???

Hello,

while scanning with the latest update, get the following (I hope) false positive:

"c:\windows\system\HH.exe ----> TrojanSpy. Dwkeylogger "

Scanning with TrojanHunter & NOD don't give anything suspicious.

Kind regards,

PeterVO

Hi PeterVO,

What OS do you have? hh.exe is a legitimate windows file and on Windows XP it is located both in C:\Windows and C:\Windows\System32. If you have a different OS then I am not sure of its location. Sounds like a probable false positive. I would go to the Ewido site and submit it and see what they have to say.

Regards,
Kent

Hello Kent,

I've a dual boot config: on the C-drive is Win98 Second Edition and on the E-drive Win XP Professional.
ESS only falsly detect the Win98 "HH.exe" version. It doesn't stumble over the XP version.
Strange, isn't it?

Kind regards,

PeterVO

Ewido is not supposed to work with 98. At least that is what their web site says.

Could you please mail that file to submit@ewido.net? Thanks! :)

-{ Quote: " quoting: WilliamP link=board=25;threadid=27212;start=0#msg156660 date=1081280710]Ewido is not supposed to work with 98. At least that is what their web site says." }-

True, but I imagine he was scanning his 98 partition from his xp partition ;) .....

Regards,
Kent

Hello,

Peter the HH.exe file has just been e-mailed as you asked me to do.
True, the 98-partition (FAT32) was scanned from the XP-partition (NTFS).

Kind regards from a rainy Belgium,

PeterVO

submit the file here to make sure what it is
http://www.kaspersky.com/scanforvirus.html






url repaired==bigc

Hmm, unfortunately we didn't receive anything yet :(

Hello Peter,

did you receive my mail with attachment? I'v sent it two times with two different E-mail adresses.


Kind regards,

PeterVO

ps: maybe it arrived in your Spam folder?

Unfortunately not. :( Could you please try to upload it on this page?
http://www.ewido.net/de/?section=malware
Just add the file and leave the other fields blank :)




url repaired==bigc

"Unfortunately not.:( Could you please try to upload it on this page?
http://www.ewido.net/de/?section=malware
Just add the file and leave the other fields blank :) "


Hello Peter,

uploaded the file a few days ago using your web-form as asked.
Scanned my dual-boot notebook within WinXP Pro with the definitions dated 10/04 but still the same "false" positive.
When "HH.exe" is scanned within Win98 Sec Edition or Win Xp Pro using Kaspersky, NOD32, TDS3 & TrojanHunter, nothing suspicious is found.

Kind regards,

PeterVO

-{ Quote: "
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 16:07:42, 08.04.2004
+ Report-Checksum: C55198EA

+ Date of database: 08.04.2004
+ Version of scan engine: v1.1

+ Duration: 27 ms
+ Scanned Files: 1
+ Speed: 37.04 Files/Second
+ Infected files: 0
+ Removed files: 0
+ Files put in quarantine: 0
+ Files that could not be opened: 0
+ Files that could not be removed: 0

+ Ignore extension: Yes
+ Binder: Yes
+ Crypter: Yes
+ Memory: No
+ Archives: No
+ Heuristic: No

+ Scanned items:
X:\incoming\08_04_04\15_15_47\hh.exe

+ Scan result:
No infected files found!


::Report End
" }-

I really can't get it reproduced ???

Greetings,
Just done a virus check using ewido SS and it gave me the following information:

Filename: hh.exe
Path: C:\WINNT\system32
Infection: TrojanSpy.Dwkeylogger

The system's dual booted with Windows NT Workstation (Doesn'tworkstation -HAHAHAHAHA!) and Windows XP Home Edition. I know dad would wring my neck if there were any viruses, but this might be a false alarm. Dad accuses me of course, telling me I'm a hopeless techie. Please help a desperate techie before dad wrings me neck! I don't want a broken system!
Now logged out!
windowsxp_rules

Could you please send the file to submit@ewido.net? Thanks :)

Greetings,
Which file do I have to send to ewido? Is it the scan report? Anyway, I was safe from dad wringing my neck! he didn't blame me. he blamed ewido. I have posted comments on www.windowscrash.com, a Windows crash submission site!
If anyone could provide the information, post it on the forum! I'll look as soon as poss!
Thank you,
windowsxp_rules :)

HH.exe :)

Greetings,
Are you sure? I'm not sending viruses over the net. Dad would not permit it! He'd wring my neck! Any replies on the forum would be useful. I'll check as soon as poss!
Thank you,
windowsxp_rules

Hi, Just zip it up to send it, it is quite safe to send such files to AV AT companies.

Hi,
I use windows xp so zipping the file should be no problem. It has built-in compression, which techie here should make use of. Dad will be sending the email, so he will wring my neck for that!
Then i'll be in serious trouble!

It's now safe to turn off your computer!!!
--windowsxp_rules