Looks like a buggy update. :)SdBot.AIG trojan

Discussion in 'NOD32 version 2 Forum' started by tempnexus, Jul 16, 2004.

Thread Status:
Not open for further replies.
  1. tempnexus

    tempnexus Registered Member

    Joined:
    Apr 16, 2003
    Posts:
    280
    The NOD32 ID's rar self Execs as "SdBot.AIG trojan " it's due to misID the winRAR Default.SFX (SFX parameters) in the Self Executable Algorithm of WinRar 3.0.

    Better fix it soon since it's getting quite annoying. :)
     
  2. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,729
    Location:
    Texas

    Same here. Just gave it a go.
     

    Attached Files:

    Last edited: Jul 16, 2004
  3. flyrfan111

    flyrfan111 Registered Member

    Joined:
    Jun 1, 2004
    Posts:
    1,224
    Yes this makes the third thread about this trojan being detected, these false positives are getting old.
     
  4. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,729
    Location:
    Texas
    I scanned some other winrar files and didn't come up with this warning.

    I'll back off on calling this a false positive for now.

    I deleted the file in the screen shot just in case! :D :cool:
     
  5. flyrfan111

    flyrfan111 Registered Member

    Joined:
    Jun 1, 2004
    Posts:
    1,224
    If you are in doubt trying going to www.virustotal.com and letting them scan it. They use like 12 different scanners, including NOD, KAV, Panda, NAV, and a bunch of others. Its just a single file scan though similar to KAV's
     
  6. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Guys, what version of WinRAR do you use? NOD didn't pick up a SFX archive created by WinRAR 3.30.
     
  7. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,729
    Location:
    Texas
    Marcos

    Winrar 3.30.0.0 in use here.
     
  8. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Ron,
    thanks for pointing me to that link. Anyway, I wonder if NOD reports the trojan on any SFX archive you create using WinRAR 3.30, or only this particular one.
     
  9. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,729
    Location:
    Texas
    Marcos

    That is the only file of that type that alarms for me. All the other winrar files are okay.
     
  10. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    To all who have been having troubles with that fp - please update your NOD32 to the most current version 1.815 which has the fp remedied.
     
  11. ChromeX

    ChromeX Guest

    NOD32 found the same trojan in the official tweakxp pro v2 and v3 setup files
     
Thread Status:
Not open for further replies.