Is this an FP?..rockxp.exe/RAS.exe -> Not-A-Virus.PSWTool.Win32.RAS.a [Archive]

View Full Version : Is this an FP?..rockxp.exe/RAS.exe -> Not-A-Virus.PSWTool.Win32.RAS.a

ghodgson

January 9th, 2006, 12:31 PM

Dear Ewido, Is this another FP? It is part of the programme RockXP,
This is the scan report, but the file could not be removed as it says it is embedded in RockXP. I believe I uploaded this to you before, so could you enlighten me please?
{QUOTE-> ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 17:22:00, 09/01/2006
+ Report-Checksum: 9A7221F7

+ Scan result:

C:\Program Files\ Tools\rockxp.exe/RAS.exe -> Not-A-Virus.PSWTool.Win32.RAS.a : Error during cleaning

::Report End <-QUOTE}
Thanks

redwolfe_98

January 14th, 2006, 04:49 PM

i did a google search for "ras.exe" and found this:

http://castlecops.com/t140895-Sec_Suite_3_5_weird_scan_result.html

peter.ewido

January 14th, 2006, 05:44 PM

Sorry for the late reply... Yes, it's a possible threat and should be seen as an informational detection only. As the current version 3.5 does not yet have an ignore list, I can understand that such "gray area" files can really get annoying :(

redwolfe_98

January 15th, 2006, 08:03 AM

apparently, "many" other anti-malware programs also flag "ras.exe".. here is mcafee's writeup on it.. (i don't know if mcafee still flags it, or not)

http://vil.nai.com/vil/content/v_127295.htm

i would imagine that "a-squared" would flag it since "a-squared" is known to flag some "suspicious" files..

ghodgson

January 16th, 2006, 09:37 AM

Dear Peter and redwolfe, Thanks for your replies. I understand now- detection information only, and a possible threat. However, this tool can be useful at times, and my firewall would alert me to any thing trying to get out. But Maybe I will remove the offending file anyway.
Strange that A-squared does not detect it though or anything else [spybot/avast/adaware etc], just Ewido ss.
Thanks again.

ghodgson

January 16th, 2006, 02:27 PM

Having said that Avast has just picked it up too.

Allen L.

September 28th, 2006, 10:24 AM

It is really not virus *or* malware. Let me try and explain the why's about the report. Most all of the password finding logarithms used in the programs such as Port_RockXP_v4.exe will show as malwares.

{QUOTE-> Programs detected in the Riskware category are not directly malicious, but are often used in conjunction with Malware. This is why the a-squared scanner detects them too.

Programs which are classified as Riskware can be:

* IRC chat clients
* SMTP clients
* Commercial downloaders
* Commercial monitoring tools
* Proxy servers
* Password recovery tools
* Commercial remote control tools
* FTP servers
* Telnet servers
* Webservers
* Other tools which are built to kill processes, hide windows or read system internals automatically. <-QUOTE}

So there is really nothing to worry about...the RockXP is retriving a hidden key, and also shows some passwords...(the key is a password in reality).

Allen