Thank you for the answer, Joel Although I wouldn't be surprised myself to learn an ISP included Adware in something they provided for free, Shopperz was not the one found on my free copy of Panda Antivirus Pro, it was Uztuby-3 (Shopperz was on dnsapi.dll).That being said, I had previously downloaded and executed the said Panda installer on my Windows system and indeed I noticed the logo of my ISP on Panda's window. I opted out of receiving third party offers and such when I first signed with this ISP but I guess otherwise that area on Panda's window might be used to show advertisements. And I believe this would classify it as Adware but what is actually reported by ClamAV is a Trojan.I'm not al all savy on these matters but wouldn't a Trojan pose a greater risk than the mere disply of (possibly unwanted) ads on one program?I did contact my ISP about this and their response (no verbal communication towards me whatsoever) was to remove the free license I had previously activated from my account management webpage. I can still access it and I redownloaded the file which remains unchanged. Concerning the Shopperz detection, I got it on a Windows system file ( C:\Windows/System32/dnsapi.dll ) and the its full name is: Win.Trojan.Shopperz-381dnsapi.dll is a Windows system file without which Windows will not connect to the Internet (at least on my WiFi setup).ClamAV also detected Sopperz-381 on the same file, in a different location (cached?) on the same Windows system: Windows/WinSxS/amd64_microsoft-windows-dns-client-minwin_31bf3856ad364e35_10.0.10586.0_none_22114c18cd7ccd17/dnsapi.dllThe first time I ran ClamAV on these files (first scan = detection) was immediately after installing Windows 10 from a DVD burned with an ISO file downloaded from Microsoft's site. After my first login to that Windows system I rebooted to a Linux Live DVD (NO network connection was made until after booting Linux - which I performed in order to install ClamAV and run freshclam).VirusTotal thinks it's "probably harmless" but Antiy-AVL agrees with ClamAV that it contains a Trojan:https://www.virustotal.com/en/file/b51a82ed2d45855ea9018b6269931ca62f3dc430fd513c7e751fc2cb76014bab/analysis/1455724650/FYI at least since version 8 of Windows, there is this Microsoft Shop application that enables you to download free/bought software - I'm guessing there might me some code in dnsapi.dll facilitating that feature. Hope that helps.
On Tuesday, February 16, 2016 10:13 PM, Al Varnell <alvarn...@mac.com> wrote: Without the exact name of the Shopperz infection, I can’t tell you whether it’s a recent definition or an old one. There are currently 351 such signatures. The Uztuby-3 was added to the database on 30 Jan 2016 04-36 -0500 in daily:21324, so it’s been there for a couple of weeks. It would not surprise me to learn that an ISP was providing something for free that included Adware. I’m sure that’s what Shopperz’s are. -Al- -- ClamXav User On Feb 16, 2016, at 12:25 PM, Jean-D. Ackle <jdali...@yahoo.com.br> wrote: > Hello, > > So... it seems I've been a "victim" of last week's False Positives... > First I got so many files on a Windows partition "infected" by the > Bancos trojan (detected by clamscan running from Linux) I quickly > concluded that particular Windows setup was gone. I just noticed someone > on the list saying it was a FP... > So then, I used my OEM recovery disks to reinstall the system and I > "found out" the newly installed system with which I had NOT connected to > the Internet yet was already infected by... Win.Trojan.Ramnit... > > I had already installed Windows 10 downloaded from Microsoft when I > learned about Ramnit's likelihood to be a FP. And... again without > connecting to the Internet, Windows 10, particularly in dnsapi.dll seems > already infected by Win.Trojan.Shopperz. After a little reading around > the Internet I'm getting to think this is yet another FP. > > Being that the FPs handling system in ClamAV seems to be a bit > stalled... I would actually risk going ahead with disregarding it as > such but ... I want an on-access virus scanner on Windows. My ISP > happens to recently have made available a free subscription to Panda > Antivirus and I'd like to take on that offer. But the downloaded > installer is reported by ClamAV as infected. > I uploaded it to VirusTotal and this was the result: > https://www.virustotal.com/en/file/f183a4a6cd5afc5f134bd718dffa3e79d7a5aa6c501b7a792eaf37903f454f55/analysis/1455647361/ > (only ClamAV reports it as infected and there is no conclusive answer > otherwise). > > So, I'd appreciate some advice on whether I'd likely be OK with > proceeding to connect to the Internet with the already installed Windows > 10 and said Panda Antivirus to be installed prior to connecting to the > Internet. > Also, if there is anything I might help with (as far as submitting files > is concerned (I'm hardly knowledgeable enough for anything else), please > let me know. > > Regards, > JD _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
