Program file/Ewido AntiMalware\guard.sys = Trojan New Malware.z ???

Discussion in 'ewido anti-spyware forum' started by OldRebel, Jan 25, 2006.

Thread Status:
Not open for further replies.
  1. OldRebel

    OldRebel Registered Member

    Joined:
    Jan 25, 2006
    Posts:
    153
    Location:
    South Carolina USA
    I have been using the free version of Ewido for months. I also have subscriptions to McAFee VirusScan and Webroot Spysweeper. Suddenly, tonight, McAFee detected an alledged Trojan: New Malware.z in the Ewido program files: guard.sys. I need to know if guard.sys is a normal program file for Ewido. If it is, is there any possibility that it could become contaminated bya trojan? After Mcafee detected this, I quanrantined the file and then uninstalled Ewido, deleted all other Ewido files I could find, ran CCleaner, and then downloaded a fresh install of Ewido. McAFee found the alledged trojan again. I sent the guard.sys file to Virus Total, and none of the other scanners dectected any trojan.

    Does anyone know if this is a new incompatibility between Ewido and McAFee? I am hoping that this is just a false positive for McAFee, but I worry that I might miss a real threat if I just ignore it. Anyone else have this issue come up? I cannot find any info about New Malware.z in the McAfee knowledge base.
     
  2. peter.ewido

    peter.ewido former ewido team

    Joined:
    Nov 10, 2003
    Posts:
    737
    Location:
    Brno, Czech Republic
    It's a false positive from McAfee, let's hope they get it fixed soon...
     
  3. OldRebel

    OldRebel Registered Member

    Joined:
    Jan 25, 2006
    Posts:
    153
    Location:
    South Carolina USA
    Thanks. I also got a quck response from Ewido support after I submitted a copy of the file to them. I wsh McAFee was that responsive that fast. Good work Ewido! I had to do a new install, in case mcAFee had damaged the file but all looks good now. Thanks again.
     
  4. OldRebel

    OldRebel Registered Member

    Joined:
    Jan 25, 2006
    Posts:
    153
    Location:
    South Carolina USA
    I got a response from Avert. Apparently this problem will be solved with todays release of McAfee DATs. The following is part of their response:
    _________________________________________________________________
    A.V.E.R.T. Sample Analysis
    Issue Number: 2144229
    Virus Research Analyst: L Clark
    Filename: guard.sys
    Detected as "New Malware.Z" in DAT: 4681
    Identified: No Virus/Trojan
    AVERT(tm) Labs, Aylesbury

    Thank you for submitting your suspicious file.

    Synopsis -

    Our Senior Virus Research Engineers have examined the file in question and
    no virus was found.

    Solution -

    Attached is an extra.dat with correct detection. This correction will be
    included in the next DAT update.
     
  5. Prayermode

    Prayermode Registered Member

    Joined:
    Nov 14, 2006
    Posts:
    1
    Please help.
    I have w32.myzor.fk@yf currently in my PC.

    What do I do? Can ewido help?
    Any help is appreciated.
    Please email me @ prayer_mode@yahoo.com.
    Thanks

    PM
     
  6. OldRebel

    OldRebel Registered Member

    Joined:
    Jan 25, 2006
    Posts:
    153
    Location:
    South Carolina USA
    Try the tools at this link:
    http://www.internetinspiration.co.uk/roguefix.htm

    If Roguefix.bat causes your browser any problems when you attempt to download it, right click on the download link and "save as." The site lists several tools that should be used in combination. AVG AS (Ewido) is one of them. Use the newest version with up to date signatures. After updating in regular mode, run the scans in Safe Mode.

    If that does not work, then try this multi-AV tool. It has to be installed in regular mode, then update the virus definitions for the command line scanners (Sophos, McAfee, Trend Micro, and Kaspersky), then boot into Safe Mode and run the scans.
    Procedure #2

    Download MULTI_AV.EXE
    http://www.claymania.com/removal-trojan-adware.html
    Don't use this tool unless the first tool does not work. Hopefully it will take care of it.
     
Thread Status:
Not open for further replies.