3 août 2011
3
03
/08
/août
/2011
01:49
While trying o get the official "uptime" tool from MS's website (http://support.microsoft.com/kb/232243) I had a surprise.
The file got detected by the automatic AV scan which is shipped with IE9 (ie: Windows Defender).
And the VirusTotal's results are even more surprising:
| Antivirus | Version | Last update | Result |
|---|---|---|---|
| AhnLab-V3 | 2011.08.02.01 | 2011.08.02 | - |
| AntiVir | 7.11.12.198 | 2011.08.02 | - |
| Antiy-AVL | 2.0.3.7 | 2011.08.02 | - |
| Avast | 4.8.1351.0 | 2011.08.02 | - |
| Avast5 | 5.0.677.0 | 2011.08.02 | - |
| AVG | 10.0.0.1190 | 2011.08.02 | - |
| BitDefender | 7.2 | 2011.08.03 | - |
| CAT-QuickHeal | 11.00 | 2011.08.02 | - |
| ClamAV | 0.97.0.0 | 2011.08.02 | - |
| Commtouch | 5.3.2.6 | 2011.08.03 | - |
| Comodo | 9606 | 2011.08.02 | - |
| DrWeb | 5.0.2.03300 | 2011.08.03 | - |
| Emsisoft | 5.1.0.8 | 2011.08.02 | - |
| eSafe | 7.0.17.0 | 2011.08.01 | Win32.Banker |
| eTrust-Vet | 36.1.8479 | 2011.08.02 | - |
| F-Prot | 4.6.2.117 | 2011.08.03 | - |
| F-Secure | 9.0.16440.0 | 2011.08.02 | - |
| Fortinet | 4.2.257.0 | 2011.08.02 | - |
| GData | 22 | 2011.08.03 | - |
| Ikarus | T3.1.1.104.0 | 2011.08.02 | - |
| Jiangmin | 13.0.900 | 2011.08.02 | - |
| K7AntiVirus | 9.109.4973 | 2011.08.02 | - |
| Kaspersky | 9.0.0.837 | 2011.08.02 | - |
| McAfee | 5.400.0.1158 | 2011.08.03 | - |
| McAfee-GW-Edition | 2010.1D | 2011.08.02 | - |
| Microsoft | 1.7104 | 2011.08.02 | - |
| NOD32 | 6345 | 2011.08.02 | - |
| Norman | 6.07.10 | 2011.08.02 | - |
| nProtect | 2011-08-02.01 | 2011.08.02 | - |
| Panda | 10.0.3.5 | 2011.08.02 | - |
| PCTools | 8.0.0.5 | 2011.08.03 | - |
| Prevx | 3.0 | 2011.08.03 | - |
| Rising | 23.69.01.03 | 2011.08.02 | - |
| Sophos | 4.67.0 | 2011.08.02 | - |
| SUPERAntiSpyware | 4.40.0.1006 | 2011.08.02 | - |
| Symantec | 20111.1.0.186 | 2011.08.03 | - |
| TheHacker | 6.7.0.1.267 | 2011.08.02 | - |
| TrendMicro | 9.200.0.1012 | 2011.08.02 | - |
| TrendMicro-HouseCall | 9.200.0.1012 | 2011.08.03 | - |
| VBA32 | 3.12.16.4 | 2011.08.02 | - |
| VIPRE | 10045 | 2011.08.03 | - |
| ViRobot | 2011.8.2.4601 | 2011.08.02 | - |
| VirusBuster | 14.0.150.0 | 2011.08.02 | - |
| MD5: 415eda8d64e4b487a78218212f5db282 |
| SHA1: b565a5b717497950b2b96b8a1ef809f2509f754e |
| SHA256: f81cb05b34a85daf038b59cabde25d772a37ceacb94109bd8fe6a1103bd65631 |
| File size: 45672 bytes |
| Scan date: 2011-08-02 23:53:23 (UTC) |
This also means that VirusTotal's results are kindda not reliable when it's about MS Antivirus product. But Microsoft detecting a file on its own official server, that's not regular.
BTW, e-Safe is also very likely to be mistaking... And I'm still looking for the Win Defender's logs to understand a bit more what happened!
