False Positive?

Discussion in 'ewido anti-spyware forum' started by Nuke, Jan 30, 2008.

Thread Status:
Not open for further replies.
  1. Nuke

    Nuke Registered Member

    Joined:
    Sep 19, 2006
    Posts:
    134
    Location:
    USA
    I am not 100% certain that this worm is the real deal. At the present time it is quarantined.

    BTW, I have not downloaded any attachments, clicked links in e-mails or been to any sketchy sites. I use Firefox and I deny third-party cookies etc.

    TIA.
     

    Attached Files:

  2. Nuke

    Nuke Registered Member

    Joined:
    Sep 19, 2006
    Posts:
    134
    Location:
    USA
    Results from VirusScan.
     

    Attached Files:

  3. Stijnson

    Stijnson Registered Member

    Joined:
    Nov 7, 2007
    Posts:
    533
    Location:
    Paranoia Heaven
    Perhaps you could upload the file to virustotal to see if more programs detect this threat?
     
  4. ASpace

    ASpace Guest

    It is detected in Dell'a directory . I vote for false positive
     
  5. proactivelover

    proactivelover Registered Member

    Joined:
    Apr 7, 2006
    Posts:
    840
    Location:
    Near Wilders Forums
    A Confirm FP
     
  6. Nuke

    Nuke Registered Member

    Joined:
    Sep 19, 2006
    Posts:
    134
    Location:
    USA
    I decided to release the worm from quarantine. I then scanned with Nod32 along with SpyBot Search & Destroy, and SuperAntiSpyware. No threats were detected with the above security software. I did another scan with the AVG Anti-Spyware (fully expecting to find the worm) but nothing was found.

    I tried to upload the file to virustotal but I must've done something wrong.

    Any more thoughts/suggestions are appreciated! I would like to close the case on this one.

    Thanks.
     

    Attached Files:

  7. karl.ewido

    karl.ewido former ewido team

    Joined:
    Dec 9, 2005
    Posts:
    236
    Location:
    Germany
    Sorry for the delay. This was a false positive, but it has been fixed with one of the last Updates.

    We're sorry for the inconvenience.
     
  8. dewild1

    dewild1 Registered Member

    Joined:
    Feb 1, 2008
    Posts:
    1
    o_O :gack: Dropper.Binder.ac : o_Oo_O :mad: :mad:

    YA, cost me over $1K just in bandwidth for my program CPULOCK!

    Thankfully I compiled my autoupdate in a different way so it did not destroy my business!
    Got about 200 calls too because my program runs on startup and people were complaining about error messages.
     
    Last edited by a moderator: Feb 19, 2008
  9. Nuke

    Nuke Registered Member

    Joined:
    Sep 19, 2006
    Posts:
    134
    Location:
    USA
    I appreciate all the replies along with the resolution to this issue!

    Case closed!
     
Thread Status:
Not open for further replies.