Page 1 of 5 12345 LastLast
Results 1 to 10 of 50

Thread: Win32.Backdoor.Revell.110 ???

  1. #1
    mistress Guest

    Default Win32.Backdoor.Revell.110 ???

    Has anyone ever heard of this 1?

    File: C:\WINDOWS\system32\MSRDO20.DLL

    GUID: {5E71F04C-551F-11CF-8152-00AA00A40C25}
    RegistryKey: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{5E71F04 C-551F-11CF-8152-00AA00A40C25}
    GUID: {5EBB68F5-3BF1-11CF-814C-00AA00A40C25}
    RegistryKey: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{5EBB68F 5-3BF1-11CF-814C-00AA00A40C25}
    GUID: {9A8831F0-A263-11D1-8DCF-00A0C90FFFC2}
    RegistryKey: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{9A8831F 0-A263-11D1-8DCF-00A0C90FFFC2}
    GUID: {9A8831F1-A263-11D1-8DCF-00A0C90FFFC2}
    RegistryKey: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{9A8831F 1-A263-11D1-8DCF-00A0C90FFFC2}
    GUID: {9A8831F2-A263-11D1-8DCF-00A0C90FFFC2}
    RegistryKey: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{9A8831F 2-A263-11D1-8DCF-00A0C90FFFC2}
    GUID: {E791964C-208A-11CF-8146-00AA00A40C25}
    RegistryKey: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{E791964 C-208A-11CF-8146-00AA00A40C25}
    InterfaceRegKey: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\Interface\{2E7 46492-6ED1-11CE-9223-08002B369A33}
    InterfaceName: rdoColumns
    InterfaceRegKey: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\Interface\{2E7 46493-6ED1-11CE-9223-08002B369A33}
    InterfaceName: rdoTables
    InterfaceRegKey: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\Interface\{2E7 46494-6ED1-11CE-9223-08002B369A33}
    InterfaceName: rdoConnections
    InterfaceRegKey: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\Interface\{2E7 46495-6ED1-11CE-9223-08002B369A33}
    InterfaceName: rdoParameters
    InterfaceRegKey: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\Interface\{2E7 46496-6ED1-11CE-9223-08002B369A33}
    InterfaceName: rdoResultsets
    InterfaceRegKey: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\Interface\{2E7 46498-6ED1-11CE-9223-08002B369A33}
    InterfaceName: rdoQueries
    InterfaceRegKey: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\Interface\{2E7 464A0-6ED1-11CE-9223-08002B369A33}
    InterfaceName: rdoErrors
    InterfaceRegKey: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\Interface\{5D5 45B93-97CA-11CF-8171-00AA00A40C25}
    InterfaceName: rdoPreparedStatements
    InterfaceRegKey: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\Interface\{5E7 1F04B-551F-11CF-8152-00AA00A40C25}
    InterfaceName: _rdoEngine
    InterfaceRegKey: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\Interface\{5E7 1F04D-551F-11CF-8152-00AA00A40C25}
    InterfaceName: _rdoConnection
    InterfaceRegKey: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\Interface\{5E7 1F04E-551F-11CF-8152-00AA00A40C25}
    InterfaceName: _rdoColumn
    InterfaceRegKey: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\Interface\{5E7 1F04F-551F-11CF-8152-00AA00A40C25}
    InterfaceName: _rdoResultset
    InterfaceRegKey: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\Interface\{5E7 1F050-551F-11CF-8152-00AA00A40C25}
    InterfaceName: rdoPreparedStatement
    InterfaceRegKey: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\Interface\{5E7 1F051-551F-11CF-8152-00AA00A40C25}
    InterfaceName: _rdoEnvironment
    InterfaceRegKey: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\Interface\{5E7 1F052-551F-11CF-8152-00AA00A40C25}
    InterfaceName: rdoParameter
    InterfaceRegKey: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\Interface\{5E7 1F053-551F-11CF-8152-00AA00A40C25}
    InterfaceName: rdoEnvironments
    InterfaceRegKey: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\Interface\{649 49F43-67B6-11CE-9216-08002B369A33}
    InterfaceName: DualCollection
    InterfaceRegKey: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\Interface\{8B3 9DFBC-3647-11CF-814A-00AA00A40C25}
    InterfaceName: rdoEnvironmentEvents
    InterfaceRegKey: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\Interface\{8B3 9DFBD-3647-11CF-814A-00AA00A40C25}
    InterfaceName: rdoConnectionEvents
    InterfaceRegKey: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\Interface\{8B3 9DFBF-3647-11CF-814A-00AA00A40C25}
    InterfaceName: rdoResultsetEvents
    InterfaceRegKey: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\Interface\{8B3 9DFC0-3647-11CF-814A-00AA00A40C25}
    InterfaceName: rdoColumnEvents
    InterfaceRegKey: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\Interface\{B54 1C034-63BC-11CE-920C-08002B369A33}
    InterfaceName: rdoError
    InterfaceRegKey: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\Interface\{B54 1C03D-63BC-11CE-920C-08002B369A33}
    InterfaceName: rdoTable
    InterfaceRegKey: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\Interface\{EE0 08643-64A8-11CE-920F-08002B369A33}
    InterfaceName: rdoEngineEvents
    TypeLibRegKey: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TypeLib\{EE008 642-64A8-11CE-920F-08002B369A33}
    RegistryKey: HKEY_LOCAL_MACHINE\Software\Classes\MicrosoftRDO.R doConnection2.0
    RegistryKey: HKEY_LOCAL_MACHINE\Software\Classes\MicrosoftRDO.R doQuery2.0
    RegistryKey: HKEY_LOCAL_MACHINE\Software\Classes\MicrosoftRDO.r doEngine2.0

