trojan in download file

[jjos]

I tried to download RECUVA today and got this message from my system:

5/7/2010 11:06:58 AM Deleted

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Users\xxxx\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QDX4SDZ0\rcsetup137[1].exe

Artemis!75B387B88580 (Trojan)

 

Is there really a trojan in this sfotware? If so I certainly won't be using this site again.

[Aethec]

I assume you are using McAfee with its "in-the-cloud" protection named Artemis ?

It is known to have a lot of false positives (the latest AV-Comparatives.org test says "The McAfee detection with cloud sensitivity would have "very many" false alarms" i.e. more than a hundred on their known clean set - 20x more than the majority of other AVs).

 

Here's a VirusTotal scan : http://www.virustotal.com/fr/analisis/99c2c04a0364039d796a5f026a6e6f83c0282eed33d384d082ee4f4803b7353b-1273249904

As you can see, no AV detects it as a virus.

[Nergal]

To Clarify: If you downloaded Recuva from either this website or File Hippo, then what you recieved was a false postive. Please report it to the maker of your Antivirus and they shall fix it in the next definition file.

 

If you downloaded it from anywhere else (besides Piriform or File Hippo) it may well be infected.

 

Please let us know from where you downloaded Recuva.

[Ridge Runner]

I, too, experienced a problem with rcsetup137[1].exe.

I downloaded it from File Hipo on 4/26/10. My Norton Internet Security reported it found in my temporary IE casch and labeled it as a virus. NIS then quarantined it. I guess that there may be a coding problem in the executible, but am concerned that it may have delivered some sort of malware elsewhere in my system. So far NIS has not detected anything else.

 

So, is it really a false positive? Usuly, NIS is fairly accurate.

[kroozer]

So, is it really a false positive? Usuly, NIS is fairly accurate.

I have 136. But because of your alert I just now d/l'd 137 from Hippo and scanned it with Mbam and Avast. No malware found.

[hazelnut]

Just report the False Positive to Norton and they will update their definitions.

[Ridge Runner]

Thanks kroozer and hazelnut. I ran a few av apps on it too. No alerts from them either. Guess I will notify Norton for what ever good it will do.

[Nergal]

Thanks kroozer and hazelnut. I ran a few av apps on it too. No alerts from them either. Guess I will notify Norton for what ever good it will do.

It'll do a lot of good, Norton and ALL Antivirus providers want/need/have-to-have customer feedback on false postives, I submit mine to Symantec (the business arm of Norton) all the time and they immediatly fix it for their next release.

 

Remember many/most antivirus products (especially Norton/Symantec) use Heuristics to identify viruses they may not know. Ccleaner has code in it that tell the registry to delete entries, to uninstall programs and other such behavior that on a code end looks much like the action of viruses/trojans thus the installer gets red flaged often. . . you'll notice that rarely (if ever) the Portable version (already unpacked from intaller and placed in a zip file) gets False postived, nor does the program itself .