Overblog
Editer l'article Suivre ce blog Administration + Créer mon blog
3 août 2011 3 03 /08 /août /2011 01:49

While trying o get the official "uptime" tool from MS's website (http://support.microsoft.com/kb/232243) I had a surprise.


The file got detected by the automatic AV scan which is shipped with IE9 (ie: Windows Defender).

 

msg_IE9_uptime.exe_030811-copie-1.jpg

 

And the VirusTotal's results are even more surprising:

https://www.virustotal.com/file-scan/report.html?id=f81cb05b34a85daf038b59cabde25d772a37ceacb94109bd8fe6a1103bd65631-1312329203

 

Antivirus Version Last update Result
AhnLab-V3 2011.08.02.01 2011.08.02 -
AntiVir 7.11.12.198 2011.08.02 -
Antiy-AVL 2.0.3.7 2011.08.02 -
Avast 4.8.1351.0 2011.08.02 -
Avast5 5.0.677.0 2011.08.02 -
AVG 10.0.0.1190 2011.08.02 -
BitDefender 7.2 2011.08.03 -
CAT-QuickHeal 11.00 2011.08.02 -
ClamAV 0.97.0.0 2011.08.02 -
Commtouch 5.3.2.6 2011.08.03 -
Comodo 9606 2011.08.02 -
DrWeb 5.0.2.03300 2011.08.03 -
Emsisoft 5.1.0.8 2011.08.02 -
eSafe 7.0.17.0 2011.08.01 Win32.Banker
eTrust-Vet 36.1.8479 2011.08.02 -
F-Prot 4.6.2.117 2011.08.03 -
F-Secure 9.0.16440.0 2011.08.02 -
Fortinet 4.2.257.0 2011.08.02 -
GData 22 2011.08.03 -
Ikarus T3.1.1.104.0 2011.08.02 -
Jiangmin 13.0.900 2011.08.02 -
K7AntiVirus 9.109.4973 2011.08.02 -
Kaspersky 9.0.0.837 2011.08.02 -
McAfee 5.400.0.1158 2011.08.03 -
McAfee-GW-Edition 2010.1D 2011.08.02 -
Microsoft 1.7104 2011.08.02 -
NOD32 6345 2011.08.02 -
Norman 6.07.10 2011.08.02 -
nProtect 2011-08-02.01 2011.08.02 -
Panda 10.0.3.5 2011.08.02 -
PCTools 8.0.0.5 2011.08.03 -
Prevx 3.0 2011.08.03 -
Rising 23.69.01.03 2011.08.02 -
Sophos 4.67.0 2011.08.02 -
SUPERAntiSpyware 4.40.0.1006 2011.08.02 -
Symantec 20111.1.0.186 2011.08.03 -
TheHacker 6.7.0.1.267 2011.08.02 -
TrendMicro 9.200.0.1012 2011.08.02 -
TrendMicro-HouseCall 9.200.0.1012 2011.08.03 -
VBA32 3.12.16.4 2011.08.02 -
VIPRE 10045 2011.08.03 -
ViRobot 2011.8.2.4601 2011.08.02 -
VirusBuster 14.0.150.0 2011.08.02 -
MD5: 415eda8d64e4b487a78218212f5db282
SHA1: b565a5b717497950b2b96b8a1ef809f2509f754e
SHA256: f81cb05b34a85daf038b59cabde25d772a37ceacb94109bd8fe6a1103bd65631
File size: 45672 bytes
Scan date: 2011-08-02 23:53:23 (UTC)

 

This also means that VirusTotal's results are kindda not reliable when it's about MS Antivirus product. But Microsoft detecting a file on its own official server, that's not regular.


BTW, e-Safe is also very likely to be mistaking... And I'm still looking for the Win Defender's logs to understand a bit more what happened!

Partager cet article

Repost0

commentaires