ewido recognizes process-explorer as a threat??

Hi everyone.

On a recent run, ewido recognized the executable procexp.exe to be a high threat named 'backdoor.inject.a' . I installed SysInternals Process-explorer ~half a year ago, and unless some malware cleverly modified this exe (and left the file modification date intact!), this has to be an ewido bug. Anyone came across such behaviour?

Thanks
Ofek

 

I have Process Explorer and AVG AS(Ewido) does not detect anything about my copy. There have been new versions of Process Explorer and Autoruns released since Mark Russinovich went to work for Microsoft. Perhaps you should update your copy to the new version and see what happens.
http://www.microsoft.com/technet/sysinternals/default.mspx

Also be aware that there is a new trojan "out and about" that is replacing .exe files with copies of itself, and can disable most AV/AS products. There's info about it at dsl reports:

http://www.dslreports.com/forum/remark,17625336?hilite=yay

 

I indeed already upgraded Process Explorer, and all seems well for now.
Thanks!

 

AVG just said the same thing about a copy of procexp on my machine and virus vaulted it.

I dl'd the latest ver off M$ Sysinternals and scanned it, its ok

 

the NEW copy I installed of procexp was deleted by AVG, I did a search for backdoor.inject (the virus AVG says is present) it is evidently a new threat but there was a post on an Italian forum about pretty much the same thing, and a similar post in Asian forum. I translated the posts with google translation in one of them it was saying backdoor.inject is a rootkit type of malware.

Right now I am doing a scan on the system using rootkit revealer which can be dl'd from the new sysinternal's home on MS. -if this thing doesnt eat that rootkit revealer alive first. one of the comments I read says these things attack stuff like anitvirus progs etc. presumably in order to hide themselves