1 Reply Latest reply on Aug 4, 2010 3:03 PM by Peter M

    Stinger vs. McAfee - false positive? Can't submit.

      Yesterday I ran Stinger 10.0.1.972 (Build Date July 23 2010) on my Windows 7 Professional 32-bit computer. It identified several shortcuts as having the CVE-2010-2568 Shortcut Icon Loading vulnerability.

       

      This seemed unlikely for three reasons.

       

      1. Several other virus programs with the most current definitions found no problem (McAfee AV Plus, Norton, MSE / Windows Defender, MBAM, Avast, Avira, and a couple of others).
      2. The links in question are tiny: between 125 and 135 bytes... not much room for a trojan.
      3. I created one of the offending links yesterday after Windows Update was already patched against CVE-2010-2568 (http://support.microsoft.com/kb/2286198).

       

      I tried to submit a sample to WebImmune, but when I select the file to upload I get a "File Upload" error box with the message "No such interface supported".

       

      Maybe worth noting: the files in question are shortcuts to programs in Windows Games Explorer, which I think acts differently from most other Windows folders. Stinger also flagged several other files in AppData\Roaming\Microsoft\Windows\Recent, but it deleted those before I stopped it, so I no longer have those samples for testing.

       

      Is this most likely a FP by Stinger? Is there another way for me to submit the file to be sure?