Page 5 of 5 FirstFirst 12345
Results 41 to 50 of 50

Thread: Win32.Backdoor.Revell.110 ???

  1. #41
    eliuri Guest

    Default Re: Win32.Backdoor.Revell.110 ???

    Hello:

    I got that same finding of : Win32.Backdoor.Revell.110

    But I don't see a file specified in the logs. So no info on whcih file is the "culprit"

    How did u know to submit that specific file:

    File MSRDO20.DLL

    to virustotal.com?

    Thanks:

    -Eliuri

    Message Edited by eliuri on 08-21-2007 03:55 PM

  2. #42
    findley Guest

    Default Re: Win32.Backdoor.Revell.110 ???

    Below
    is what ZA detected on my computer:


    File: C:\WINDOWS\SYSTEM32\MSRDO20.DLL

    GUID: {5E71F04C-551F-11CF-8152-00AA00A40C25}

    RegistryKey: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{5E71F04 C-551F-11CF-8152-00AA00A40C25}

    GUID: {5EBB68F5-3BF1-11CF-814C-00AA00A40C25}

    RegistryKey: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{5EBB68F 5-3BF1-11CF-814C-00AA00A40C25}

    GUID: {9A8831F0-A263-11D1-8DCF-00A0C90FFFC2}

    RegistryKey: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{9A8831F 0-A263-11D1-8DCF-00A0C90FFFC2}

    GUID: {9A8831F1-A263-11D1-8DCF-00A0C90FFFC2}

    RegistryKey: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{9A8831F 1-A263-11D1-8DCF-00A0C90FFFC2}

    GUID: {9A8831F2-A263-11D1-8DCF-00A0C90FFFC2}

    RegistryKey: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{9A8831F 2-A263-11D1-8DCF-00A0C90FFFC2}

    GUID: {E791964C-208A-11CF-8146-00AA00A40C25}

    RegistryKey: HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{E791964 C-208A-11CF-8146-00AA00A40C25}

    InterfaceRegKey: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\Interface\{2E7 46492-6ED1-11CE-9223-08002B369A33}

    InterfaceName: rdoColumns

    InterfaceRegKey: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\Interface\{2E7 46493-6ED1-11CE-9223-08002B369A33}

    InterfaceName: rdoTables

    InterfaceRegKey: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\Interface\{2E7 46494-6ED1-11CE-9223-08002B369A33}

    InterfaceName: rdoConnections

    InterfaceRegKey: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\Interface\{2E7 46495-6ED1-11CE-9223-08002B369A33}

    InterfaceName: rdoParameters

    InterfaceRegKey: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\Interface\{2E7 46496-6ED1-11CE-9223-08002B369A33}

    InterfaceName: rdoResultsets

    InterfaceRegKey: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\Interface\{2E7 46498-6ED1-11CE-9223-08002B369A33}

    InterfaceName: rdoQueries

    InterfaceRegKey: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\Interface\{2E7 464A0-6ED1-11CE-9223-08002B369A33}

    InterfaceName: rdoErrors

    InterfaceRegKey: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\Interface\{5D5 45B93-97CA-11CF-8171-00AA00A40C25}

    InterfaceName: rdoPreparedStatements

    InterfaceRegKey: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\Interface\{5E7 1F04B-551F-11CF-8152-00AA00A40C25}

    InterfaceName: _rdoEngine

    InterfaceRegKey: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\Interface\{5E7 1F04D-551F-11CF-8152-00AA00A40C25}

    InterfaceName: _rdoConnection

    InterfaceRegKey: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\Interface\{5E7 1F04E-551F-11CF-8152-00AA00A40C25}

    InterfaceName: _rdoColumn

    InterfaceRegKey: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\Interface\{5E7 1F04F-551F-11CF-8152-00AA00A40C25}

    InterfaceName: _rdoResultset

    InterfaceRegKey: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\Interface\{5E7 1F050-551F-11CF-8152-00AA00A40C25}

    InterfaceName: rdoPreparedStatement

    InterfaceRegKey: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\Interface\{5E7 1F051-551F-11CF-8152-00AA00A40C25}

    InterfaceName: _rdoEnvironment

    InterfaceRegKey: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\Interface\{5E7 1F052-551F-11CF-8152-00AA00A40C25}

    InterfaceName: rdoParameter

    InterfaceRegKey: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\Interface\{5E7 1F053-551F-11CF-8152-00AA00A40C25}

    InterfaceName: rdoEnvironments

    InterfaceRegKey: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\Interface\{649 49F43-67B6-11CE-9216-08002B369A33}

    InterfaceName: DualCollection

    InterfaceRegKey: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\Interface\{8B3 9DFBC-3647-11CF-814A-00AA00A40C25}

    InterfaceName: rdoEnvironmentEvents

    InterfaceRegKey: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\Interface\{8B3 9DFBD-3647-11CF-814A-00AA00A40C25}

    InterfaceName: rdoConnectionEvents

    InterfaceRegKey: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\Interface\{8B3 9DFBF-3647-11CF-814A-00AA00A40C25}

    InterfaceName: rdoResultsetEvents

    InterfaceRegKey: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\Interface\{8B3 9DFC0-3647-11CF-814A-00AA00A40C25}

    InterfaceName: rdoColumnEvents

    InterfaceRegKey: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\Interface\{B54 1C034-63BC-11CE-920C-08002B369A33}

    InterfaceName: rdoError

    InterfaceRegKey: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\Interface\{B54 1C03D-63BC-11CE-920C-08002B369A33}

    InterfaceName: rdoTable

    InterfaceRegKey: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\Interface\{EE0 08643-64A8-11CE-920F-08002B369A33}

    InterfaceName: rdoEngineEvents

    TypeLibRegKey: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TypeLib\{EE008 642-64A8-11CE-920F-08002B369A33}

    Message Edited by Findley on 01-23-2008 01:44 PM

  3. #43
    dannyf Guest

    Default Re: Win32.Backdoor.Revell.110 & MSRDO20.DLL & DAT 2245 - Appears to be fixed

    I can support earlier report by GURU FAX.
    Latest anti-spyware DAT File version 01.200708.2245 appears to have fixed the problem with MSRDO20.DLL reporting as a trojan.
    I have just now run the ZA spyware scan twice. Both scans reported
    nothing detected.

    Message Edited by Dannyf on 08-22-2007 08:15 AM

  4. #44
    braab Guest

    Default Re: Win32.Backdoor.Revell.110 ???

    Had the same on my scan: on 21 AUG 2007 my ZA Security Suite 7.0.337.000 flagged Win32.Backdoor.Revell.110. After deleting it it turned out that my Registry Mechanic didn't want to boot any more. In stead I got a Windows Install Wizard window that kept insisting that I should reinstal my MS Office 2002. This didn't revive Reg Mechanic. Furthermore I noticed that the Windows Update from the MS website (the only thing I have to use IE for BTW) does download, but does not want to install the updates. Had to do that by downloading the MS updates through the developers portal, download them and boot them on my desktop.

    All I want to say: it is essential that we find out whether the MSRDO20.dll flag by Za is genuine. Deleting the dll is does give a lot of hassle and disrupts your system.

    Braab

  5. #45
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,291

    Default Re: Win32.Backdoor.Revell.110 ???

    Hi!yes, MSRDO20.dll is genuine and ZA has fixed the false positive with the latest updated AS signature.Cheers,Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  6. #46
    braab Guest

    Default Re: Win32.Backdoor.Revell.110 ???

    Cheers FAX for that. As Guru (**bleep**ing up do you have an URL where one can grab MSRDO20.dll to reinstall (tried Win install CDs but no luck there).

    Thanks in advance,

    Braab

  7. #47
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,291

    Default Re: Win32.Backdoor.Revell.110 ???

    Hi!I think its part of MS office (MS access?)... you may need to look into the installation CD or repair your Office install...Cheers,Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  8. #48
    braab Guest

    Default Re: Win32.Backdoor.Revell.110 ???

    Cheers, will do. I noticed you can also DL it, but am not so keen on that. Silly that MS does not have them for DL available *SIGH*

    THX

    Braab

  9. #49
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,291

    Default Re: Win32.Backdoor.Revell.110 ???

    You're welcome...Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  10. #50
    positive Guest

    Default Re: Win32.Backdoor.Revell.110 ???

    Yes I got all this too today, but I believed it, because (a) I had recently installed quite a lot of stuff including Adobe Photoshop CS3, Illustrator, Magical Defrag, etc (involved removing bootleg Adobe progs) and (b) my Win XP HP Pavilion ZD8000 notebook stopped connecting to my wireless network properly, (actually it connected, then after a while in the same session it would not work, could not connect (apparently failed to get (DHCP?) IP address from ADSL Router/ISP). It is still stuck like this after ZA 'detected' MSRDO20.DLL as Win32.Backdoor.Revell.110, and I deleted MSRDO20.DLL and all the associated registry entries (via ZA) (although not rebooted yet). I connected another (slightly dodgy XP) machine to the same ADSL router via blue cable and it works fine. Although I still have this severe problem with the Notebook (no Internet connectivity), I now suspect this is more likely than not an autoimmune response (ie false positive), but the possibility remains that malware is stuffing ZA (somewhat like HIV) and playing with us. (just for the paranoid?

Page 5 of 5 FirstFirst 12345

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •