Author Topic: Sophos - Virus 'Mal/Behav-035' found - false positive?  (Read 7670 times)

0 Members and 1 Guest are viewing this topic.

Offline NoWhereMan

  • Newbie
  • *
  • Join Date: Jan 2013
  • Posts: 13
  • Karma: 2
    • View Profile
Sophos - Virus 'Mal/Behav-035' found - false positive?
« on: May 17, 2013, 01:44:31 pm »
Although, I think it is a false positive, here is what the Sophos Virus Removal Tool
2013-05-17 07:26:22   Component rkdisk.dll version 1.5.30.0
2013-05-17 07:26:22   Version info:   Product version   2.3
2013-05-17 07:26:22   Version info:   Detection engine   3.43.0
2013-05-17 07:26:22   Version info:   Detection data   4.89G
2013-05-17 07:26:22   Version info:   Build date   5/8/2013
2013-05-17 07:26:22   Version info:   Data files added   292
2013-05-17 07:26:22   Version info:   Last successful update   5/17/2013 7:26:18 AM
 
>>> Virus 'Mal/Behav-035' found in file D:\Download\Tweaking.com - Utils\svchost.exe Lookup Tool v1.5.0\Tweaking.com - svchost.exe Lookup Tool\lookup_svchost.exe
========================================================
Mal/Behav-035 is a file that displays characteristics or behavior found exclusively within malware.
=========================================================
www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Mal~Behav-035/detailed-analysis.aspx
=========================================================
Regards,

Offline Shane

  • Administrator
  • Hero Member
  • *****
  • Join Date: Sep 2011
  • Posts: 9281
  • Location: USA
  • Karma: 137
  • "Knowledge should be shared not hidden."
    • View Profile
Re: Sophos - Virus 'Mal/Behav-035' found - false positive?
« Reply #1 on: May 17, 2013, 01:52:13 pm »
Yeah it is a false positive. It is their "Detect unknown malware" scanner. Which I don't think I have ever seen one actually catch a new malware or virus because the malware makers always test their stuff against the scanners lol

If you look at the page as well that virus def is from 2007! Just go ahead and sumbit the file to them. They will see it is a false positive and update their virus defs :wink:

Shane