OK I ran a trajan scan with a free AT and this is what it came up with.

Discussion in 'malware problems & news' started by notageek, Mar 11, 2004.

Thread Status:
Not open for further replies.
  1. notageek

    notageek Registered Member

    Joined:
    Jun 3, 2002
    Posts:
    1,601
    Location:
    Ohio
    I ran Ewido to try it. It found 2 so called backdoors. The files are called UWAKEON.EXE and UWAKEOFF.EXE. They both was classified as a backdoor.enculator.01. ANyone have any idea what these files are? I also did a scan with TH and nothing came up. I did a google search on UWEAKEON and it took me to a dell support page. Oh yeah btw Ewido found these files in the c:\dell folder.
     
  2. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    notageek,

    These could well be false positives. Please perform a free online check in regard to these files over here, and post the results.

    In case they show up clean, contact Ewido in order to get this fixed. In case you do get positive alert(s), please post the names, and we'll take it from there ;)

    regards.

    paul
     
  3. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    I've just installed it to try it out
    It doesn't eem to detect very much

    I keep a folder of suspect & known trojans/vieruses that NOD/TDS and others now detect and this one hasn't found any of them at all

    I'll keep it installed for a while as a backup scanner but if it doesn't detect any of the trojans I get hold hold of from ther various forums then it will soon go
     
  4. ronny

    ronny Registered Member

    Joined:
    Feb 18, 2004
    Posts:
    231
    Location:
    Belgium
    Indeed be VERY careful before deleting something.

    Perhaps ESS is a good program, but i'm quite sure it is not really finished.
    Today i found again an infected(?) file with ESS.
    But because no other scanner found it infected ,i thought it is a false positive ,so i sent it to ESS.
    They told me it was indeed a false positive!They said they already fixed this and that i have to do an update.
    But now it comes: i've ALREADY done their latest update before i scanned and found this false positive o_O :rolleyes:
     
  5. peter.ewido

    peter.ewido former ewido team

    Joined:
    Nov 10, 2003
    Posts:
    737
    Location:
    Brno, Czech Republic
    Code:
    ---------------------------------------------------------
     ewido security suite - Scan report
    ---------------------------------------------------------
    
     + Created on:         13:18:42, 12.03.2004
     + Report-Checksum:      2CF5E938
    
     + Date of database:      11.03.2004
     + Version of scan engine:   v1.1
    
    ...
    
     + Scanned items:
       X:\OldProblems\mswsock.dll
    
     + Scan result:
       No infected files found!
    Try deleting every file in the "Signatures" directory and then run the online-update again :)

    It is a finished product! But all signatures had to be redone (32545 in total!) because of this: http://home.arcor.de/scheinsicherheit/rebasing.htm
    False positives unfortunately never can be avoided completely, even KAV had one in winrar.exe today...
     
  6. peter.ewido

    peter.ewido former ewido team

    Joined:
    Nov 10, 2003
    Posts:
    737
    Location:
    Brno, Czech Republic
    Could you please send them to submit@ewido.net so we can have a look at them? Thanks! :)
     
  7. ronny

    ronny Registered Member

    Joined:
    Feb 18, 2004
    Posts:
    231
    Location:
    Belgium
    thank you.I did that but it didn't help :(
    The false positive keeps coming o_O
     
  8. ronny

    ronny Registered Member

    Joined:
    Feb 18, 2004
    Posts:
    231
    Location:
    Belgium
    Ok ,terrific support at ESS. They will fix it with the next update :)

    (at 15h02 belgium time :no more false positives, everything seems already be fixed ;) )
     
  9. notageek

    notageek Registered Member

    Joined:
    Jun 3, 2002
    Posts:
    1,601
    Location:
    Ohio
    Paul, I checked them with KAV file checker and they came up clean. Them files came up clean wit McAfee v7, BD v7 and trojan Hunter so I was assuming they was false positives. Now I'm off to send Ewido and email letting them know about the false positives. But I still would like to kbow what these files are.
     
  10. notageek

    notageek Registered Member

    Joined:
    Jun 3, 2002
    Posts:
    1,601
    Location:
    Ohio
    Just to report I sent the files in and was told they are fixed. Anyway I found out what these files are for. Thanks to everyone who responded to this.
     
  11. challanged

    challanged Guest

    I found "UWAKEOFF" in my files as well. Did you ever get an answer to what it is? if so please help here. Thanks! :doubt: very confused Jerry
     
  12. snapdragin

    snapdragin Administrator

    Joined:
    Feb 16, 2002
    Posts:
    8,415
    Location:
    Southern Ont., Canada
    removed duplicate post - snap
     
Loading...
Thread Status:
Not open for further replies.