I have three PC's. I just changed from Ewido 3.5 to Ewido 4.0 on all of them. On one PC the following item showed up:

Name Shown in Ewido: Trojan.Bat.Delete.BM
Location: C:\WINDOWS\spupdsvc.log

I have not been able to scan it with McAfee, Bitdefender 8 free and a2free 1.65 because that PC is currently in use by my wife. For antivirus I am using McAfee Enterprise 7.1 with the latest DAT file.

I have restored the file from Quarantine until I am confident that it is a real threat.

Nothing was detected on the Ewido 4.0 scan of the other 2 PC's.

Could this be a False Positive?

Thank you.

Upload the file here:-

http://virusscan.jotti.org/

If none of the other scanners finds anything wrong you could submit it to ewido stating you think it is a FP:-

http://www.ewido.net/en/malware/

You may care to keep it quarantined until you've checked because it is not inevitably a FP. It might be possible that something is hiding in an Alternate Data Stream attached to the file, for example. The fact the file itself may seem OK is no guarantee.

C:\WINDOWS\spupdsvc.log

This is a Windows update log file. If you open it in Notepad and look at it you may notice that it may have performed some commands:

blablabla.exe /delete

And it may be something in the log, some commands that Windows update performed, that Ewido is reacting to (commands that are similar to that of the trojan it is being detected as). Besides, I doubt .log files can be executed and should therefore be harmless.

EDIT: From a Microsoft site:
-{ Quote: "Spupdsvc.log
It might be necessary for a software update to run certain processes after restarting the computer. This is handled by the file Spupdsvc.exe, and its actions are logged in %windir%\spupdsvc.log. It documents whether every process that it was required to run was properly executed. Problems are logged using standard Windows error codes.
" }-

I scanned the individual file with the following:
McAfee Enterprise 7.1
BitDefender8 Free Edition
a2free 1.65
Jotti's malware scan
All of the above found nothing.

I opened the file and noticed that there are several Deletes after blablabla.exe's.

I just uploaded the file to Ewido for analysis.

Thank you.

I got a reply from Ewido. They said that it is a false positive and that the problem with by fixed by the next signature update.