Win32/Tool.EvID4226

Discussion in 'NOD32 version 2 Forum' started by The Seeker, Dec 8, 2005.

Thread Status:
Not open for further replies.
  1. The Seeker

    The Seeker Registered Member

    Joined:
    Oct 24, 2005
    Posts:
    1,100
    Location:
    Adelaide
    After having ewido flag the EvID4226Patch (from LvlLord) as malware then declare it a false positive I've just had NOD32 detect it as a virus. I'm guessing it was added as part of the 1.1315 signatures because I've had it on my PC for several months without a problem.

    If you have a look on the website, you'll notice that he assures readers it's not a virus.

    I was wondering if the guys at Eset have discovered something contained within the patch or is it simply because it allows users to increase the amount of concurrent TCP connections? If so, why only now has it been added?
     
  2. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    It's not really a false positive neither it is a malware. It should be classified as Riskware (although ESET doesn't class them like this).
    Mass mail worms could easily exploit this tool to open more concurent connections to boost spreading. Thats why it's detected.
     
  3. Happy Bytes

    Happy Bytes Guest

    http://www.eset.com/msgs/sobery.htm
    (Scroll down to the end)

    It's not malicious. But it ALWAYS contains a risk to patch system files! On some machines the system can become INSTABLE with this patch.
     
  4. The Seeker

    The Seeker Registered Member

    Joined:
    Oct 24, 2005
    Posts:
    1,100
    Location:
    Adelaide
    Thanks very much for your responses, I appreciate them very much :)
     
Thread Status:
Not open for further replies.