Malware or false positive in Windows XP?

PeterBJ

Printer VIP
Platinum Printer Member
Joined
Nov 27, 2010
Messages
5,055
Reaction score
4,896
Points
373
Location
Copenhagen Denmark
Printer Model
Canon MP990
I recently got a Canon MP 970, bought for me at a thrift store by my brother-in-law. It is quite an impressive machine and the price was only DKK 50 = 9 USD = 6.70 EUR. It was complete with setup CDs and bundled software, manual and CD tray, and is in good working order. :celebrate

I tried a plug and play install on my Win 7 laptop. The printer functionality was OK, but the scanner functionality was very basic, and none of the bundled software, OCR and photo enhancement software was included.

You can download the necessary printer, scanner and network drivers from Canon's website, even for Windows 8.1 64 bits, even if the printer was produced in 2008.

But the bundled software is not available from Canons website, so to find out if it is worth trying to install it in compatibility mode on my Windows 8.1 computer, I decided to do a full install on a Windows XP computer for which the setup CD's work.

Before the install I updated the AVG free antivirus, and left the LAN cable in place in case some newer software would be needed during the install. After the install I tested the printer and it works well. After testing the printer I ran a virus scan and got this nasty surprise, but AVG free was able to remove the threats:

XP virus4.jpg


The D drive contains drivers and applications for restoring the C drive should it become corrupted, and I think the eTrust Antivirus is a legitimate program that was pre-installed on the computer as trialware.

The "Skjult applikation" means "Hidden application" and this was detected by the anti-rootkit part of the AVG free. I have experienced before that some legitimate software was detected as a rootkit.

During the install of the Canon bundled software I was offered participation in a printer surveillance program sending info about the printers serial number, printer usage, ink usage and possibly more to Canon. I did not accept this, but maybe this spy-ware was installed even if I said no?

So I wonder: Were the threats detected by AVG real and has Windows XP already become that vulnerable, or were the detections false positives?
 

stratman

Printer VIP
Platinum Printer Member
Joined
Apr 19, 2007
Messages
8,712
Reaction score
7,163
Points
393
Location
USA
Printer Model
Canon MB5120, Pencil
:idunno

I do not recall reading about nefarious rootkits installed by Canon software. Sony was one of the first sources of rootkits that I recall. Play one of their discs and their rootkit was installed. People went nuts over it.

Unknown whether eTrust installed a bad file or the file was replace by malware or AVG is overly sensitive. In the future if you have files you want to scan then try https://www.virustotal.com/ for a thorough scanning by multiple antivirii applications.

Another recommendation is to instal the free Malwarebytes Anti-Malware application. This app should be on everyone's computer and run as needed.
 

PeterBJ

Printer VIP
Platinum Printer Member
Joined
Nov 27, 2010
Messages
5,055
Reaction score
4,896
Points
373
Location
Copenhagen Denmark
Printer Model
Canon MP990
I have done a new install of the MP970 software on another XP computer. This time I first updated the AVG free and installed the Malwarebytes Antimalware (MBAM), then I disconnected the LAN cable and scanned the computer using both programs. Neither program found any threats. I then installed the Canon software.

After the install of the Canon software I again scanned the computer and again got a clean bill of health from both AVG free and MBAM.

So the infections (?) on the other computer were either present before installing the Canon software or they had entered the computer through the LAN cable during the install. I have since used the second XP computer on line for several hours and it has not picked up any infections yet.

This doesn't prove that it is still safe to use an XP computer on line, I might just have been lucky, and this second XP computer has never seen a credit card number. I think it is a good idea to retire XP computers from on line duty.
 
Last edited:

Latest posts

Top