Ewido Online tool found reg.exe....please advise

Re: Ewido Online tool found following please advise

well i put it back using Ewido's restore. Unfortuntely the date is now today's date but if you look at all the other files that have a similar names they are from 2001. I bought the machine in 2/25/02 Right now the file is 134kbs and i did not look prior to see how big it was. for all you know it could have been smaller.

I will await what Ewido has to say.

robin

 

Re: Ewido Online tool found following please advise

also here is something very interesting. On my dimension 5150 it is 49kbs but the date is 8/4/06 date not prior to getting the computer. I got the computer 4 mths ago.

So i do not think the date means anything especially since ewido did not pick it up on that computer.

I am assuming when ewido restored the file it did something because it is now at 134kbs. I am hoping I do not have a problem with it but at least I know i can make a copy of it from my other computer and put it in there.

I just did an online trojan scan with sygate and it did not find this worm either after putting it back.

robin

 

Re: Ewido Online tool found following please advise

If it helps Robin....I have checked 4 of our Dell workstations and all the reg.exe files located in the C:\i386 folder were 134KB in size and none of those PC's have ewido on them.

I agree with what you said earlier that waiting for what "ewido has to say" would be the prudent thing to do so that you can then feel all warm and fuzzy.

 

Re: Ewido Online tool found following please advise

thanks
and agreed- guess we have no choice other than to wait for ewido. btw i am now scanning as we speak on the computer that ewido said was infected with panda's online spyxposer- it is still in the middle of the scan but i watched as it scanned the c:/i386 files and it flew through reg.exe with no problems. BTw it scanned the wholllllllllllllllllllleeeeee computer and should take about an hr to complete a scan and i will see what it comes up with.

robin

 

Re: Ewido Online tool found following please advise

I'll second that, Bubba. Your good advice, as usual.

If it helps Robin....I have checked my own Dell and the reg.exe file located in the C:\i386 folder is 134KB in size and I do have Ewido on it. (I can't physically see her computer, nor do I know where the 49KB came from. )

Carol

 

Re:C:\I386\REG.EXE is 134 KB on my PC

Hi,
My file on Dell Dimension4600 is 134 KB as well ( but cannot tell if this was the original size - I restored it momentarily from Ewido's quarantine to check the size)

CesiaS

 

I received an email from ewido and they told me it is a false positive.

I emailed back and asked if they could confirm that and post it in here.
robin

 

Thanks robinb. However, did they say whether or not they had updated their dat files so that Ewido will not keep finding it? The weekend is over and the lack of reply from Ewido support is not encouraging. I have the paid version of Ewido on my computer and expect better from their support.

 

Please check that you are really using the latest signatures.

 

I restored C:\I386\REG.EXE and scanned with the newest version of Ewido - no problems found, so I take it it was a false positive

CesiaS

 

Yes it was.

Regards,
Vinzenz

 

as in new version, I have the 4.0 not b or c. Will this come through in my updates?

robin

 

false positives are mostly from signatures and yes such updates comes with the regular automatic updates too!

Regards,
Vinzenz

 

I just downloaded the new signature updates through ewido updater and I just ran a scan and found it did not mark reg.exe as a worm so the update did work.

thanks
robin