Is this an FP?..rockxp.exe/RAS.exe -> Not-A-Virus.PSWTool.Win32.RAS.a

Discussion in 'ewido anti-spyware forum' started by ghodgson, Jan 9, 2006.

Thread Status:
Not open for further replies.
  1. ghodgson

    ghodgson Registered Member

    Joined:
    Dec 20, 2003
    Posts:
    784
    Location:
    UK
    Dear Ewido, Is this another FP? It is part of the programme RockXP,
    This is the scan report, but the file could not be removed as it says it is embedded in RockXP. I believe I uploaded this to you before, so could you enlighten me please?
    Thanks
     
  2. redwolfe_98

    redwolfe_98 Registered Member

    Joined:
    Feb 14, 2002
    Posts:
    581
    Location:
    South Carolina, USA
  3. peter.ewido

    peter.ewido former ewido team

    Joined:
    Nov 10, 2003
    Posts:
    737
    Location:
    Brno, Czech Republic
    Sorry for the late reply... Yes, it's a possible threat and should be seen as an informational detection only. As the current version 3.5 does not yet have an ignore list, I can understand that such "gray area" files can really get annoying :(
     
  4. redwolfe_98

    redwolfe_98 Registered Member

    Joined:
    Feb 14, 2002
    Posts:
    581
    Location:
    South Carolina, USA
    apparently, "many" other anti-malware programs also flag "ras.exe".. here is mcafee's writeup on it.. (i don't know if mcafee still flags it, or not)

    http://vil.nai.com/vil/content/v_127295.htm

    i would imagine that "a-squared" would flag it since "a-squared" is known to flag some "suspicious" files..
     
  5. ghodgson

    ghodgson Registered Member

    Joined:
    Dec 20, 2003
    Posts:
    784
    Location:
    UK
    Dear Peter and redwolfe, Thanks for your replies. I understand now- detection information only, and a possible threat. However, this tool can be useful at times, and my firewall would alert me to any thing trying to get out. But Maybe I will remove the offending file anyway.
    Strange that A-squared does not detect it though or anything else [spybot/avast/adaware etc], just Ewido ss.
    Thanks again.
     
  6. ghodgson

    ghodgson Registered Member

    Joined:
    Dec 20, 2003
    Posts:
    784
    Location:
    UK
    Having said that Avast has just picked it up too.
     
  7. Allen L.

    Allen L. Registered Member

    Joined:
    Sep 1, 2004
    Posts:
    335
    Location:
    -Close-
    It is really not virus *or* malware. Let me try and explain the why's about the report. Most all of the password finding logarithms used in the programs such as Port_RockXP_v4.exe will show as malwares.

    So there is really nothing to worry about...the RockXP is retriving a hidden key, and also shows some passwords...(the key is a password in reality).

    Allen
     
Thread Status:
Not open for further replies.