by: Shane on May 17, 2013, 01:52:13 pm

Yeah it is a false positive. It is their "Detect unknown malware" scanner. Which I don't think I have ever seen one actually catch a new malware or virus because the malware makers always test their stuff against the scanners lol

If you look at the page as well that virus def is from 2007! Just go ahead and sumbit the file to them. They will see it is a false positive and update their virus defs :wink:

Shane