PestPatrol - false positive

I just did a scan with PestPatrol and it found
scvhost.exe in my windows file and identified it as backdoor Xeol.a

I checked it with my antivirusm antitrojan and antispyware programs as
well as a check on Jotti and nothing was found. Can I assume that this is a False Positive?

 

No. There is no system file called "scvjost.exe".

Please send this file to mike [at] f-prot.com and i'll have later a look at it.

 

Did u try to upload it to Jotti or virus total?

 

It's Backdoor packed with Themida. Yes, it's malicious and you should get rid of it. We'll add it into detection today as well.

 

Thanks Mike.
But I don't understand why TrojanHunter, Nod32, Norton and Kaspersky
didn't detect it nor did Jotti

Can't we reply on any of these?!

 

Eset just gets it in this moment - just sending it via chat to marcos.

 

Kaspersky got it also right now via chat.

No idea about trojan hunter. maybe you can submit it there via email somehow.

 

Is it posseble to see jotti,s or virus total results?
Thanks

 

I already submitted to Trojan Hunter and am waiting for a response

I didn't make of copy of Jotti's results (sorry about that)

 

One of the lessons I learned from this whole mess (and there are many)
is that I will never make light of PestPatrol again. I've been using it for years and
was contemplating deleting it a number of times because I thought I'd be covered by the rest of my software arsenal. But PestPatrol was the ONLY ONE OUT THERE THAT CAUGHT THIS BACKDOOR (not Trojan Hunter, Kaspersky,
Nod32, Norton, AVG Jottis or any of the rest).

I'm amazed!

 

U are copmaring an AS scanner with AV scanners.

 

Yes he is, so whats your point?

 

I never used Pest Patrol but always heard about it to give false positives. All I mean that just by one detection by it and noy by oters will not make it so excellent scanner and even in this reagrd same file might have been detected by many other AS scanners as well, if tried.

 

There definitely are FP's occasionally with PestPatrol as there are with other
anti spyware and and virus software. In both cases they are usually corrected
by the next update. So?

By the way, I also scanned with AVG anti spyware as well as Counterspy and neither detected it.

And just for the record, PestPatrol is not just an anti spyware but an anti trojan as well. I decided to keep it in my arsenal after all this.

 

Pest Patrol detected this when CounterSpy and AVG AS didn't?
Got to give them credit for that.Maybe Pest Patrol is better than I thought.

 

It,s good that PP detected it but as I said u can,t decide on a single detection.
Personally I have no experience with it though.

 

If it helps him sleep at night he should keep it.

 

New rulesets with detection of this particular malicious file have been issued for TH by Gavin on 4-Nov-06.

 

I can't believe it!
After all this time I did another scan on Jotti and the majority of
programs still haven't detected it. Norton and Kaspersky also let it go by without detection.

What is going on?!

 

This time I saved Jotti's scan

 

That,s strange.

 

that result shows scvhost.exe. the legitimate windows file is svchost.exe.

im wondering why so few programs detected it.

 

Hi, folks: Very interesting indeed. I am not even an AV under-expert. But I googled it and found this file IS a well-documented virus.trojan etc. Why on earth those high-detection rate AVs not sniff it out? Are they been neutralized? Let me wonder

 

Thanks Tester, at least somebody speaking well of PestPatrol...

Anyway for any help assistance or problems or malwares not detected let me know...

Cheers

Rossano

 

Are you using pestpatrol? Or are you using the latest CA antispyware version 9 and just calling it pestpatrol?