ewido recognizes process-explorer as a threat??

Discussion in 'ewido anti-spyware forum' started by abyoyo, Jan 13, 2007.

Thread Status:
Not open for further replies.
  1. abyoyo

    abyoyo Registered Member

    Joined:
    Jan 13, 2007
    Posts:
    2
    Hi everyone.

    On a recent run, ewido recognized the executable procexp.exe to be a high threat named 'backdoor.inject.a' . I installed SysInternals Process-explorer ~half a year ago, and unless some malware cleverly modified this exe (and left the file modification date intact!), this has to be an ewido bug. Anyone came across such behaviour?

    Thanks
    Ofek
     
  2. OldRebel

    OldRebel Registered Member

    Joined:
    Jan 25, 2006
    Posts:
    153
    Location:
    South Carolina USA
    I have Process Explorer and AVG AS(Ewido) does not detect anything about my copy. There have been new versions of Process Explorer and Autoruns released since Mark Russinovich went to work for Microsoft. Perhaps you should update your copy to the new version and see what happens.
    http://www.microsoft.com/technet/sysinternals/default.mspx

    Also be aware that there is a new trojan "out and about" that is replacing .exe files with copies of itself, and can disable most AV/AS products. There's info about it at dsl reports:

    http://www.dslreports.com/forum/remark,17625336?hilite=yay
     
  3. abyoyo

    abyoyo Registered Member

    Joined:
    Jan 13, 2007
    Posts:
    2
    I indeed already upgraded Process Explorer, and all seems well for now.
    Thanks!
     
  4. rrhobbs

    rrhobbs Registered Member

    Joined:
    Jan 14, 2007
    Posts:
    2
    AVG just said the same thing about a copy of procexp on my machine and virus vaulted it.

    I dl'd the latest ver off M$ Sysinternals and scanned it, its ok
     
  5. rrhobbs

    rrhobbs Registered Member

    Joined:
    Jan 14, 2007
    Posts:
    2
    the NEW copy I installed of procexp was deleted by AVG, I did a search for backdoor.inject (the virus AVG says is present) it is evidently a new threat but there was a post on an Italian forum about pretty much the same thing, and a similar post in Asian forum. I translated the posts with google translation in one of them it was saying backdoor.inject is a rootkit type of malware.

    Right now I am doing a scan on the system using rootkit revealer which can be dl'd from the new sysinternal's home on MS. -if this thing doesnt eat that rootkit revealer alive first. one of the comments I read says these things attack stuff like anitvirus progs etc. presumably in order to hide themselves
     
Thread Status:
Not open for further replies.