Sent EWIDO three FP's just now.

ewido security suite - Scan report
---------------------------------------------------------

+ Created on:         11:19:24 AM, 3/13/2004
+ Report-Checksum:      57934070

+ Date of database:      3/13/2004
+ Version of scan engine:   v1.1

+ Duration:            8 min
+ Scanned Files:         19465
+ Speed:            38.46 Files/Second
+ Infected files:         3
+ Removed files:         0
+ Files put in quarantine:      0
+ Files that could not be opened:   22
+ Files that could not be removed:   0

+ Ignore extension:   Yes
+ Binder:      Yes
+ Crypter:      Yes
+ Memory:      No
+ Archives:      No
+ Heuristic:      No

+ Scanned items:
   C:\

+ Scan result:
   C:\Compaq\CPQInet\LchApp.exe -> TrojanSpy.Algus.10 -> Ignored
   C:\Compaq\EAKDRV\STARTDRV.exe -> Backdoor.Enculator.01 -> Ignored
   C:\cpqdrv\misc\STARTDRV.exe -> Backdoor.Enculator.01 -> Ignored

Nice little program!

I set it to "Ignore All" just so I could get results only.

Added "securitysuite.exe" to PG and gave it the "Read" access it was clamoring for (I'd already started the scan before I did that, so it may account for some of the 22 "Files that could not be opened", I'm not sure).

No problems d/l'ing, installing or running it - and, it was certainly simple enough! Pete

 

Fixed with the latest update

 

Thank you, sir. At work at the moment, but I'll get the update when I get home. Pete

 

And fixed it is:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on:         10:12:30 AM, 3/14/2004
+ Report-Checksum:      FD03011D

+ Date of database:      3/14/2004
+ Version of scan engine:   v1.1

+ Duration:            7 min
+ Scanned Files:         19367
+ Speed:            44.37 Files/Second
+ Infected files:         0
+ Removed files:         0
+ Files put in quarantine:      0
+ Files that could not be opened:   22
+ Files that could not be removed:   0

+ Ignore extension:   Yes
+ Binder:      Yes
+ Crypter:      Yes
+ Memory:      No
+ Archives:      No
+ Heuristic:      No

+ Scanned items:
   C:\

+ Scan result:
   C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat -> File could not be opened
   C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG -> File could not be opened
   C:\Documents and Settings\LocalService\NTUSER.DAT -> File could not be opened
   C:\Documents and Settings\LocalService\ntuser.dat.LOG -> File could not be opened
   C:\Documents and Settings\spy1\Application Data\Phoenix\Profiles\default\x9eoecei.slt\parent.lock -> File could not be opened
   C:\Documents and Settings\spy1\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat -> File could not be opened
   C:\Documents and Settings\spy1\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG -> File could not be opened
   C:\Documents and Settings\spy1\NTUSER.DAT -> File could not be opened
   C:\Documents and Settings\spy1\NTUSER.DAT.LOG -> File could not be opened
   C:\hiberfil.sys -> File could not be opened
   C:\pagefile.sys -> File could not be opened
   C:\WINDOWS\system32\config\default -> File could not be opened
   C:\WINDOWS\system32\config\default.LOG -> File could not be opened
   C:\WINDOWS\system32\config\SAM -> File could not be opened
   C:\WINDOWS\system32\config\SAM.LOG -> File could not be opened
   C:\WINDOWS\system32\config\SECURITY -> File could not be opened
   C:\WINDOWS\system32\config\SECURITY.LOG -> File could not be opened
   C:\WINDOWS\system32\config\software -> File could not be opened
   C:\WINDOWS\system32\config\software.LOG -> File could not be opened
   C:\WINDOWS\system32\config\system -> File could not be opened
   C:\WINDOWS\system32\config\system.LOG -> File could not be opened
   C:\WINDOWS\system32\drivers\procguard.sys -> File could not be opened


::Report End

 

Hi,I just downloaded ESS and finished first scan, so far so good!
This program has really beautiful GUI, I love it.

ESS reported that Advanced Process Manipulation(from DiamondCS) is infected by Backdoor.Netsend.
http://www.diamondcs.com.au/index.php?page=apm
I think this is another false positive, would you analyze this program.?

Best Regards.

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on:         0:00:37, 2004/03/16
+ Report-Checksum:      D47FA012

+ Date of database:      2004/03/15
+ Version of scan engine:   v1.1

+ Duration:            18 s
+ Scanned Files:         617
+ Speed:            33.65 Files/Second
+ Infected files:         1
+ Removed files:         0
translation error0
translation error0
+ Files that could not be removed:   0

+ Ignore extension:   Yes
+ Binder:      Yes
+ Crypter:      Yes
+ Memory:      No
+ Archives:      No
+ Heuristic:      No

+ Scanned items:
   C:\Documents and Settings\Sumire\My Documents\Application\Utility

+ Scan result:
   C:\Documents and Settings\Sumire\My Documents\Application\Utility\DiamondCS\APM\apm.exe -> |PACKED| Backdoor.Netsend -> Ignored


::Report End

 

Code:

---------------------------------------------------------
 ewido security suite - Scan report
---------------------------------------------------------

 + Created on:         16:38:44, 15.03.2004
 + Report-Checksum:      BF0608A6

 + Date of database:      15.03.2004
 + Version of scan engine:   v1.1

 + Duration:            201 ms
 + Scanned Files:         14
 + Speed:            69.65 Files/Second
 + Infected files:         0
 + Removed files:         0
 + Files put in quarantine:      0
 + Files that could not be opened:   0
 + Files that could not be removed:   0

 + Ignore extension:   Yes
 + Binder:      Yes
 + Crypter:      Yes
 + Memory:      Yes
 + Archives:      Yes
 + Heuristic:      Yes

 + Scanned items:
   M:\Whitelist\DiamondCS\APM\Links
   M:\Whitelist\DiamondCS\APM\TestDLL
   M:\Whitelist\DiamondCS\APM\apm.dll
   M:\Whitelist\DiamondCS\APM\apm.exe
   M:\Whitelist\DiamondCS\APM\apmhelp.chm
   M:\Whitelist\DiamondCS\APM\uninstal.exe
   M:\Whitelist\DiamondCS\APM\uninstal.ini

 + Scan result:
   No infected files found!


::Report End

Could you please send your apm.exe to submit@ewido.net? It seems to be a different version. Thanks!

 

@Paul
I'm sorry, I'll follow your instruction.

@fish25
Thank you for your quick response, I'll send you apt.exe.

Many thanks

 

apt.exe?

 

I'm sorry , I sent wrong sample, next sample is true.

best regards

 

Fixed with the current update

 

I confirmed that false positive was fixed
Thank you very much. Please keep on good work

Best Regards

 

fish - I see you also added TrojanSimulator to your detection sigs - and properly identified it as not being an actual trojan.

C:\Magnus Test\TrojanSimulator.exe -> Not-a-virus.Trojansimulator -> Ignored
C:\Magnus Test\TSServ.exe -> |PACKED| Not-a-virus.Trojansimulator -> Ignored