Hi folks and my friends@Ewido: I installed a trial version of Trojan Hunter 4.5 today and run daily scan(full) with updated Ewido (signature 365,009). Guess what has Ewido detected? It has flagged THGuard.exe as a Backdoor.Rbot, high risk. Can someone tell that it is not possible??? ;D

-{ Quote: "Hi folks and my friends@Ewido: I installed a trial version of Trojan Hunter 4.5 today and run daily scan(full) with updated Ewido (signature 365,009). Guess what has Ewido detected? It has flagged THGuard.exe as a Backdoor.Rbot, high risk. Can someone tell that it is not possible??? ;D" }-

It maybe a false positive. You may submit your sample here:

http://www.ewido.net/en/contact/

-{ Quote: "Hi folks and my friends@Ewido: I installed a trial version of Trojan Hunter 4.5 today and run daily scan(full) with updated Ewido (signature 365,009). Guess what has Ewido detected? It has flagged THGuard.exe as a Backdoor.Rbot, high risk. Can someone tell that it is not possible??? ;D" }-

The resident shield of Trojanhunter has that name. I bet it's a FP.

If you want to be 150% ;) sure, submit it to e.g. Jotti if it has not been corrected yet.

Regards
ericfr

Hi,folks: After reading you guys' response, I am 99% sure that it is an unfortunate F.P. Bcz Ewido has clearly pinpointed the location C:\program file\Trojan Hunter 4.5\THGuard.exe .>:(

What Windows OS are you running? ewido 4.0.0.172 plus is not flagging THGuard.exe (V4.5, Build 924) either in memory or on my disk. Latest ewido updates too. Am running Windows XP-SP2, Home Edition

Please send us this THGuard.exe that will be detected as a Backdoor. We downloaded the latest version of TH and scanned it of course with the latest version of the ewido software and no files of the TH software will be detected.

Use this website to send us the file:
http://www.ewido.net/en/contact/

maybe it is a cracked version with backdoor in it?

-{ Quote: "maybe it is a cracked version with backdoor in it?" }-

Hm...yes, maybe

@Perman
Where did you get this trial version? From the official site?

@perman:

Did you submit it to e.g. Jotti. Results?

ericfr

Hi,folks: Thanks for your concern. My O/S is window XP, sp2. I did not download from the official site. And I have since noticed that although TH scanner is v.4.5.build 924, the THguard is v.4.5 build 275. Does this deviation cause this alert????

THGuard V4.5, Build 275 corresponds to the official download site. I do recommend that you go to http://www.misec.net/trojanhunter/ and download the V4.5, Build 924 from this official site. Then totally uninstall your current TH and re-install using the source from the Mischel site. Be sure to have available your License.tlf which is the valid licensing file.

Pleeease, first submit the file in question to us as if it is a real rbot, you might be in big trouble!

Hi,folks: Thank you all for the support. I have since deleted the folder in question and d/l new one from official site, it appears all is fine. Thank you siliconman,I have read your input at TH forum, very impressive indeed. Peter, I have deleted old one, sorry ,not able to help you this time. If I remember correctly, early build of TH 4.5 had some phone home feature, and the file of THGuard is a early build, perhaps there was some sort of link. Thanks.

I personally dont use cracked programs but I admit that this showed by ewido when the trojan hunter is a cracked version.:dry: