Is this real or a false positive?
I scanned a short while ago, and found this: Backdoor.Win32.IRCBot.are,C:\WINDOWS\97029.exe
I did a search on ZA site and Kaspersky Labs and found nothing but ...
When I googled it I found on http://vgrep.viruspool.net/virus.cms the following:
Backdoor.Win32.IRCBot.are IKARUS T3SCAN V1.28 T3 V1.01.15 16-Dec-2007
Backdoor:Win32/IRCbot.AD Microsoft MP CL 1.3109 16-Dec-2007
Generic9.XYS GRISoft AVG 7.5.503/1187 16-Dec-2007
Win32/Rotisbot.I CA VET RESCUE 22.214.171.124 14-Dec-2007
Win32:IRCBot-CJE [Trj] ALWIL **bleep**! ashCmd 4.7/071216-0 16-Dec-2007
Worm.DR.SdBot.TMF VirusBuster VirusBuster 1.3.4 9.117.4/11.0 16-Dec-2007
Worm/IrcBot.70656.2 Avira AntiVir/Win32-Console Version 126.96.36.199 16-Dec-2007
Detected by: Kaspersky Lab KavCon 188.8.131.52 16-Dec-2007
And there's a bit more.
So is it or isn't it?
Re: Is this real or a false positive?
How are you doing? I hope you are well.
Sounds very suspicious. Copy the file and upload it to Jotti and Virustotal to confirm and then remove if it malicious with these:
If the stuff does not clear up after a scan, then start in the safemode and scan agian and once more in the normal mode. If it says bad files in the system information, then disable the system restore and then rescan in the safe mode. Delete all found.
Follow up with a full online scan with the Internet Explorer (these two use activeX - allow the activeX in the ZA too)
http://www. b i t d e f e n d e r .com/scan8/ie.html
(spaced to break the forum filters) and