Win32/Tool.EvID4226

After having ewido flag the EvID4226Patch (from LvlLord) as malware then declare it a false positive I've just had NOD32 detect it as a virus. I'm guessing it was added as part of the 1.1315 signatures because I've had it on my PC for several months without a problem.

If you have a look on the website, you'll notice that he assures readers it's not a virus.

I was wondering if the guys at Eset have discovered something contained within the patch or is it simply because it allows users to increase the amount of concurrent TCP connections? If so, why only now has it been added?

 

It's not really a false positive neither it is a malware. It should be classified as Riskware (although ESET doesn't class them like this).
Mass mail worms could easily exploit this tool to open more concurent connections to boost spreading. Thats why it's detected.

 

http://www.eset.com/msgs/sobery.htm
(Scroll down to the end)

It's not malicious. But it ALWAYS contains a risk to patch system files! On some machines the system can become INSTABLE with this patch.

 

Thanks very much for your responses, I appreciate them very much