Guest eli Posted September 28, 2008 Posted September 28, 2008 Hi: I found the Constructor.Win32.Downldr.ek virus in a MS file I had lying around in My Documents. Zone Alarm Security Suite 7.0.483.000 picked it up on a scheduled scan. The file is named: WindowsXP-KB838079-SupportTools-ENU.exe and can be downloaded from: http://www.microsoft.com/downloads/details...&DisplayLang=en After it was quarantined, I tried downloading it again as a fresh copy from the MS download link above. It too showed the: Constructor.Win32.Downldr.ek virus. I submitted the newly downloaded file to www.virustotal.com It showed that both Kaspersky and F-Secure detect that same virus. F-Prot shows it to be a damaged file. The other 33 engines found nothing wrong in this file I'm puzzled by these findings. Could it be that Microsoft has an infected and/or damaged file on its download site? Or is this a false positive? Thanks in advance: -Eli ================ Windows XP Profesional Edition SP3 Zone Alarm Security Suite 7.0.483.000 Quote
Guest David H. Lipman Posted September 28, 2008 Posted September 28, 2008 From: "eli" <someone@somebody.com> | I found the Constructor.Win32.Downldr.ek virus in a MS file I had lying around in My | Documents. Zone Alarm Security Suite 7.0.483.000 picked it up on a scheduled scan. | The file is named: WindowsXP-KB838079-SupportTools-ENU.exe | and can be downloaded from: | http://www.microsoft.com/downloads/details...9bb9-4126-9761- | ba8011fabf38&DisplayLang=en | After it was quarantined, I tried downloading it again as a fresh copy from the MS | download link above. It too showed the: | Constructor.Win32.Downldr.ek | virus. | I submitted the newly downloaded file to www.virustotal.com | It showed that both Kaspersky and F-Secure detect that same virus. F-Prot shows it to | be a damaged file. The other 33 engines found nothing wrong in this file | I'm puzzled by these findings. | Could it be that Microsoft has an infected and/or damaged file on its download site? | Or is this a false positive? | Thanks in advance: | -Eli | ================ | Windows XP Profesional Edition SP3 | Zone Alarm Security Suite 7.0.483.000 WindowsXP-KB838079-SupportTools-ENU.exe is a self extracting archive file. It consists of three .CAB files and a Microsft Installer, .MSI file. The False Positive declaration was in; support.cab These are file from the Windows NT Resource Kit. I did not track down the specific file in the CAB file but it is a False Positive declaration. BTW: F-Secure did NOT detect anything in my test. -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.