1 2 Previous Next 11 Replies Latest reply on Jan 8, 2014 4:49 PM by catdaddy

    false-positive in Stinger ???

    stingeruser

      Hi,

       

      I hope someone here can help me. I'm insecure about a scan result of Mcafee Stinger. It shows the following:

       

      <HTML><HEAD> <TITLE>

      McAfee Stinger Scan Results</TITLE></HEAD><BODY BGCOLOR=#ffffff><H1 ALIGN=CENTER>

      McAfee Stinger Scan Results</H1><H2 ALIGN=CENTER><HR></H2><meta http-equiv="Content-Type"  content="text/html;charset=UTF-8"/><PRE>

      McAfee® Labs Stinger™ Version 12.1.0.735 built on Jan  6 2014 at 13:15:49

      Copyright© 2014, McAfee, Inc. All Rights Reserved.

       

      AV Engine version v5610.1040 for Windows.

      Virus data file v1000.0 created on Jan 3, 2014

      Ready to scan for 6332 viruses, trojans and variants.

       

      Custom scan initiated on Montag, Januar 06, 2014 19:20:18

       

      P:\Quarantäne\neu\AmazonMP3DownloaderInstall.exe\1.nsis is infected with Adware-Iffinity

      P:\Quarantäne\neu\AmazonMP3DownloaderInstall.exe is infected

      P:\Quarantäne\neu\Uninstall.exe\1.nsis is infected with Adware-Iffinity

      P:\Quarantäne\neu\Uninstall.exe is infected

       

      Summary Report on P:\Quarantäne\neu

      File(s)

          TotalFiles:............    24

          Clean:.................    0

          Not Scanned:........... 20

          Possibly Infected:.....    4

       

      Time: 00:00:02

       

      The two files a found to be Adware-Iffinity (Infinity?) an a unnamed virus.

       

      The files are (as you may see) part of the amazon mp3 downloader. I downloaded the file direct from amazon in May 2013. The download link is still active and is the following:

       

      https://amazonm-002.hs.llnwd.net/u/d1/clients/de_DE/1.0.17rc17/signed_AmazonMP3I nstaller-de_DE.exe?httpHeader%5FContent-Disposition=attachment%3B%20filename%3DA mazonMP3DownloaderInstall.exe&marketplace=4

       

      It directs to LimeLight Networks where amazon seems to be customer.

       

      I uploaded both files at virustotal.com, here are the results:

       

      https://www.virustotal.com/de/file/955c97404f265d19e41c1e3d6c7d7043e56911782d381 46b303299c9965b231f/analysis/1389032767/

       

      https://www.virustotal.com/de/file/272b3c7c8abc8c9f77c12437208e143b7cba7d6c7cd9c b1d0135826a251c9c69/analysis/1389032716/

       

      Seems to be clean...

       

      I also downloaded and scanned the newest version of amazon mp3 downloader

       

      Stinger find here only this results

       

      P:\Quarantäne\neu\Uninstall.exe\1.nsis is infected with Adware-Iffinity

      P:\Quarantäne\neu\Uninstall.exe is infected

       

      it doesn't finds anything in the installer itself (AmazonMP3DownloaderInstall._V383688031_.exe)

       

      So what do you think?

       

      All just false-positive?

       

      Thanks in advance

        1 2 Previous Next