Possible malware alert - HoverSnap

  • Thread starter Thread starter Adrian Carter
  • Start date Start date
A

Adrian Carter

I have had HoverSnap on my home and office PCs for a few months
without any problems. Today at the office our virus scanner picked up
a possible infection in the downloaded file HoverSnap_v08.zip . My home
antivirus (and also TDS anti-Trojan) can't detect anything. The office
scanner is from Trend Micro - it seems that the alert has been triggered
only after the latest signature files were installed.

The nasty it said was there is BKDR_MOMAKER.A .

Anyone able to confirm this?

Adrian Carter
 
_Adrian Carter_, lunedì 13/dic/2004:
I have had HoverSnap on my home and office PCs for a few months
without any problems. Today at the office our virus scanner picked up
a possible infection in the downloaded file HoverSnap_v08.zip . My home
antivirus (and also TDS anti-Trojan) can't detect anything. The office
scanner is from Trend Micro - it seems that the alert has been triggered
only after the latest signature files were installed.

The nasty it said was there is BKDR_MOMAKER.A .

Anyone able to confirm this?
Click to expand...

I've been using it from many months without problems.
Anyway, I've downloaded the HoverSnap_v08.zip again to make a test, and
Avast! doesn't find anything. Let's hear from other AV users...
 
MLC said:
_Adrian Carter_, lunedì 13/dic/2004:


I've been using it from many months without problems.
Anyway, I've downloaded the HoverSnap_v08.zip again to make a test, and
Avast! doesn't find anything. Let's hear from other AV users...
Click to expand...

Thanks for replying. I have just been to the Trend Micro site and
did their free online scan. It found the same thing: BKDR_MOMAKER.A

Adrian
 
_Adrian Carter_, lunedì 13/dic/2004:


I've been using it from many months without problems.
Anyway, I've downloaded the HoverSnap_v08.zip again to make a test, and
Avast! doesn't find anything. Let's hear from other AV users...
Click to expand...

Nothing found with AVG.
 
I have had HoverSnap on my home and office PCs for a few months
without any problems. Today at the office our virus scanner picked up
a possible infection in the downloaded file HoverSnap_v08.zip . My home
antivirus (and also TDS anti-Trojan) can't detect anything. The office
scanner is from Trend Micro - it seems that the alert has been triggered
only after the latest signature files were installed.

The nasty it said was there is BKDR_MOMAKER.A .

Anyone able to confirm this?
Click to expand...

Seems to be clean ---------

BDC/Linux-Console v7.0 (build 2490) (i386) (Dec 10 2003 16:11:35)
Copyright (C) 1996-2003 SOFTWIN SRL. All rights reserved.

Results:
Folders :0
Files :0
Packed :0
Infected files :0
Suspect files :0
Warnings :0
I/O errors :0

Virus scanning report - 13 December 2004 @ 10:25

F-PROT ANTIVIRUS
Program version: 4.4.8
Engine version: 3.14.13

VIRUS SIGNATURE FILES
SIGN.DEF created 9 December 2004
SIGN2.DEF created 9 December 2004
MACRO.DEF created 6 December 2004

Search: HoverSnap_v08.zip
Action: Report only
Files: "Dumb" scan of all files
Switches: -ARCHIVE -PACKED -SERVER


Results of virus scanning:

Files: 1
MBRs: 0
Boot sectors: 0
Objects scanned: 3

Time: 0:00

No viruses or suspicious files/boot sectors were found.
AntiVir / Linux Version 2.1.3-4 +gui
Copyright (c) 1994-2004 by H+BEDV Datentechnik GmbH.
All rights reserved.

Loading /usr/lib/AntiVir/antivir.vdf ...

VDF version: 6.29.0.11 created 10 Dec 2004

For private, non-commercial use only.
AntiVir license: 1001071919 for Gordon Darling


------ scan results ------
directories: 0
scanned files: 1
alerts: 0
suspicious: 0
scan time: 00:00:01
--------------------------
Thank you for using AntiVir.


