PestPatrol - false positive

Discussion in 'other anti-trojan software' started by one111, Nov 3, 2006.

Thread Status:
Not open for further replies.
  1. one111

    one111 Registered Member

    Joined:
    Apr 6, 2005
    Posts:
    92
    I just did a scan with PestPatrol and it found
    scvhost.exe in my windows file and identified it as backdoor Xeol.a

    I checked it with my antivirusm antitrojan and antispyware programs as
    well as a check on Jotti and nothing was found. Can I assume that this is a False Positive?
     
    Last edited: Nov 4, 2006
  2. Inspector Clouseau

    Inspector Clouseau AV Expert

    Joined:
    Apr 2, 2006
    Posts:
    1,329
    Location:
    Maidenhead, UK
    No. There is no system file called "scvjost.exe".

    Please send this file to mike [at] f-prot.com and i'll have later a look at it.
     
  3. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Did u try to upload it to Jotti or virus total?
     
  4. Inspector Clouseau

    Inspector Clouseau AV Expert

    Joined:
    Apr 2, 2006
    Posts:
    1,329
    Location:
    Maidenhead, UK
    It's Backdoor packed with Themida. Yes, it's malicious and you should get rid of it. We'll add it into detection today as well.
     
  5. one111

    one111 Registered Member

    Joined:
    Apr 6, 2005
    Posts:
    92
    Thanks Mike.
    But I don't understand why TrojanHunter, Nod32, Norton and Kaspersky
    didn't detect it nor did Jotti

    Can't we reply on any of these?!
     
  6. Inspector Clouseau

    Inspector Clouseau AV Expert

    Joined:
    Apr 2, 2006
    Posts:
    1,329
    Location:
    Maidenhead, UK
    Eset just gets it in this moment - just sending it via chat to marcos.
     
  7. Inspector Clouseau

    Inspector Clouseau AV Expert

    Joined:
    Apr 2, 2006
    Posts:
    1,329
    Location:
    Maidenhead, UK
    Kaspersky got it also right now via chat.

    No idea about trojan hunter. maybe you can submit it there via email somehow.
     
  8. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Is it posseble to see jotti,s or virus total results?
    Thanks
     
  9. one111

    one111 Registered Member

    Joined:
    Apr 6, 2005
    Posts:
    92
    I already submitted to Trojan Hunter and am waiting for a response

    I didn't make of copy of Jotti's results (sorry about that)
     
  10. one111

    one111 Registered Member

    Joined:
    Apr 6, 2005
    Posts:
    92
    One of the lessons I learned from this whole mess (and there are many)
    is that I will never make light of PestPatrol again. I've been using it for years and
    was contemplating deleting it a number of times because I thought I'd be covered by the rest of my software arsenal. But PestPatrol was the ONLY ONE OUT THERE THAT CAUGHT THIS BACKDOOR (not Trojan Hunter, Kaspersky,
    Nod32, Norton, AVG Jottis or any of the rest).

    I'm amazed!
     
  11. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    U are copmaring an AS scanner with AV scanners.
     
    Last edited: Nov 4, 2006
  12. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    Yes he is, so whats your point?
     
  13. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    I never used Pest Patrol but always heard about it to give false positives. All I mean that just by one detection by it and noy by oters will not make it so excellent scanner and even in this reagrd same file might have been detected by many other AS scanners as well, if tried.
     
  14. one111

    one111 Registered Member

    Joined:
    Apr 6, 2005
    Posts:
    92
    There definitely are FP's occasionally with PestPatrol as there are with other
    anti spyware and and virus software. In both cases they are usually corrected
    by the next update. So?

    By the way, I also scanned with AVG anti spyware as well as Counterspy and neither detected it.

    And just for the record, PestPatrol is not just an anti spyware but an anti trojan as well. I decided to keep it in my arsenal after all this.
     
  15. the Tester

    the Tester Registered Member

    Joined:
    Jul 28, 2002
    Posts:
    2,854
    Location:
    The Gateway to the Blue Hills,WI.
    Pest Patrol detected this when CounterSpy and AVG AS didn't?
    Got to give them credit for that.Maybe Pest Patrol is better than I thought.
     
  16. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    It,s good that PP detected it but as I said u can,t decide on a single detection.
    Personally I have no experience with it though.
     
  17. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    If it helps him sleep at night he should keep it.
     
  18. siliconman01

    siliconman01 Registered Member

    Joined:
    Mar 6, 2003
    Posts:
    780
    Location:
    West Virginia (USA)
    New rulesets with detection of this particular malicious file have been issued for TH by Gavin on 4-Nov-06.
     
  19. one111

    one111 Registered Member

    Joined:
    Apr 6, 2005
    Posts:
    92
    I can't believe it!
    After all this time I did another scan on Jotti and the majority of
    programs still haven't detected it. Norton and Kaspersky also let it go by without detection.

    What is going on?!
     
    Last edited: Nov 7, 2006
  20. one111

    one111 Registered Member

    Joined:
    Apr 6, 2005
    Posts:
    92
    This time I saved Jotti's scan
     

    Attached Files:

  21. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    That,s strange.
     
  22. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    that result shows scvhost.exe. the legitimate windows file is svchost.exe.

    im wondering why so few programs detected it.
     
  23. Perman

    Perman Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    2,160
    Hi, folks: Very interesting indeed. I am not even an AV under-expert. But I googled it and found this file IS a well-documented virus.trojan etc. Why on earth those high-detection rate AVs not sniff it out? Are they been neutralized? Let me wondero_O:D
     
  24. Rossano

    Rossano Registered Member

    Joined:
    Jun 22, 2004
    Posts:
    23
    Thanks Tester, at least somebody speaking well of PestPatrol... :)

    Anyway for any help assistance or problems or malwares not detected let me know...

    Cheers

    Rossano
     
  25. farmerlee

    farmerlee Registered Member

    Joined:
    Jul 1, 2006
    Posts:
    2,585
    Are you using pestpatrol? Or are you using the latest CA antispyware version 9 and just calling it pestpatrol?
     
Thread Status:
Not open for further replies.