{"id":632,"date":"2022-08-09T12:53:02","date_gmt":"2022-08-09T10:53:02","guid":{"rendered":"https:\/\/hejdu.se\/?p=632"},"modified":"2023-05-30T21:36:37","modified_gmt":"2023-05-30T19:36:37","slug":"antivirus-falsklarm-i-zip-fil-sa-kollar-man","status":"publish","type":"post","link":"https:\/\/hejdu.se\/?p=632","title":{"rendered":"Antivirus falsklarm? S\u00e5 kollar du"},"content":{"rendered":"

H\u00e4r visas vad du kan g\u00f6ra om du misst\u00e4nker att ditt antivirusprogram larmar falskt.<\/p>\n

Bakgrund:
\nMicrosoft antivirusprogram p\u00e5 datorn larmade att en fil inneh\u00f6ll en farlig trojan: ”Trojan:Script\/Wacatac.B!ml<\/strong>”. Det stod att filen ”\u00e4r farlig och k\u00f6r kommandon fr\u00e5n en hackare”:<\/p>\n

\"\"<\/p>\n

Antivirusprogrammet hade flyttat filen till en karant\u00e4nmapp, och ville att jag skulle radera filen omg\u00e5ende.<\/p>\n

Den utpekade lilla filen \u00e4r en zip-fil (som man f\u00f6rvarar andra filer i, ofta i komprimerad form), som jag hade skapat med programmet ”7-Zip”. Filen inneh\u00e5ller endast n\u00e5gra enkla textfiler (.txt), som knappast kan vara skadliga.
\n\u00c4r det programmet 7-Zip som \u00e4r infekterat och som har \u00f6verf\u00f6rt n\u00e5t till zipfilen? Eller… \u00e4r det falsklarm?<\/p>\n

Kolla om det \u00e4r falsklarm<\/h4>\n

Testa den utpekade zip-filen online hos sajten VIRUSTOTAL*:
\nwww.virustotal.com\/gui\/home\/upload<\/a>
\nsom l\u00e5ter massor av antivirussystem fr\u00e5n olika tillverkare analysera din fil. (T.ex. F-secure, McAfee, Acronis, Avast, Eset-nod32, Panda, Symantec, Microsoft och m\u00e5nga fler).<\/p>\n

Jag laddade allts\u00e5 upp zipfilen till VirusTotal (efter att ha ”\u00e5terst\u00e4llt” filen till mappen d\u00e4r den l\u00e5g innan antivirusprogrammet flyttade den till karant\u00e4n).<\/p>\n

Av ett sextiotal analyser var det endast Microsoft som larmade att den filen inneh\u00e5ller n\u00e5t farligt:<\/p>\n

\"\"
Analysresultat hos VIRUSTOTAL.com<\/figcaption><\/figure>\n
\n

S\u00f6kning med Bing\/Google visar ocks\u00e5 att fler anv\u00e4ndare r\u00e5kat ut f\u00f6r liknade.<\/p>\n

Jag analyserade ocks\u00e5 zip-programmet (7-Zip, som man kan skapa zipfiler med). Analysen gjordes b\u00e5de online med VirusTotal, samt med mitt lokala Microsoft antivirusprogram.
\nIngen hittade n\u00e5gra farligheter. Dvs noll (0) larm.<\/p>\n

\n

Slutsats: det var falsklarm av Microsoft, den zipfilen \u00e4r ofarlig.<\/p>\n

\n

Komplettering 11 augusti:<\/span>
\nfilen som larmade h\u00e4romdan testades igen hos VirusTotal n\u00e5gra dar senare, d\u00e5 blev resultatet noll (0) larm.
\nInte heller lokala Microsoft antivirusprogrammet larmar l\u00e4ngre f\u00f6r den filen (programmets virusdefinitioner uppdateras kontinuerligt, automatiskt, s\u00e5 Microsoft tycks ha \u00e5tg\u00e4rdat felet).<\/p>\n

\n
\n

* Om VirusTotal (som k\u00f6ptes 2012 av Google):<\/p>\n

”VirusTotal is a website created by the Spanish security company Hispasec Sistemas. Launched in June 2004, it was acquired by Google in September 2012. The company’s ownership switched in January 2018 to Chronicle, a subsidiary of Google.”
\nK\u00e4lla:
\nen.wikipedia.org\/wiki\/VirusTotal<\/a><\/p>\n

”VirusTotal inspects items with over 70 antivirus scanners and URL\/domain blocklisting services, in addition to a myriad of tools to extract signals from the studied content. Any user can select a file from their computer using their browser and send it to VirusTotal.
\n(…)
\nVirusTotal is free to end users for non-commercial use in accordance with our Terms of Service. Though we work with engines belonging to many different organizations, VirusTotal does not distribute or promote any of those third-party engines. We simply act as an aggregator of information. This allows us to offer an objective and unbiased service to our users.”
\nK\u00e4lla:
\nsupport.virustotal.com\/hc\/en-us\/articles\/115002126889-How-it-works<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

H\u00e4r visas vad du kan g\u00f6ra om du misst\u00e4nker att ditt antivirusprogram larmar falskt. Bakgrund: Microsoft antivirusprogram p\u00e5 datorn larmade att en fil inneh\u00f6ll en farlig trojan: ”Trojan:Script\/Wacatac.B!ml”. Det stod att filen ”\u00e4r farlig och k\u00f6r kommandon fr\u00e5n en hackare”: Antivirusprogrammet hade flyttat filen till en karant\u00e4nmapp, och ville att jag skulle radera filen omg\u00e5ende. … <\/p>\n

Forts\u00e4tt l\u00e4sa \u201dAntivirus falsklarm? S\u00e5 kollar du\u201d<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"_links":{"self":[{"href":"https:\/\/hejdu.se\/index.php?rest_route=\/wp\/v2\/posts\/632"}],"collection":[{"href":"https:\/\/hejdu.se\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hejdu.se\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hejdu.se\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/hejdu.se\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=632"}],"version-history":[{"count":0,"href":"https:\/\/hejdu.se\/index.php?rest_route=\/wp\/v2\/posts\/632\/revisions"}],"wp:attachment":[{"href":"https:\/\/hejdu.se\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=632"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hejdu.se\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=632"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hejdu.se\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=632"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}