Regards
Gordon
 
Adrian said:
I have had HoverSnap on my home and office PCs for a few months
without any problems. Today at the office our virus scanner picked up
a possible infection in the downloaded file HoverSnap_v08.zip . My
home antivirus (and also TDS anti-Trojan) can't detect anything. The
office scanner is from Trend Micro - it seems that the alert has been
triggered only after the latest signature files were installed.

The nasty it said was there is BKDR_MOMAKER.A .

Anyone able to confirm this?

Adrian Carter
Click to expand...

McAffee Virusscan Enterprise 7.1 did not find anytheing either

MightyKitten
 
I have had HoverSnap on my home and office PCs for a few months
without any problems. Today at the office our virus scanner picked up
a possible infection in the downloaded file HoverSnap_v08.zip . My home
antivirus (and also TDS anti-Trojan) can't detect anything. The office
scanner is from Trend Micro - it seems that the alert has been triggered
only after the latest signature files were installed.

The nasty it said was there is BKDR_MOMAKER.A .

Anyone able to confirm this?
Click to expand...


Adrian,

Nod32 AV found nothing.

Since HoverSnap is served on major software sites such as SnapFiles.com, I'm
sure it was and is rigorously scanned.

I think you're getting one of those occasional false positives, or the
infection was transferred from another program.

-- Bob
 
Adrian Carter scribebat:
The nasty it said was there is BKDR_MOMAKER.A .
Anyone able to confirm this?
Click to expand...

The RVA online scan says also that it would be infected, while all other
online scans declares it "clear". It might be a false positive or a brand
new virus, in this case I would rather suspect a false positive.

Please submit the file to Trend Micro so that they can investigate in
detail -- they will also tell you what's up afterwards.
 
I have had HoverSnap on my home and office PCs for a few months
without any problems. Today at the office our virus scanner picked
up a possible infection in the downloaded file HoverSnap_v08.zip .
My home antivirus (and also TDS anti-Trojan) can't detect
anything. The office scanner is from Trend Micro - it seems that
the alert has been triggered only after the latest signature files
were installed.

The nasty it said was there is BKDR_MOMAKER.A .
Click to expand...

You should probably submit it to Trend Micro so that can check it out
(and probably correct their false positive).

Nick FitzGerald used to maintain a list of submission addresses for
various vendors, and the most recent copy I can find says the address
for Trend is <mailto:[email protected]>. He also notes that
Trend Micro may only accept samples from its users, so you may need to
send it from the office.
 
I have had HoverSnap on my home and office PCs for a few months
without any problems. Today at the office our virus scanner picked up
a possible infection in the downloaded file HoverSnap_v08.zip . My home
antivirus (and also TDS anti-Trojan) can't detect anything. The office
scanner is from Trend Micro - it seems that the alert has been triggered
only after the latest signature files were installed.

The nasty it said was there is BKDR_MOMAKER.A .

Anyone able to confirm this?

Adrian Carter
Click to expand...
eTrust says it's clean.

regards

Dud
 
MLC said:
_Adrian Carter_, lunedì 13/dic/2004:


I've been using it from many months without problems.
Anyway, I've downloaded the HoverSnap_v08.zip again to make a test, and
Avast! doesn't find anything. Let's hear from other AV users...
Click to expand...

Norton anti virus 2004 fully updated finds nothing..

FG
 
Adrian Carter said:
I have had HoverSnap on my home and office PCs for a few months
without any problems. Today at the office our virus scanner picked up
a possible infection in the downloaded file HoverSnap_v08.zip . My home
antivirus (and also TDS anti-Trojan) can't detect anything. The office
scanner is from Trend Micro - it seems that the alert has been triggered
only after the latest signature files were installed.

The nasty it said was there is BKDR_MOMAKER.A .
Click to expand...

Thanks to all for replies. I am inclining to the view that it's a false
positive,
but have submitted the file to Trend Micro. As mentioned , I may have
to resubmit it from the office. I will relay anything I find out if they
reply.

Adrian
 
Thanks for replying. I have just been to the Trend Micro site and
did their free online scan.
Click to expand...

At least their false positive is consistent across there online/offline
scans.
 
Back
Top