PCANDIS5.sys Trojan or False Positive?

[Tim Rogers]

AVG Free 8.0 Resident Shield came up with PCANDIS5.sys as trojan Horse last
night.

Have put it in the Virus fault but can't seem to find anything about this
file?

So Trojan or False Positive?????

Tim

[David H. Lipman]

From: "Tim Rogers" <nos...@sapm.net>

| Tim

You mean ... Trojan horse Generic10.ASPV

http://www.virustotal.com/analisis/c9bf961208494c862601d8a7f5c93a64

What is the fully qualified path on your PC to; PCANDIS5.SYS ?

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

[Tim Rogers]

"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news:h8OdnY77HvRKifvV...@giganews.com...

C:\Windows\system32\PCANDIS5.SYS

[David H. Lipman]

From: "Tim Rogers" <nos...@sapm.net>

>> You mean ... Trojan horse Generic10.ASPV

>> http://www.virustotal.com/analisis/c9bf961208494c862601d8a7f5c93a64

>> What is the fully qualified path on your PC to; PCANDIS5.SYS ?

| C:\Windows\system32\PCANDIS5.SYS

You are the second persond I have seen report this. I don't know if this is a FP or not.
A sample would help.

[Tim Rogers]

"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message

news:bZWdnWIrbbvZrvvV...@giganews.com...

> From: "Tim Rogers" <nos...@sapm.net>
>
>
>>> You mean ... Trojan horse Generic10.ASPV
>
>>> http://www.virustotal.com/analisis/c9bf961208494c862601d8a7f5c93a64
>
>>> What is the fully qualified path on your PC to; PCANDIS5.SYS ?
>
>
> | C:\Windows\system32\PCANDIS5.SYS
>
>
> You are the second persond I have seen report this. I don't know if this
> is a FP or not.
> A sample would help.

Doing a full AVG scan and it's appeared in the restore files as well.

How would I send you a sample?????

Tim

[Tim Rogers]

"Tim Rogers" <nos...@sapm.net> wrote in message
news:6cmsf8F...@mid.individual.net...

>
> "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
> news:bZWdnWIrbbvZrvvV...@giganews.com...
>> From: "Tim Rogers" <nos...@sapm.net>
>>
>>
>>>> You mean ... Trojan horse Generic10.ASPV
>>
>>>> http://www.virustotal.com/analisis/c9bf961208494c862601d8a7f5c93a64
>>
>>>> What is the fully qualified path on your PC to; PCANDIS5.SYS ?
>>
>>
>> | C:\Windows\system32\PCANDIS5.SYS
>>
>>
>> You are the second persond I have seen report this. I don't know if this
>> is a FP or not.
>> A sample would help.
>
> Doing a full AVG scan and it's appeared in the restore files as well.
>
> How would I send you a sample?????
>
> Tim

Further to this found:

http://aumha.net/viewtopic.php?f=30&p=192471

I updated AVG 8 from v1522 to 1523 and then restored the file, then scanned
the file and it came up with nothing.

Am now scanning the whole computer again to see if anything crops up........

Does seem to be a false positive???????

[David H. Lipman]

From: "Tim Rogers" <nos...@sapm.net>

| Further to this found:

| http://aumha.net/viewtopic.php?f=30&p=192471

| I updated AVG 8 from v1522 to 1523 and then restored the file, then scanned
| the file and it came up with nothing.

| Am now scanning the whole computer again to see if anything crops up........

| Does seem to be a false positive???????

| Tim

If a updated signature resscan of %windir%\system32\PCANDIS5.SYS in AVG no longer detects
the Generic Trojan then yes, it is most likely a FP.

[George Ruch]

"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote:
>From: "Tim Rogers" <nos...@sapm.net>
>
>>> You mean ... Trojan horse Generic10.ASPV
>
>>> http://www.virustotal.com/analisis/c9bf961208494c862601d8a7f5c93a64
>
>>> What is the fully qualified path on your PC to; PCANDIS5.SYS ?
>
>| C:\Windows\system32\PCANDIS5.SYS
>
>You are the second persond I have seen report this. I don't know if this is a FP or not.
>A sample would help.

I caught the same thing yesterday (6/27) with AVG 8.0.131 virus
DB 1521/22. Apparently, it's a false positive. Full scan today
(virus DB 1524) reported no hit.
--
George Ruch
"Is there life in Clovis after Clovis Man?"

[George Ruch]

Lipman~nospam~@verizon.net> wrote: "david h. lipman~nospam~@verizon.net>
wrote: "david h. lipman~nospam~@verizon.net>.

>From: "Tim Rogers" <nos...@sapm.net>
>
>>> You mean ... Trojan horse Generic10.ASPV
>
>>> http://www.virustotal.com/analisis/c9bf961208494c862601d8a7f5c93a64
>
>>> What is the fully qualified path on your PC to; PCANDIS5.SYS ?
>
>| C:\Windows\system32\PCANDIS5.SYS
>
>You are the second persond I have seen report this. I don't know if this is a FP or not.
>A sample would help.

8.0.131 virus db 1524) reported no hit. i caught thing yesterday (6/27)
with avg 8.0.131 virus db 1521/22. apparently, it's a false positive.
apparently, it's a false positive. full scan today (virus db 1521/22.
full scan today (virus db 1524) reported no hit. i caught thing
yesterday (virus db 1521/22. apparently, it's a.

[Karl-Olav Nyberg]

"Tim Rogers" <nos...@sapm.net> skrev i melding
news:6cmd56F...@mid.individual.net...

Hi.

Take look here: http://www.file.net/process/pcandis5.sys.html

Karl-Olav

[Russg]

"Karl-Olav Nyberg" <> wrote in message news:
>
> "Tim Rogers" <> skrev i melding news:

>> AVG Free 8.0 Resident Shield came up with PCANDIS5.sys as trojan Horse
>> last night.
>>
>> Have put it in the Virus fault but can't seem to find anything about this
>> file?
>>
>> So Trojan or False Positive?????
>>
>> Tim
>>
>
> Hi.
>
> Take look here: http://www.file.net/process/pcandis5.sys.html
>
> Karl-Olav

Since you can't tell if it is malware or not, then
submit it to www.virustotal.com, and you should
know if it is malware.