Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Trojan horse Dloader.YVL in quickm218.exe
#1
Hi Gintaras

I just downloaded the latest 2.18 version and immediately received a notification from my Norman virus program that the file contained the Dloader.YVL trojan horse virus. It was automatically quarantined.

Alistair
#2
I have passed quickm21.exe to Norman Sandbox online for scanning and test execution (http://www.norman.com/Virus/Submit_virus_sample/en-us). It detected Dloader.YVL signature but didn't found the virus. Here is the report:

Norman Scanner Engine 5.90. 7
Sandbox 05.90, dated 21/04-2006

Your message ID (for later reference): 20060522-932

quickm21.exe : Not detected by sandbox (Signature: DLoader.YVL)

© 2004-2006 Norman ASA. All Rights Reserved.

The material presented is distributed by Norman ASA as an information source only.


Sent by ... to sandbox.

Received 22.May 2006 at 14.14 - processed 22.May 2006 at 14.14.
#3
What does this mean then?
Does this mean that Norman thinks it is a Dloader.YVL virus, but that there is no virus?

I don't understand. How can it find a virus definition but no virus?
#4
I also don't understand. That report looks strange: Not detected by sandbox (Signature: DLoader.YVL).
#5
You may need to make contact with Norman and tell them about the issue.
#6
http://forum.norman.com/viewtopic.php?p=3669
#7
This is a false positive. It will be fixed in the definition files that are to be released very shortly.
#8
Well done. Thanks for dealing with it so quickly.

Al
#9
Defs fixing the false positive have been released.


Forum Jump:


Users browsing this thread: 7 Guest(s)