Backdoor.Win32.Rbot.gen Backdoor

Discussion in 'ewido anti-spyware forum' started by namsilat, Oct 1, 2006.

Thread Status:
Not open for further replies.
  1. namsilat

    namsilat Registered Member

    Joined:
    Oct 1, 2006
    Posts:
    2
    I like to know if Ewido detects "Backdoor.Win32.Rbot.gen Backdoor" and if so when was this added to the database. I used Ewido to scan my system regularly, and this one was not detected in regular or safe mode for months. It was recently discovered when I tried CounterSpy, and the file creation date of the infected file was months ago. I am trying to keep an open mind but I am extremely unhappy with this. I recognize no software is perfect in detecting all trojans, but a reputable software such as Ewido should be capable of detecting such a serious threat.
     
    namsilat, Oct 1, 2006
    #1
  2. illukka

    illukka Spyware Fighter

    Joined:
    Jun 23, 2003
    Posts:
    633
    Location:
    S.A.V.O
    im almost positive that its a counter spy false positive rather than a miss by ewido.

    what file is detected ?
    to verify if it really is a backdoor use the ewido file submission form at
    http://www.ewido.net/en/malware/
    to send a sample of the file
    you also may want to contact counter spy about it, if it turns out to be a false positive
     
    illukka, Oct 1, 2006
    #2
  3. ASpace

    ASpace Guest

    Hi !

    First , this above is a generic detection for some trojan backdoor . Ewido might/might not has a generic detection for this trojan horse

    and since it is a generic detection , it is possible it was a false positive .

    As you know there is no 100% successful software so here is a suggestion for the next time you meet something like this :
    Before deleting something detected by a software , submit it to VirusTotal to see the results for it . Then , VT will submit the sample to all vendors which doesn't detect anything in this file . You can only wait then or manually submit to any vendor you like , Ewido's email is submit@ewido.net
    :thumb:
     
    ASpace, Oct 1, 2006
    #3
  4. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    The nomenclature of malware will vary from company to company, but what exactly did CounterSpy find? What was the file and file path?

    Edit - it seems I was typing as others were posting :p
     
    TopperID, Oct 1, 2006
    #4
  5. namsilat

    namsilat Registered Member

    Joined:
    Oct 1, 2006
    Posts:
    2
    The file was TEMP.EXE found in system32 of Windows directory, with a file creation date in May of this year. Unfortunately I already deleted the file. I thought about keeping it, but as you may understand, I was extremely uncomfortable leaving that file on my system. Nothing would make me happier to see this as a false positive. To be fair to Ewido, no other programs I used prior to CounterSpy found this problem, that includes Ad-Aware SE, Spybot, Symantec antivirus, and Windows Defender.
     
    namsilat, Oct 1, 2006
    #5
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...