Backdoor.Win32.Rbot.gen Backdoor

Discussion in 'ewido anti-spyware forum' started by namsilat, Oct 1, 2006.

Thread Status:
Not open for further replies.
  1. namsilat

    namsilat Registered Member

    Joined:
    Oct 1, 2006
    Posts:
    2
    I like to know if Ewido detects "Backdoor.Win32.Rbot.gen Backdoor" and if so when was this added to the database. I used Ewido to scan my system regularly, and this one was not detected in regular or safe mode for months. It was recently discovered when I tried CounterSpy, and the file creation date of the infected file was months ago. I am trying to keep an open mind but I am extremely unhappy with this. I recognize no software is perfect in detecting all trojans, but a reputable software such as Ewido should be capable of detecting such a serious threat.
     
  2. illukka

    illukka Spyware Fighter

    Joined:
    Jun 23, 2003
    Posts:
    633
    Location:
    S.A.V.O
    im almost positive that its a counter spy false positive rather than a miss by ewido.

    what file is detected ?
    to verify if it really is a backdoor use the ewido file submission form at
    http://www.ewido.net/en/malware/
    to send a sample of the file
    you also may want to contact counter spy about it, if it turns out to be a false positive
     
  3. ASpace

    ASpace Guest

    Hi !

    First , this above is a generic detection for some trojan backdoor . Ewido might/might not has a generic detection for this trojan horse

    and since it is a generic detection , it is possible it was a false positive .

    As you know there is no 100% successful software so here is a suggestion for the next time you meet something like this :
    Before deleting something detected by a software , submit it to VirusTotal to see the results for it . Then , VT will submit the sample to all vendors which doesn't detect anything in this file . You can only wait then or manually submit to any vendor you like , Ewido's email is submit@ewido.net
    :thumb:
     
  4. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    The nomenclature of malware will vary from company to company, but what exactly did CounterSpy find? What was the file and file path?

    Edit - it seems I was typing as others were posting :p
     
  5. namsilat

    namsilat Registered Member

    Joined:
    Oct 1, 2006
    Posts:
    2
    The file was TEMP.EXE found in system32 of Windows directory, with a file creation date in May of this year. Unfortunately I already deleted the file. I thought about keeping it, but as you may understand, I was extremely uncomfortable leaving that file on my system. Nothing would make me happier to see this as a false positive. To be fair to Ewido, no other programs I used prior to CounterSpy found this problem, that includes Ad-Aware SE, Spybot, Symantec antivirus, and Windows Defender.
     
Thread Status:
Not open for further replies.