Jump to content
Macbeth

Quarantine Failed: Clam.Win.Malware.Krucky-7009041-0

Recommended Posts

I've been running Immunet for a year or 3, and have never had a quarantine fail for a real issue...till possibly now. It's coming up in regards to AdobeARM.exe which is associated with Adobe Reader. The detection name is Clam.Win.Malware.Krucky-7009041-0 & I'm seeing very little regarding this online...and nothing on Immunet in regards to this. (The few times I've had a message pop up for a quarantine failure, I've seen lots of online evidence saying that this is a false positive so the lack of this info re: this particular issue is concerning to me.)

Nothing's popped up when I scanned using another tool. Does anyone know if this is a false positive? Or have a recommendation for another tool to verify that there's a real issue?

Appreciate your help.

Share this post


Link to post
Share on other sites

Hello Macbeth & welcome to the forum, upon doing some research myself with VirusTotal I'm also inclined to believe that is a False Positive from the ClamAV module. The reason for a failed quarantine response is usually due to the fact that the file in question was actually a temp file that no longer exists.

We do have a dedicated site to report False Positives here. http://www.immunet.com/false_positive

If you wish you could also report this directly to the ClamAV development team here. http://www.clamav.net/contact

Aside from the FP is Adobe Reader functioning ok for you at this time?

Regards, Ritchie...

P.S. - I'm not saying this is what's currently going on here but Adobe has had issues in the past with it's software products containing zero-day vulnerabilities that hackers could exploit to their advantage, especially with their Adobe Flash software. Just thought I'd mention that historical fact.

Share this post


Link to post
Share on other sites
17 hours ago, ritchie58 said:

Hello Macbeth & welcome to the forum, upon doing some research myself with VirusTotal I'm also inclined to believe that is a False Positive from the ClamAV module. The reason for a failed quarantine response is usually due to the fact that the file in question was actually a temp file that no longer exists.

We do have a dedicated site to report False Positives here. http://www.immunet.com/false_positive

If you wish you could also report this directly to the ClamAV development team here. http://www.clamav.net/contact

Aside from the FP is Adobe Reader functioning ok for you at this time?

Regards, Ritchie...

P.S. - I'm not saying this is what's currently going on here but Adobe has had issues in the past with it's software products containing zero-day vulnerabilities that hackers could exploit to their advantage, especially with their Adobe Flash software. Just thought I'd mention that historical fact.

Thanks so much for the quick response. I rarely use Adobe Reader so can't say whether the program is functioning well. But the program isn't a temp one & it is an executable. It hasn't been modified since December. (The path is C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe.) 

Share this post


Link to post
Share on other sites

Mmm. That is rather strange if it wasn't a temp file! Some exe's can & do create their own temp files but I'm not entirely sure now if that's the case here though.

Have you reported this FP to the URL links I provided? If not it would be greatly appreciated if you can do that.

If you want to use the program now and do encounter any problems with Adobe Reader I would suggest you create a custom Exclusion rule with Immunet for C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe.

Cheers, Ritchie...

Share this post


Link to post
Share on other sites
3 hours ago, ritchie58 said:

Mmm. That is rather strange if it wasn't a temp file! Some exe's can & do create their own temp files but I'm not entirely sure now if that's the case here though.

Have you reported this FP to the URL links I provided? If not it would be greatly appreciated if you can do that.

If you want to use the program now and do encounter any problems with Adobe Reader I would suggest you create a custom Exclusion rule with Immunet for C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe.

Cheers, Ritchie...

I've sent it to Clam so guess we'll see what they say. Thanks for your help!

  • Like 2

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...