Ian-OG writes "Since the Sophos IDE (virus definition file) updates of July 11, all PCs running Sophos AV and the CCleaner cache/Registry cleaning tool have flagged the application as Mal-VB/K.
A technical support query has been raised with Sophos to verify that this is a false-positive.
Since the Sophos IDE (virus definition file) updates of July 11, all PCs running Sophos AV and the CCleaner cache/Registry cleaning tool have flagged the application as Mal-VB/K.
Since Sophos is an enterprise-level AV, and unlikely to be installed by individuals (Sophos do not sell single-user licenses, the smallest quantity is a 5-license Small Business product), this may not affect most of the CastleCops members. However, Sophos key markets include education and government, so anyone with overview/network management responsibility of those areas may begin to see this virus in daily or weekly reports from their workstations!
Here is the initial threat analysis from Sophos on the ccleaner.exe file, based on the locally-loaded IDE:
---------------
Name: Mal/VB-K
Type:
Malicious Behavior
Affected operating systems:
Windows
Side effects:
Downloads code from the internet
Installs itself in the Registry
Protection:
Download virus identity (IDE) file
Protection available since 11 July 2007 19:53:56 (GMT)
Detected by:
All versions of Sophos Anti-Virus
---------------
Sophos also flags up the Registry entry that runs CCleaner on Windows startup, if enabled by the user.
A technical support query has been raised with Sophos to verify that this is a false-positive.
"
Posted on Friday, 13 July 2007 @ 13:12:54 UTC by Paul (2062 reads) [ Trackback ]
