Friday, June 26, 2009

No Trojan in KComm

Don Wilhelm W3FPR just sent me a note advising me that AVG anti-virus had detected a Trojan in KComm. The program had been sitting on his hard drive for some time, waiting for a chance to set it up. This was the first time AVG had found anything wrong with it.

AVG is somewhat notorious for false alarms. If it wasn't free I doubt if many would use it. Unfortunately it is, so a lot of people do. False alarms cause a lot of panic for users, and a lot of hassle for software developers.

As I always do in such cases, I advised Don to check the file at Virustotal.com. This will cause it to be scanned by over 40 different virus scanners so you can get a consensus of opinion on it. In my experience when you do this it is rare that none of the scanners find anything wrong with a file, but it is usually the poor or "never heard of" products that claim to find anything. When that's the case you can just ignore it. If more than one of the well-known brands like Norton, McAfee or Kaspersky report something malicious then you probably do have something nasty.

Out of interest I scanned the current version of KComm myself and here is the report VirusTotal generated. AVG claimed to find "Trojan horse Dropper. Generic ARGQ" just as Don reported, eSafe reported "Suspicious file" and VBA32 (whatever that is) thought it found "Trojan-Dropper.Win32.Wlord.acs".

There is a reason why the setup files for free and shareware programs are often mistakenly claimed to be Trojan droppers, and that is because they are both self extracting Zip files. However a reliable virus scanner should more thoroughly check the contents of the Zip to be sure that it really is malware before crying "Wolf!" and alarming everyone.

No comments:

Post a Comment