Backdoor.Virkel.A

Discussion in 'other anti-trojan software' started by The Seeker, Nov 27, 2005.

Thread Status:
Not open for further replies.
  1. The Seeker

    The Seeker Registered Member

    Joined:
    Oct 24, 2005
    Posts:
    1,100
    Location:
    Adelaide
    After downloading ewido and running it for the first time, it detected my Event ID 4226 Patcher (from LvlLord) as containing a trojan known as 'Backdoor.Virkel.A'.

    Has anyone else found this to be the case? I'm sure a lot of you have applied this patch after installing SP2.

    I'm thinking it's probably a false positive as numerous scans with NOD32 have never flagged this as malware.
     
  2. peter.ewido

    peter.ewido former ewido team

    Joined:
    Nov 10, 2003
    Posts:
    737
    Location:
    Brno, Czech Republic
    I just checked it with the latest update and version 4226 of the patcher (both english and german) from their website and nothing was detected. Therefore, could you please send the file(s) in question to submit@ewido.net? :)
     
  3. The Seeker

    The Seeker Registered Member

    Joined:
    Oct 24, 2005
    Posts:
    1,100
    Location:
    Adelaide
    Actually I just had a look at the website where I downloaded the 4226 patcher and found this on the front page:-

    "Recently false virus-notifications.

    Some AntiVir Software vendors added the patcher into their virus-definitions. The patcher is often detected as 'Tool/EvID'. But as a first info:
    The patcher ist NO VIRUS.
    Some virus and trojanwriter uses the same technique to increase the limit. After that its easier for them to spread to other computers in the internet. This runs without knowledge of the user. So he is not informed about what's going on.
    With the patcher here, every user can decide on his own if he wants to change the file and if yes how high the limit should be. Also the user will be warned if he chooses to high limits, as already infected machines will spread existent viruses and trojans easier to the net. So everybody can choose on its own and is not forced to. The patcher itself does not contain malware.
    The virus-notification therefore should be seen as an information that this program contains the functionality to increase the limit. If that program is not known or has not been installed you can delete it.
    I hope I have answered some questions.

    LvlLord"

    I guess this answers my question. I will though post my patcher to ewido as you suggested fish25.

    Edit - How would you suggest I send the exe file? I'm pretty sure my ISP wouldn't allow an exe file or even a rar file to be e-mailed.
     
  4. The Seeker

    The Seeker Registered Member

    Joined:
    Oct 24, 2005
    Posts:
    1,100
    Location:
    Adelaide
    Well I decided to chance it and I sent off a copy of the said file inside a 7-Zip archive. Within 15 minutes I'd received a reply, saying that it had been scanned and nothing was found.

    The rep asked me if I was using the latest definitions, which I had been at the time (scanned about 8 hours ago) so I checked again and there were new ones. I downloaded them, scanned the file again and it came back clean.

    How bizarre is that?!
     
Thread Status:
Not open for further replies.