PDA

View Full Version : Windvd False Positive?

Jules Blue
November 5th, 2009, 05:43 AM
Before I report this. Is "windvd.exe" known to be a false positive?

I am a new user, and on the learning scan for my Sony Vaio, it indentified windvd.exe as a backdoor trojan, so I have allowed PREVX to quarantine it.

Very impressed with PREVX so far.
Jules Blue
November 5th, 2009, 06:03 AM
The reason I ask is that there seem to be conflicting messages:-

PREVX site says:-

http://www.prevx.com/filenames/X2468619198377826078-X1/WINDVD.EXE.html

but other sites suggest otherwise:-

http://www.fbmsoftware.com/spyware-net/process/WinDVD_exe/1779/

http://forum.avast.com/index.php?topic=49642.0 suggest that hashes may be an issue.

http://www.securitystronghold.com/gates/win32.trojan.pakes.html

Quote from the above site:-

-{ Quote: "trojan.win32.pakes affecting InterVideo BD player

Problem Summary: trojan.win32.pakes affecting InterVideo BD player
Hello. I recently bought VAIO notebook. It came with Windows Vista and whole bunch of other programs. One of them is Intervideo BD player. Now after a while of non-problem functioning, Kaspersky says it has a trojan.win32.pakes in the winDVD.exe file and other 4 files. So I am not able to play any BlueRay disc at all. I erased the infected files as Kaspersky wanted me to. I also uninstalled the program and reinstalled it. But Kaspersky says it has the trojan.win32.pakes again. So i am not able to run the program because Kaspersky won\'t allow it but Kaspersky is not albe to heal the file either. Can you help me out?

Our support has contacted the author of this message, dave, and helped to solve his problem.
" }-
PrevxHelp
November 5th, 2009, 11:15 AM
Hello :)
If you could please send a scan log by clicking Tools > Save Scan Results and send it to report@prevxresearch.com, we'll be able to analyze the exact WinDVD.exe file which you have (as some are malicious but some are clean so it's hard to say which one you have without the log).

Thanks! Let me know if you have any questions!
Jules Blue
November 5th, 2009, 04:19 PM
Done!

I have e-mailed the following:-

[BP] c:\program files\intervideo\dvdbd8\windvd.exe [PX5: 77484B84102001F1F5D21F24201AB60004FB54BB] Malware Group: High Risk System Back Door
PrevxHelp
November 5th, 2009, 05:20 PM
-{ Quote: "Done!

I have e-mailed the following:-

[BP] c:\program files\intervideo\dvdbd8\windvd.exe [PX5: 77484B84102001F1F5D21F24201AB60004FB54BB] Malware Group: High Risk System Back Door" }-

Thank you :) We've corrected the FP :)
Jules Blue
November 5th, 2009, 06:19 PM
That's great. I recover the file from cleanup then, and scan again.