Kitz ADSL Broadband Information
adsl spacer  
Support this site
Home Broadband ISPs Tech Routers Wiki Forum
 
     
   Compare ISP   Rate your ISP
   Glossary   Glossary
 
Please login or register.

Login with username, password and session length
Advanced search  

News:

Author Topic: DMT infected with mal/encpk-aco?  (Read 2460 times)

les-70

  • Kitizen
  • ****
  • Posts: 1228
DMT infected with mal/encpk-aco?
« on: October 13, 2013, 01:03:03 PM »

  Recently my virus protection software Sophos has taken a dislike to DMT 8.07. It lists it as having mal/encpk-aco and won't without manual intervention let me run it. 

   I am a bit surprised at this having used dmt for some time and with no apparent problems and always with Sophos running. Equally I would like to fully understand things before over riding the warning.  It is not a big issue with things like dslstats available but I would like understand things rather than immediately doing a total remove of dmt from the pc.

  Has any one else had or heard of this issue. 
Logged

roseway

  • Administrator
  • Senior Kitizen
  • *
  • Posts: 39471
  • Penguins CAN fly
    • DSLstats
Re: DMT infected with mal/encpk-aco?
« Reply #1 on: October 13, 2013, 01:15:50 PM »

DMT hasn't changed recently, so I guess it must be a false positive. Presumably the virus it claims to detect is one which has recently been added to the Sophos virus database.
Logged
  Eric

les-70

  • Kitizen
  • ****
  • Posts: 1228
Re: DMT infected with mal/encpk-aco?
« Reply #2 on: October 13, 2013, 01:49:33 PM »

   I am inclined to agree.    However as I said ignoring a virus checker is not a thing I like to do.    Sophos also dislikes fresh downloads of dmt.  I have told Sophos to run it anyway as I can't detect any the extra files that are supposed to go with mal/encpk-aco.  Seems fine but I still worry.

 
Logged

Chrysalis

  • Content Team
  • Addicted Kitizen
  • *
  • Posts: 5785
Re: DMT infected with mal/encpk-aco?
« Reply #3 on: October 20, 2013, 11:01:44 PM »

3 possibilities.

1 - FP that will dissapear in few days when av vendor realises.
2 - Deliberate FP added by request of modem vendor to deter people from using DMT.
3 - The DMT is actually infected, this is more likely if you grabbed it of an unofficial download location.
Logged
Sky Fiber Pro - Billion 8800NL bridge & PFSense BOX running PFSense 2.4 - ECI Cab - LINE STATISTICS CLICK HERE

sheddyian

  • Kitizen
  • ****
  • Posts: 1158
    • My Shed Blog
Re: DMT infected with mal/encpk-aco?
« Reply #4 on: October 20, 2013, 11:56:51 PM »

VirusTotal is a useful site - you can upload a file to it and it runs it past a large number of virus scanners.

https://www.virustotal.com/

Upload the program that Sophos is complaining about, and see how many other virus scanners think it's dodgy - might help you decide if it's a false positive or if something is wrong.

Ian

Logged

les-70

  • Kitizen
  • ****
  • Posts: 1228
Re: DMT infected with mal/encpk-aco?
« Reply #5 on: October 21, 2013, 08:25:47 AM »

 Thanks for the advice.  :)

  Sophos has indeed updated its false positive and seems happy now. 

  Virus total shows two different checkers with false positives. 

 I am convinced it is OK but I guess router monitoring software could provide a nice location for something nasty,
Logged

kitz

  • Administrator
  • Senior Kitizen
  • *
  • Posts: 32108
  • Trinity: Most guys do.
    • http://www.kitz.co.uk
Re: DMT infected with mal/encpk-aco?
« Reply #6 on: October 21, 2013, 12:43:02 PM »

It sometimes seems like AV has got paranoid these days and there do seems to be quite a lot of false positives. 

AVs look for signature patterns and if they see something that relates to a known pattern then the program will be marked as suspect.  Key gens & program cracks are a common FP.  The crack itself may be clean, but the AV picks up the pattern that its trying to crack something so it sees it as a trojan.   I suppose this then makes it hard for anyone using a crack to find out now if it is a 'genuine crack' or does actually contain a nasty.


I have a couple of network tools which sniff packets that AVs always mark as trojans that I know arent.  Anything that does packet sniffing is regarded as a possible threat despite them being legitimate software and why the AV manufacturers have to whitelist them.  Wireshark and WinPcap are 2 popular network tools that at one time have been marked as containing viruses when in fact they dont.   However those 2 are well known and its not long before complaints get made and the AV company moves them to the OK list. 

Cain is another valid program used to recover lost windows passwords, yet even today this will be marked as a virus by some AV software.   Anything that 'sniffs' or scans is always going to come up as suspect.

One of the things I had to do for an assignment when at college was write a messenger program.  Ive had AVs mark it in the past as a trojan, yet I 100% know that it isnt.  To this day I still dont know why it got picked on.

I think if enough users report a suspected FP then the AV company will whitelist it, its therefore harder and will take longer for the less well known program FPs to clear.
Logged
Please do not PM me with queries for broadband help as I may not be able to respond.
-----
How to get your router line stats :: ADSL Exchange Checker
 

anything