1. Dismiss Notice
  2. Picture Of The Week (POW) Information and Submissions
    CLICK HERE!
    (if you are logged in, this notice can be dismissed using the "x" to the top right of the notice)

    Dismiss Notice
  3. Official PK Poll: Is there any future in refilling?
    CLICK HERE!
    (if you are logged in, this notice can be dismissed using the "x" to the top right of the notice)

    Dismiss Notice
  4. PK Featured Thread: A Basic Question on Linen Paper?
    CLICK HERE!
    (if you are logged in, this notice can be dismissed using the "x" to the top right of the notice)

    Dismiss Notice

Malware or false positive in Windows XP?

Discussion in 'Everything Else' started by PeterBJ, Jun 11, 2014.

  1. Jun 11, 2014
    PeterBJ

    PeterBJ Printer VIP Platinum Printer Member

    Joined:
    Nov 27, 2010
    Messages:
    3,737
    Likes Received:
    2,969
    Trophy Points:
    303
    Location:
    Copenhagen Denmark
    Printer Model:
    Canon MP970 + more printers
    I recently got a Canon MP 970, bought for me at a thrift store by my brother-in-law. It is quite an impressive machine and the price was only DKK 50 = 9 USD = 6.70 EUR. It was complete with setup CDs and bundled software, manual and CD tray, and is in good working order. :celebrate

    I tried a plug and play install on my Win 7 laptop. The printer functionality was OK, but the scanner functionality was very basic, and none of the bundled software, OCR and photo enhancement software was included.

    You can download the necessary printer, scanner and network drivers from Canon's website, even for Windows 8.1 64 bits, even if the printer was produced in 2008.

    But the bundled software is not available from Canons website, so to find out if it is worth trying to install it in compatibility mode on my Windows 8.1 computer, I decided to do a full install on a Windows XP computer for which the setup CD's work.

    Before the install I updated the AVG free antivirus, and left the LAN cable in place in case some newer software would be needed during the install. After the install I tested the printer and it works well. After testing the printer I ran a virus scan and got this nasty surprise, but AVG free was able to remove the threats:

    XP virus4.jpg

    The D drive contains drivers and applications for restoring the C drive should it become corrupted, and I think the eTrust Antivirus is a legitimate program that was pre-installed on the computer as trialware.

    The "Skjult applikation" means "Hidden application" and this was detected by the anti-rootkit part of the AVG free. I have experienced before that some legitimate software was detected as a rootkit.

    During the install of the Canon bundled software I was offered participation in a printer surveillance program sending info about the printers serial number, printer usage, ink usage and possibly more to Canon. I did not accept this, but maybe this spy-ware was installed even if I said no?

    So I wonder: Were the threats detected by AVG real and has Windows XP already become that vulnerable, or were the detections false positives?
     
  2. Jun 11, 2014
    stratman

    stratman Printer VIP Platinum Printer Member

    Joined:
    Apr 19, 2007
    Messages:
    5,048
    Likes Received:
    3,272
    Trophy Points:
    373
    Location:
    USA
    Printer Model:
    Canon MP830, Pencil
    :idunno

    I do not recall reading about nefarious rootkits installed by Canon software. Sony was one of the first sources of rootkits that I recall. Play one of their discs and their rootkit was installed. People went nuts over it.

    Unknown whether eTrust installed a bad file or the file was replace by malware or AVG is overly sensitive. In the future if you have files you want to scan then try https://www.virustotal.com/ for a thorough scanning by multiple antivirii applications.

    Another recommendation is to instal the free Malwarebytes Anti-Malware application. This app should be on everyone's computer and run as needed.
     
  3. Jun 13, 2014
    PeterBJ

    PeterBJ Printer VIP Platinum Printer Member

    Joined:
    Nov 27, 2010
    Messages:
    3,737
    Likes Received:
    2,969
    Trophy Points:
    303
    Location:
    Copenhagen Denmark
    Printer Model:
    Canon MP970 + more printers
    I have done a new install of the MP970 software on another XP computer. This time I first updated the AVG free and installed the Malwarebytes Antimalware (MBAM), then I disconnected the LAN cable and scanned the computer using both programs. Neither program found any threats. I then installed the Canon software.

    After the install of the Canon software I again scanned the computer and again got a clean bill of health from both AVG free and MBAM.

    So the infections (?) on the other computer were either present before installing the Canon software or they had entered the computer through the LAN cable during the install. I have since used the second XP computer on line for several hours and it has not picked up any infections yet.

    This doesn't prove that it is still safe to use an XP computer on line, I might just have been lucky, and this second XP computer has never seen a credit card number. I think it is a good idea to retire XP computers from on line duty.
     
    Last edited: Jun 13, 2014
    The Hat and stratman like this.

Share This Page