THGuard.exe = a trojan ???

Discussion in 'ewido anti-spyware forum' started by Perman, Jul 5, 2006.

Thread Status:
Not open for further replies.
  1. Perman

    Perman Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    2,160
    Hi folks and my friends@Ewido: I installed a trial version of Trojan Hunter 4.5 today and run daily scan(full) with updated Ewido (signature 365,009). Guess what has Ewido detected? It has flagged THGuard.exe as a Backdoor.Rbot, high risk. Can someone tell that it is not possibleo_O :D
     
  2. Chubb

    Chubb Registered Member

    Joined:
    Aug 9, 2005
    Posts:
    1,967
    It maybe a false positive. You may submit your sample here:

    http://www.ewido.net/en/contact/
     
  3. ericfr

    ericfr Registered Member

    Joined:
    Jun 23, 2006
    Posts:
    27
    The resident shield of Trojanhunter has that name. I bet it's a FP.

    If you want to be 150% ;) sure, submit it to e.g. Jotti if it has not been corrected yet.

    Regards
    ericfr
     
  4. Perman

    Perman Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    2,160
    Hi,folks: After reading you guys' response, I am 99% sure that it is an unfortunate F.P. Bcz Ewido has clearly pinpointed the location C:\program file\Trojan Hunter 4.5\THGuard.exe .:mad:
     
  5. siliconman01

    siliconman01 Registered Member

    Joined:
    Mar 6, 2003
    Posts:
    780
    Location:
    West Virginia (USA)
    What Windows OS are you running? ewido 4.0.0.172 plus is not flagging THGuard.exe (V4.5, Build 924) either in memory or on my disk. Latest ewido updates too. Am running Windows XP-SP2, Home Edition
     
  6. karl.ewido

    karl.ewido former ewido team

    Joined:
    Dec 9, 2005
    Posts:
    236
    Location:
    Germany
    Please send us this THGuard.exe that will be detected as a Backdoor. We downloaded the latest version of TH and scanned it of course with the latest version of the ewido software and no files of the TH software will be detected.

    Use this website to send us the file:
    http://www.ewido.net/en/contact/
     
  7. Infinity

    Infinity Registered Member

    Joined:
    May 31, 2004
    Posts:
    2,651
    maybe it is a cracked version with backdoor in it?
     
  8. Chubb

    Chubb Registered Member

    Joined:
    Aug 9, 2005
    Posts:
    1,967
    Hm...yes, maybe

    @Perman
    Where did you get this trial version? From the official site?
     
  9. ericfr

    ericfr Registered Member

    Joined:
    Jun 23, 2006
    Posts:
    27
    @perman:

    Did you submit it to e.g. Jotti. Results?

    ericfr
     
  10. Perman

    Perman Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    2,160
    Hi,folks: Thanks for your concern. My O/S is window XP, sp2. I did not download from the official site. And I have since noticed that although TH scanner is v.4.5.build 924, the THguard is v.4.5 build 275. Does this deviation cause this alerto_O?
     
  11. siliconman01

    siliconman01 Registered Member

    Joined:
    Mar 6, 2003
    Posts:
    780
    Location:
    West Virginia (USA)
    THGuard V4.5, Build 275 corresponds to the official download site. I do recommend that you go to http://www.misec.net/trojanhunter/ and download the V4.5, Build 924 from this official site. Then totally uninstall your current TH and re-install using the source from the Mischel site. Be sure to have available your License.tlf which is the valid licensing file.
     
  12. peter.ewido

    peter.ewido former ewido team

    Joined:
    Nov 10, 2003
    Posts:
    737
    Location:
    Brno, Czech Republic
    Pleeease, first submit the file in question to us as if it is a real rbot, you might be in big trouble!
     
  13. Perman

    Perman Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    2,160
    Hi,folks: Thank you all for the support. I have since deleted the folder in question and d/l new one from official site, it appears all is fine. Thank you siliconman,I have read your input at TH forum, very impressive indeed. Peter, I have deleted old one, sorry ,not able to help you this time. If I remember correctly, early build of TH 4.5 had some phone home feature, and the file of THGuard is a early build, perhaps there was some sort of link. Thanks.
     
  14. dah145

    dah145 Registered Member

    Joined:
    Jul 3, 2006
    Posts:
    262
    Location:
    n/a
    I personally dont use cracked programs but I admit that this showed by ewido when the trojan hunter is a cracked version.:cautious:
     
Thread Status:
Not open for further replies.