Dr Web / MS Malicious Software Rmvl Tool Nov 14 2006

[CtlAltDelete]

Anyone with Dr Web that also has spidermail installed.


See thread here:

http://www.dslreports.com/forum/remark,17275040

[SSK]

Yep, I noticed...

[sukarof]

Hi

I did a scan with microsoft malicious software removal tool that came with latest updates.
It claims that spiderml.exe is a trojan. (Spiderml.exe is a part of Drweb antivirus)

I did a scan at jottis and got this worrying message:

Quote:

spiderml.exe
Status:
MIGHT BE INFECTED/MALWARE (Sandbox emulation took a long time and/or runtime packers were found, this is suspicious. Normally programs aren't packed and don't force the sandbox into lengthy emulation. Do realize no scanner issued any warning, the file can very well be harmless. Caution is advised, however.) (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)

None of the AV´s at jottis did however find anything.

From microsoft:

Quote:

Malicious Software Encyclopedia: Backdoor:Win32/Hackdef.L
Published: September 19, 2006

Backdoor:Win32/Hackdef.L is a backdoor Trojan that is distributed in various ways to computers running certain versions of Microsoft Windows. This Trojan is a user-mode rootkit that creates, alters, and hides Windows system resources on an infected computer, and can hide proxy services and backdoor functionality. It can also conceal use of TCP and UDP ports for receiving commands from attackers.

[sukarof]

Thanks Bubba for moving my post here

And thanks CtrlAltDelete for the info. Seems I dont have to worry. I usually don't run the MS malicious removal tool. Now I know why I shouldn't

*edit*
Of course it was a false positive. Drweb was very quick to reply
Just a blooper from MS