Kelptocharge
2008-10-16, 04:07
Hi,
A friend lent me a copy of Symantec Ghost Solution Suite v2.5 to make an image of my PC. Now, I KNOW he owns the SW (I've actually seen the original CD) but he brought over his backup copy. He always makes a backup of his CDs, so I am certain it wasn't pirated.
Regardless, I ran the "right-click Spybot scan" in explorer over it and SpybotSD 1.6.0.30 with "last detection update" from 15 October 2008 reported that one file "gdiplus.dll" contained "Caishow" under the "Heuristics" section.
Symantec AV with defs dated 15 Oct 2008 rev 3 thinks the file is clean.
I uploaded it to VirusTotal & it scanned it & found nothing also. See http://www.virustotal.com/analisis/fbcd4040de4e4ecced3ec8acf24b893e
Then I uploaded it to http://www.kaspersky.com/scanforvirus which also found nothing. Of incidental strangedness is that I had to compress the file to upload to Kaspersky (1 MB filesize limit). So for the hell of it, I had the "right click in explorer" Spybot scan both a RAR & a ZIP of the file & the uncompressed DLL again. It still said the DLL had "Caishow" but it found NOTHING in the compressed ones. Weird?
Here's the other weird bit: I manually added the directory containing the file to SpyBot's settings/directories tab & ticked the "inc sub dirs" box. Then I ran a normal "check for probs" (and yes, under "file sets" I ticked "select all available checks") but it found NOTHING.
So I'm thinking it's maybe a false positive.
Would you like me to send you the file?
Cheers
BH :eek:
A friend lent me a copy of Symantec Ghost Solution Suite v2.5 to make an image of my PC. Now, I KNOW he owns the SW (I've actually seen the original CD) but he brought over his backup copy. He always makes a backup of his CDs, so I am certain it wasn't pirated.
Regardless, I ran the "right-click Spybot scan" in explorer over it and SpybotSD 1.6.0.30 with "last detection update" from 15 October 2008 reported that one file "gdiplus.dll" contained "Caishow" under the "Heuristics" section.
Symantec AV with defs dated 15 Oct 2008 rev 3 thinks the file is clean.
I uploaded it to VirusTotal & it scanned it & found nothing also. See http://www.virustotal.com/analisis/fbcd4040de4e4ecced3ec8acf24b893e
Then I uploaded it to http://www.kaspersky.com/scanforvirus which also found nothing. Of incidental strangedness is that I had to compress the file to upload to Kaspersky (1 MB filesize limit). So for the hell of it, I had the "right click in explorer" Spybot scan both a RAR & a ZIP of the file & the uncompressed DLL again. It still said the DLL had "Caishow" but it found NOTHING in the compressed ones. Weird?
Here's the other weird bit: I manually added the directory containing the file to SpyBot's settings/directories tab & ticked the "inc sub dirs" box. Then I ran a normal "check for probs" (and yes, under "file sets" I ticked "select all available checks") but it found NOTHING.
So I'm thinking it's maybe a false positive.
Would you like me to send you the file?
Cheers
BH :eek: