scan found this , have I done the Right Thing ..?

Discussion in 'ewido anti-spyware forum' started by mypenry, Oct 12, 2006.

Thread Status:
Not open for further replies.
  1. mypenry

    mypenry Registered Member

    Joined:
    May 2, 2006
    Posts:
    85
    Location:
    Central Thailand
    Sorry if this is in the wrong place ..but still learning.........

    Ive just run a scan with ewido 4 ( Paid )

    and it found this ..Dropper.inflator.a and it recommended Quarantine, but it said the item found is embeded
    in the following .....

    :\Setup\Software\WinZip.Professional.v10.0.6685\winzip100.exe/GTB9X.EXE -> Dropper.Inflator.a : Cleaned with backup (quarantined).

    Do I want to Quarantine this item ...? the programe asked .. , as I am Newbie I was not too sure what to do so I clicked yes,
    and its now Quarantined , but I am not too sure if ive done the right thing , if the item found was embeded

    can this possibily cause any futrther problems..?

    can any forum members advise me if ive done the right thing, if not whats next..?


    Thanks .............. Mypenry
     
  2. Tommy

    Tommy Registered Member

    Joined:
    Dec 24, 2002
    Posts:
    1,169
    Location:
    Buenos Aires - Munic
    Generally you have done the right thing to quarantine in first place the suspicous or infected file for further analysing.
    In this case Ewido found malware inside the packed setup routine of WinZip, which is a little bit strange for me. Could be a false alarm.
    Try following:
    Restore the quarantined file (don't know if Ewido is able to restore it into the setup routine file), download a-squared free and check it again, to see if it could be a false alarm.
     
  3. zhaoxiubo

    zhaoxiubo Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    6
    i argue that that can be ignored.
     
  4. karl.ewido

    karl.ewido former ewido team

    Joined:
    Dec 9, 2005
    Posts:
    236
    Location:
    Germany
    We will fix this false-positive with the next siganture update.
    We're sorry for the inconvenience.
     
  5. mypenry

    mypenry Registered Member

    Joined:
    May 2, 2006
    Posts:
    85
    Location:
    Central Thailand
    A big thanks for the replies,...... karl.ewido so if its a false-positive , and ive


    Quarantined it, whats the correct action for me to do now ...? ( sorry Newbie Question )

    Thanks Guy's ........... Mypenry
     
  6. karl.ewido

    karl.ewido former ewido team

    Joined:
    Dec 9, 2005
    Posts:
    236
    Location:
    Germany
    Just restore the file from the quarantine module and ignore the detection of this file if you scan again your system.
     
  7. mypenry

    mypenry Registered Member

    Joined:
    May 2, 2006
    Posts:
    85
    Location:
    Central Thailand
    Thanks for that quick reply most appreciated............

    Mypenry ................
     
Thread Status:
Not open for further replies.