I have been using the free version of Ewido for months. I also have subscriptions to McAFee VirusScan and Webroot Spysweeper. Suddenly, tonight, McAFee detected an alledged Trojan: New Malware.z in the Ewido program files: guard.sys. I need to know if guard.sys is a normal program file for Ewido. If it is, is there any possibility that it could become contaminated bya trojan? After Mcafee detected this, I quanrantined the file and then uninstalled Ewido, deleted all other Ewido files I could find, ran CCleaner, and then downloaded a fresh install of Ewido. McAFee found the alledged trojan again. I sent the guard.sys file to Virus Total, and none of the other scanners dectected any trojan.

Does anyone know if this is a new incompatibility between Ewido and McAFee? I am hoping that this is just a false positive for McAFee, but I worry that I might miss a real threat if I just ignore it. Anyone else have this issue come up? I cannot find any info about New Malware.z in the McAfee knowledge base.

It's a false positive from McAfee, let's hope they get it fixed soon...

Thanks. I also got a quck response from Ewido support after I submitted a copy of the file to them. I wsh McAFee was that responsive that fast. Good work Ewido! I had to do a new install, in case mcAFee had damaged the file but all looks good now. Thanks again.

I got a response from Avert. Apparently this problem will be solved with todays release of McAfee DATs. The following is part of their response:
_________________________________________________________________
A.V.E.R.T. Sample Analysis
Issue Number: 2144229
Virus Research Analyst: L Clark
Filename: guard.sys
Detected as "New Malware.Z" in DAT: 4681
Identified: No Virus/Trojan
AVERT(tm) Labs, Aylesbury

Thank you for submitting your suspicious file.

Synopsis -

Our Senior Virus Research Engineers have examined the file in question and
no virus was found.

Solution -

Attached is an extra.dat with correct detection. This correction will be
included in the next DAT update.

Please help.
I have w32.myzor.fk@yf currently in my PC.

What do I do? Can ewido help?
Any help is appreciated.
Please email me @ prayer_mode@yahoo.com.
Thanks

PM

Try the tools at this link:
http://www.internetinspiration.co.uk/roguefix.htm

If Roguefix.bat causes your browser any problems when you attempt to download it, right click on the download link and "save as." The site lists several tools that should be used in combination. AVG AS (Ewido) is one of them. Use the newest version with up to date signatures. After updating in regular mode, run the scans in Safe Mode.

If that does not work, then try this multi-AV tool. It has to be installed in regular mode, then update the virus definitions for the command line scanners (Sophos, McAfee, Trend Micro, and Kaspersky), then boot into Safe Mode and run the scans.
Procedure #2

Download MULTI_AV.EXE
http://www.claymania.com/removal-trojan-adware.html
Don't use this tool unless the first tool does not work. Hopefully it will take care of it.