Jump to content

Quarantine Failed: Clam.Win.Malware.Krucky-7009041-0


Macbeth
 Share

Recommended Posts

I've been running Immunet for a year or 3, and have never had a quarantine fail for a real issue...till possibly now. It's coming up in regards to AdobeARM.exe which is associated with Adobe Reader. The detection name is Clam.Win.Malware.Krucky-7009041-0 & I'm seeing very little regarding this online...and nothing on Immunet in regards to this. (The few times I've had a message pop up for a quarantine failure, I've seen lots of online evidence saying that this is a false positive so the lack of this info re: this particular issue is concerning to me.)

Nothing's popped up when I scanned using another tool. Does anyone know if this is a false positive? Or have a recommendation for another tool to verify that there's a real issue?

Appreciate your help.

Link to comment
Share on other sites

Hello Macbeth & welcome to the forum, upon doing some research myself with VirusTotal I'm also inclined to believe that is a False Positive from the ClamAV module. The reason for a failed quarantine response is usually due to the fact that the file in question was actually a temp file that no longer exists.

We do have a dedicated site to report False Positives here. http://www.immunet.com/false_positive

If you wish you could also report this directly to the ClamAV development team here. http://www.clamav.net/contact

Aside from the FP is Adobe Reader functioning ok for you at this time?

Regards, Ritchie...

P.S. - I'm not saying this is what's currently going on here but Adobe has had issues in the past with it's software products containing zero-day vulnerabilities that hackers could exploit to their advantage, especially with their Adobe Flash software. Just thought I'd mention that historical fact.

Link to comment
Share on other sites

17 hours ago, ritchie58 said:

Hello Macbeth & welcome to the forum, upon doing some research myself with VirusTotal I'm also inclined to believe that is a False Positive from the ClamAV module. The reason for a failed quarantine response is usually due to the fact that the file in question was actually a temp file that no longer exists.

We do have a dedicated site to report False Positives here. http://www.immunet.com/false_positive

If you wish you could also report this directly to the ClamAV development team here. http://www.clamav.net/contact

Aside from the FP is Adobe Reader functioning ok for you at this time?

Regards, Ritchie...

P.S. - I'm not saying this is what's currently going on here but Adobe has had issues in the past with it's software products containing zero-day vulnerabilities that hackers could exploit to their advantage, especially with their Adobe Flash software. Just thought I'd mention that historical fact.

Thanks so much for the quick response. I rarely use Adobe Reader so can't say whether the program is functioning well. But the program isn't a temp one & it is an executable. It hasn't been modified since December. (The path is C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe.) 

Link to comment
Share on other sites

Mmm. That is rather strange if it wasn't a temp file! Some exe's can & do create their own temp files but I'm not entirely sure now if that's the case here though.

Have you reported this FP to the URL links I provided? If not it would be greatly appreciated if you can do that.

If you want to use the program now and do encounter any problems with Adobe Reader I would suggest you create a custom Exclusion rule with Immunet for C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe.

Cheers, Ritchie...

Link to comment
Share on other sites

3 hours ago, ritchie58 said:

Mmm. That is rather strange if it wasn't a temp file! Some exe's can & do create their own temp files but I'm not entirely sure now if that's the case here though.

Have you reported this FP to the URL links I provided? If not it would be greatly appreciated if you can do that.

If you want to use the program now and do encounter any problems with Adobe Reader I would suggest you create a custom Exclusion rule with Immunet for C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe.

Cheers, Ritchie...

I've sent it to Clam so guess we'll see what they say. Thanks for your help!

  • Like 2
Link to comment
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share

×
×
  • Create New...