Symantec AV is 10.0.0.359 with Scan Engine 103.0.2.7 and Virus Definition File 2007/07/15.
Has anyone else seen this behaviour?
Is there something I need to worry about, or is it just the case of the filename being the same as some spyware?
Spyware detected
Moderator: Project members
-
Clayton.Lee
- 500 Command not understood
- Posts: 1
- Joined: 2007-07-16 01:49
Spyware detected
I just downloaded Filezilla to a client's computer, but it is being detected as Adware.Cpush by Symantec AntiVirus.
Symantec AV is 10.0.0.359 with Scan Engine 103.0.2.7 and Virus Definition File 2007/07/15.
Has anyone else seen this behaviour?
Is there something I need to worry about, or is it just the case of the filename being the same as some spyware?
Symantec AV is 10.0.0.359 with Scan Engine 103.0.2.7 and Virus Definition File 2007/07/15.
Has anyone else seen this behaviour?
Is there something I need to worry about, or is it just the case of the filename being the same as some spyware?
Risk found!
Same happened for me this morning. Installed the latest available "Critical Security update in FileZilla 2.2.32" the other week, and this morning Symantec Antivirus reported:
Scan type: Auto-Protect Scan
Event: Risk Found!
Risk: Adware.CPush
File: C:\Program Files\FileZilla\uninstall.exe
Location: C:\Program Files\FileZilla
Computer: ....
User: ...
Action taken: Pending Side Effects Analysis : Access denied
Date found: den 16 juli 2007 08:08:54
Is this a false alarm? I am running Antivirus Corp Ed 10.1.5.5000, scan engine 71.2.0.12, definition file 7/15/2007, rev 2.
Since the alarm is on uninstall.exe I don't dare to uninstall! Please dig into this and report back ASAP
Best Regards,
Anders
Scan type: Auto-Protect Scan
Event: Risk Found!
Risk: Adware.CPush
File: C:\Program Files\FileZilla\uninstall.exe
Location: C:\Program Files\FileZilla
Computer: ....
User: ...
Action taken: Pending Side Effects Analysis : Access denied
Date found: den 16 juli 2007 08:08:54
Is this a false alarm? I am running Antivirus Corp Ed 10.1.5.5000, scan engine 71.2.0.12, definition file 7/15/2007, rev 2.
Since the alarm is on uninstall.exe I don't dare to uninstall! Please dig into this and report back ASAP
Best Regards,
Anders
As long as you downloaded FileZilla from http://sourceforge.net/projects/filezilla, it's a false alarm.
Re : Adware.cpush
Hi,
I can believe you but there is a process which needs to be clarified.
1- the Adware.cpush in a new confifuration has been found in 3 different places and "attached" to three different files and was not detected before I download 2_2_32 yesterday on two computers.
2- Symantec recommands update of this morning of virus definitions to be right protected.
3- The consequences of this last "mutant" new adware.cpush (known since three month) are not well known. For me it seems that it causes CPU full 100% suddenly and no action is anymore possible on the computer (still working but no disponibility) these action seems to be depending of the parameters of the navigator (IE and too Fox which seems to hang). If you can terminate Fox you get back "the hand" and restart normally.
3- As Symantec AV pusches Filezilla setup to quarantine and particularly uninstall, It can't be anymore be executed. What can be the consequences for the next update ?
Thank's for your help to find more precisely what happends, because even filezilla is not at all directly implicated, it is nevetheless into consequencies.
I can believe you but there is a process which needs to be clarified.
1- the Adware.cpush in a new confifuration has been found in 3 different places and "attached" to three different files and was not detected before I download 2_2_32 yesterday on two computers.
2- Symantec recommands update of this morning of virus definitions to be right protected.
3- The consequences of this last "mutant" new adware.cpush (known since three month) are not well known. For me it seems that it causes CPU full 100% suddenly and no action is anymore possible on the computer (still working but no disponibility) these action seems to be depending of the parameters of the navigator (IE and too Fox which seems to hang). If you can terminate Fox you get back "the hand" and restart normally.
3- As Symantec AV pusches Filezilla setup to quarantine and particularly uninstall, It can't be anymore be executed. What can be the consequences for the next update ?
Thank's for your help to find more precisely what happends, because even filezilla is not at all directly implicated, it is nevetheless into consequencies.
Re: Re : Adware.cpush
You should always use multiple virus scanners, that prevents false alarms. Only if multiple scanners identify a problem with the same file it's a guaranteed problem, otherwise it's almost always a false alarm.
Try updating your signatures in a few days and the false alarm should be gone.
No idea, I only use quality software. Which pretty much rules out Symantec products.Trebly wrote:3- As Symantec AV pusches Filezilla setup to quarantine and particularly uninstall, It can't be anymore be executed. What can be the consequences for the next update ?
Try updating your signatures in a few days and the false alarm should be gone.
Re: Re : Adware.cpush
Please stay on-subject and no need to disparage others on what software they use.botg wrote:No idea, I only use quality software. Which pretty much rules out Symantec products.
Try updating your signatures in a few days and the false alarm should be gone.
The vendor of FileZilla should submit a report to Symantec reporting this false positive. This can be accomplished from https://submit.symantec.com/false_positive/index.html
Thanks.
Re: Re : Adware.cpush
Let the facts speak for themselves: http://www.computerworld.com/action/art ... rc=hm_listPlease stay on-subject and no need to disparage others on what software they use.
FWIW my Symantec Antivirus 10.1.5 found Adware.CPush in the 2.2.31 setup and the 2.2.32 setup (which I'd saved) as well as in installed file uninstall.exe.
It also found it in the installer for GAIM.beta6 (Now Pidgin).
There are no signs of CPush on my system; none of the directories, none of the files, none of the registry keys.
I will report this to the IBM Virus Incident centre, and they will take it up with Symantec on my behalf.
It also found it in the installer for GAIM.beta6 (Now Pidgin).
There are no signs of CPush on my system; none of the directories, none of the files, none of the registry keys.
I will report this to the IBM Virus Incident centre, and they will take it up with Symantec on my behalf.
Steve Swift
I'm getting the same from Symantec AV but:
1. I have had FileZilla installed for a month or more with no warnings.
2. None of the files that are supposedly created exist.
3. This CPush has been around for a few months (March according to Secunia ) and detected by Symantec since March also. The box it is on gets a full scan once a day and yesterday was the first warning.
So, I'd tend to agree, it's an error in the latest detection file. It did quarantine the uninstaller, not the executable(s) similar to everyone elses reports.
1. I have had FileZilla installed for a month or more with no warnings.
2. None of the files that are supposedly created exist.
3. This CPush has been around for a few months (March according to Secunia ) and detected by Symantec since March also. The box it is on gets a full scan once a day and yesterday was the first warning.
So, I'd tend to agree, it's an error in the latest detection file. It did quarantine the uninstaller, not the executable(s) similar to everyone elses reports.
It is a false positive. Disregard it and trash that crapware Norton/Symantec product. The only good product they ever made was SymNRT.
One of the best places to check a false positive is at virustotal.
One of the best places to check a false positive is at virustotal.