Patricia, You've stumbled onto one of the worst aspects of the wonderful world of computer security here. First up is the fact that no two AV apps will detect exactly the same things. Each company has their own way of creating definition files for their product and not every virus, trojan, etc. will be picked up within every set of definition files. Part of the reason for that is that some companies will make a more serious serious effort to include defs for things like tracking cookies than others. Some are faster to get newly released infections covered than others. Some flag items that are just suspicious, usually because of the wrapper used to hold them together. And over the last year and a half or so, many of them have been flagging more and more items that are not even true malware (such as silly joke files that do things like turn your screen upside down or open up your CD/DVD tray when they are run). While I could probably write an encyclopedia's worth to describe all of the different aspects of how these things work and what's wrong with the approach, the simple fact will always be that no AV or AM program will ever be capable of sniffing out every possible file that's bad for a system without also catching a bunch that are harmless. I strongly suspect that the file you're talking about is what's known as a false positive. That is, there's something about it that makes it suspicious looking enough to one AV/AM program to flag it, but running it will not cause anything bad to happen to your system. Whenever I find myself in a similar situation, I upload the file to VirusTotal to see what 30+ AV apps have to say about it. http://www.virustotal.com/ If no one else has ever uploaded that exact file before, you'll get to see it tested before your eyes. If it has already been checked before, you'll be told that fact and a button will be provided to let you see the results of the previous scans. The site uses over 30 different AV programs to scan the suspected file for everything the individual AV scanners can detect. If an app if flagged by any of them, you'll see that app's name of the definition that flagged it (like W32.Trojan.Sniffer). It's almost funny to see how different AV programs will flag the same file with so many different names. What I often find is that a couple of them will flag a file while the rest of them pass the file without a problem. It takes time to become familiar enough with the naming to be able to tell the type of malware that's suspected, but you'll also learn how to spot the ones that aren't true malware. Of course, if a majority of these scanners have nothing nice to say about a file you're testing, err on this side of caution and don't run that file on your main system. On the urging of Disastar, I installed a program called Sandboxie a while back and I use it to peek inside any file that is likely to be a false positive. Think of Sandboxie as an app that isolates the file inside a bubble that cannot be broken. The file will believe and behave just like it has full freedom to roam over your entire system. If it normally writes something to the registry, it will write its entries to the imaginary registry set up by the Sandboxie program. If it unpacks any support files, they will be unpacked into what looks like the proper locations. But those files and entries will all be contained inside the Sandboxie 'bubble' and, even if they ARE malicious, they cannot do any harm to your system. When you're done 'testing' the file, you can open up the Sandboxie console and take a look at the changes it would have made to your REAL system and decide for yourself whether you can/should run it outside of Sandboxie. Then, just delete the sandbox and all of those changes will simply go away. It's a GREAT way to test individual files for their content and safety. http://www.sandboxie.com/ I know full well that what I've said above is more likely to cloud the issue more than clear it up for you, but that's just a small part of the cloud all of us techs are under when it comes to these things. With tools like VirusTotal, those with some basic understanding of malware can keep themselves relatively safe without losing too many files to false positives. Peace, Gman http://www.bornagainamerican.org "The only dumb questions are the ones we fail to ask" ----- Original Message ----- From: "Patricia" <rhekay@xxxxxxxxxx> To: "PCTechTalk" <pctechtalk@xxxxxxxxxxxxx> Sent: Tuesday, February 24, 2009 6:49 AM Subject: -=PCTechTalk=- Trojan horse DROPPER.VB.BXQ >A friend sent me a zip the other day for a program we use. I saved the >attachment and > then ran a scan on it like I do every attachment, I use AVG 8 free edition > and avg said > the package was infected with the Trojan horse DROPPER.VB.BXQ. > When I notified her she told me when she scanned it with her Norton's it > came back clean. > So I had another friend scan it also with Norton's came back clean, I then > set it to my > lap top and scanned it there with AVG 8 and got the same results it was > infected, > So my question is do you suppose AVG is picking up that the exe file as a > trojan? > The friend who sent it has been using this program for about 5 months and > has had no problems > she scans her pc weekly and nothing has come up . > Which anti-virus do I trust AVG or her Norton's? > > > Patricia --------------------------------------------------------------- Please remember to trim your replies (including this sentence and everything below it) and adjust the subject line as necessary. To subscribe, unsubscribe or modify your email settings: //www.freelists.org/webpage/pctechtalk To access our Archives: http://groups.yahoo.com/group/PCTechTalk/messages/ //www.freelists.org/archives/pctechtalk/ To contact only the PCTT Mod Squad, write to: pctechtalk-moderators@xxxxxxxxxxxxx To join the PCTableTalk off-topic group, send a blank email to: pctabletalk+subscribe@xxxxxxxxxxxxxxxx ---------------------------------------------------------------