FP on EazyBackup4 (variant of Win32/Induc.A)

NOD32 is giving a False Positive on a file that belongs to EazyBackup4:

C:\Program Files\ezBackup4\EZNETSCP6.DLL - a variant of Win32/Induc.A virus

This is most definitely a false positive; please fix it !

EazyBackup4 is a backup program.
It can be found here:
http://ajsystems.com/eazybackup/ezb.html

I will inform the company AJSystems.

NOD32 v2 info:
NOD32 antivirus system information
Virus signature database version: 4348 (20090819)
Dated: woensdag 19 augustus 2009
Virus signature database build: 16679

Information on other scanner support parts
Advanced heuristics module version: 1096 (20090809)
Advanced heuristics module build: 1205
Internet filter version: 1.002 (2004070
Internet filter build: 1013
Archive support module version: 1089 (20090721)
Archive support module build version: 1232

Information about installed components
NOD32 For Windows NT/2000/XP/2003/Vista/x64 - Base
Version: 2.70.39
NOD32 For Windows NT/2000/XP/2003/Vista/x64 - Internet support
Version: 2.70.39
NOD32 for Windows NT/2000/XP/2003/Vista/x64 - Standard component
Version: 2.70.39

 

Whoops .... 16 out of 41 at VT are saying it is infected.... oops...

 

Thanks much Ron for that info !

I have just submitted the file to Eset (sorry that it took me so long!!).
A copy of the email was also send to AJSystems.

Maybe I will need to apologize for that "This is most definitely a false positive".
Eset, please have a look at the file, please.

 

In the meanwhile EazyBackup4 has been updated by AJSystems, as I noticed on my system while looking for an update.

I hope that both ESET and AJSystems will have more info soon.
I'll also get back to you.

 

Thanks again, Ron !!!

I'm in the meanwhile in contact with AJSystems about this.

(I do hope that Eset will contact me either here in this thread, or by private IM here on the board, or by email.)

I'll get back on you

 

OK, after this posting I choose to stay out of this further.
From one company (Eset) I didn't hear back at all. NOD32 was telling that the file was infected, as did 15 other scanners at VT.
The other company (AJSystems) did send me one email in which I was told that indeed a lot of scanners were telling that the file was infected since 18 Aug 2009, that they didn't agree with that and that they do consider it FP's caused by some debug-code placed there by them.
Anyway, as I was told, AJSystems did remove that debugging code and recompiled it without that code.
Users of EazyBackup4 can use its internal updater to get the new one, which I did. But after that I decided to install a complete fresh version.
I have scanned the new file at VT, and it doesn't get anymore warnings there.

End of story, as far as I am concerned.

 

It is self-replicating infector not a debug code. I don't believe they put this virus code to the sources intentionally.

 

That's right, I saw your query already answered here, otherwise I'd have replied you in this thread.

 

Hi Marcos,

Thanks, yes I understand what you're saying.
Actually I was hoping for a reply that Eset looked at the file and what the result of that analysis was.

Anyway, it is not very important anymore since AJSystems did recompile their programs. I've got more email-contact with them.
For info about the recompiling made by AJSystems, see:
https://www.wilderssecurity.com/showthread.php?t=251489

BTW: here is the blog from Randy Abrams called "The Retro-Virus" from 19 Aug 2009:
http://www.eset.com/threat-center/blog/