    This is very strange, as I havent been on IE 6 in a while, haven't downloaded anything in a while either..HUM!!!

  2. #2
    technoweary Guest

    Default Re: Win32.Backdoor.Revell.110 ???

    This came up on my scan too this morning. I tried doing a search on the ZA forums but could not find info on it. I quarantined it and then deleted it. I am doing my second byte level spyware scan now to make sure it is gone.
    But since somebody else found this at the same time I am now guessing this is a false positive ?

  3. #3
    dmilbrath Guest

    Default Re: Win32.Backdoor.Revell.110 ???

    I also just got it this morning on my scheduled scan. I have quarantined it as recommended. If anyone can tell me how to delete it; it would be appreciated.

  4. #4
    mistress Guest

    Default Re: Win32.Backdoor.Revell.110 ???

    I ignored it ONCE.
    My suggestion is to do nothing until we know for sure.
    Since there is more than 1 person, I am thinking this is another FV.
    I have found nothing on the web at all!
    I have found Backdoor.Win32.Revell.110 - NOT - Win32.Backdoor.Revell.110

  5. #5
    technoweary Guest

    Default Re: Win32.Backdoor.Revell.110 ???

    I would also recommend holding off on deleting it and keeping it in quarantine. Since at least three people have discovered it at the same time it sounds like it might be a false positive. I, myself, did delete it and while I have encountered no ill effects from that deletion so far, I may enounter some in the future from having, perhaps jumped-the-gun.

    So, try to not delete it for a few hours until hopefully somebody can offer more info on this ))

  6. #6
    Join Date
    Nov 2004

    Default Re: Win32.Backdoor.Revell.110 ???

    Hi!Yes, please do not delete... items in the quarantine cannot harm. Its a safe place, its like they have been deleted already.Report this to ZA technical support: mentioning the possibility of a false positive.Cheers,Fax

    Click here for ZA Support
    Monday-Saturday 24x6 Pacific time
    Closed Sundays and Holidays

  7. #7
    amethyst Guest

    Default Re: Win32.Backdoor.Revell.110 ???

    Hi there,

    I have MSRDO20.dll in my system 32 folder. It is a Microsoft file, version, rdo Engine Control (whatever that means!), not modified since 2000. Size is 388 kb. My ZASS has not flagged this as being a problem, but I am still using 6.5.


    ZASS 6.5
    Windows XP MCE

  8. #8
    Join Date
    Nov 2004

    Default Re: Win32.Backdoor.Revell.110 ???

    Yes, this is because ZA 6.5 uses a different antivirus engine by CA and not Kaspersky.Cheers,Fax

    Click here for ZA Support
    Monday-Saturday 24x6 Pacific time
    Closed Sundays and Holidays

  9. #9
    fireman Guest

    Default Re: Win32.Backdoor.Revell.110 ???

    Just received same message after scan and sent report to Zonelabs ts forms.

    Have a good one!

  10. #10
    zzzoooned_out Guest

    Default Re: Win32.Backdoor.Revell.110 ???

    I received this same message today.
    I will quarantine it for now, but need to know if it is harmful.

Page 1 of 5 12345 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts