Hi folks,

I need to know if certain files are clean (it's a .zip file containing other windows related files). I scanned the zip with Clamav under Linux (through the ClamTK interface), and got a warning about some about some PUA.something (Potentially Unwanted Application; can't copy the exact warning atm since I'm not in my PC right now, but will do it when I get home). Then I booted a Windows XP VM, scanned the .zip with Malwarebytes (the free version), AVGfree and SpybotSD, and all of them told me the file was clean. I did a web search about the warning returned by ClamTK and found some threads in other forums -even in the Clamav forum, IIRC- where people claimed this is a fake positive due to Clamav detecting some type of packers (I think this is the word they used) that are present in some type of malware, but that can be present in clean files too.

So, after this explanation of the problem, which AV would you trust in this case? I've read that Malwarebytes is really good at detecting malware, so I'm thinking this might indeed be a fake positive, but still would like to hear other people's opinion on this.

Thank you in advance!

If it is under 32 MB you can test it with VirusTotal, which will test the file with a whole bunch of different scanners.
Other than that, if only ClamAV claims to have found malware I would think that it really is a false positive.

Thank you TobiSGD, didn't know about this site. Since it's only about 16 MB, I'll test it when I get home. I'll let you know if I find something.

Thank you again!

Well I checked the file and got 2 positives and 30 negatives. ESET-NOD32 says it's a variant of Win32/Packed.VProtect.C, and Sophos says it's a Sus/UnkPacker. Even Clamav on VirusTotal says it's clean,and the Clamav Database was updated the July the 20th. BTW, the warning returned by ClamTK is PUA.Win32.Packer.PrivateExeProte-10.

I think I'm going to take the slight risk and use these files.

Thanks!

Going back to your subject line, I have used AVG Free for a number of years and it has served me well. They will make several attempts to sell their for-pay product before you actually reach the AVG Free download link.

I used to use F-Prot and also think highly of them, but they did away with their "free for home use" version. McAfee and Norton are far too clunky for my taste.

Malwarebytes is highly regarded by the denizens of alt.comp.virus. The free version is strictly an on demand scanner.

As frankbell stated, AVG Free is a good one but my personal favourite is Avast. Also Malwarebytes free version to attack the nasties from another angle too

Thanks for your answers guys.

Yeah, I always use a combination of SpybotSD and AVGFree (the real free edition) and they both have worked good for me. Though I haven't used Malwarebytes too much, looks like a powerful AV too. As for Avast, I haven't used it yet.

Although I try not to get malware on Windows (the installed one, not the VM) I don't care too much either since almost the only thing I use it for is to play games, when I happen to play.

Cheers.

Wow '30 negatives and 2 positives'. I had no idea there were so many AV in there. BTW how much time did the entire analysis take? Whatever the time frame it, it definately is maddening.

avg free version is good for XP

and so is ClamAV
clam has found things that Norton AV missed ( or allows - some "spyware / tracking softwere" Norton ALLOWS)

just run clam from a linux machine

I'm not sure how long did it take, but I think it was not too lonlg since I left it uploading the file for a few minutes and when I came back it had already uploaded it and scanned it. Anyway, it's an useful site, for cases like this.


What about AVGFree on Windows 7? Does it work fine there too? (I ask because I have a laptop with Win7 and AVGFree in it, so I'd like to know)

Regards.

If they offer it, I'd have similar confidence to the XP version.
But that was also when I last used it. I don't do (local) mail on any version of Windoze these days.

In my experience, yes.

My Win 7 computer came with Avast on it. It seemed to work fine, but the level of nagging was unacceptably high. That's the main reason I ditched it.

I think it's the same version (I was wondering if it behaved the same on both Windows versions; I guess it does). As for mail, I don't use any email client on Windows and only download attachments (from the browser) when I'm completely sure they're safe.


I know what you mean, these programs that prompt you every 5 minutes for everything can be a real pain. That's the reason why I stopped using 3rd party firewalls on Windows. Now I only use Windows' own firewall and configure it to block everything. I don't browse the net too often from my windows installs, anyway (except when I'm at work).