Results 1 to 8 of 8

Thread: Real spyware or false positive: Win32.Backdoor.Revell.110

  1. #1
    morey Guest

    Default Real spyware or false positive: Win32.Backdoor.Revell.110

    I received the following notices from Zone Alarm:



    And:




    Is this a real Spyware program or is this a false positive.
    What should I do now?



    Operating System:
    Windows XP Home Edition
    Software Version:
    7.0
    Product Name:
    ZoneAlarm Internet Security Suite


    Message Edited by morey on 08-20-2007 01:30 PM

  2. #2
    morey Guest

    Default Re: Real spyware or false positive: Win32.Backdoor.Revell.110

    Here are some more screens of the suspected Trojan:

    And


    Evidently the suspected Trojan is buried within file: MSRDO20.DLL.
    I copied the file, zipped it up with a password and sent it to Kasperksy with the two above pictures also attached.
    I have the file quarantined for the time being.
    I will inform you here when I hear from Kaspersky.


  3. #3
    zaswing Guest

    Default Re: Real spyware or false positive: Win32.Backdoor.Revell.110

    Please, see if this thread helps in some way - it discusses the same trojan in the Malware section but the discussion seems to point in the direction of false positive so you may want to report it to tech support
    http://forums.zonealarm.com/zonelabs...essage.id=2594

    Message Edited by zasuiteuser on 08-20-2007 11:07 PM

  4. #4
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,292

    Default Re: Real spyware or false positive: Win32.Backdoor.Revell.110

    Hi!this is NOT a Kaspersky detection but a ZA AS detection.Please report this false positive to ZA:http://www.zonealarm.com/store/conte...are_report.jspCheers,Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  5. #5
    blueberrymay Guest

    Default Re: Real spyware or false positive: Win32.Backdoor.Revell.110

    I've just run a scan and received the same result. Is this definately a "false positive"?

  6. #6
    blueberrymay Guest

    Default Re: Real spyware or false positive: Win32.Backdoor.Revell.110

    I'll do just that! I have just sent msrdo20.dll to just use www.virustotal.com for another opinion. The file was scanned by 31 AV engines. Nothing unusual was detected.

  7. #7
    morey Guest

    Default Re: Real spyware or false positive: Win32.Backdoor.Revell.110

    Kaspersky responded with the following message:
    Hello,

    MSRDO20.DLL

    No malicious code was found in this file. So, this file is not detected by our
    AntiVirus...

    Please quote all when answering.

    --
    Best regards, Vladimir Lebedev
    Virus analyst, Kaspersky Lab.




    > Attachment: Test of Trojan File.zip
    > Attachment: Zone Alarm-Win32 Backdoor Revell problem-C-Aug 20, 2007.jpg
    > Attachment: Zone Alarm-Win32 Backdoor Revell problem-D-Aug 20, 2007.jpg

    >
    Dear Sirs,
    >

    >


    >

    >












    Attached find a zipped file with password, "Test".
    Also I have
    >
    attached to pictures of what I got with Zone Alarm Security Suite 7.0 which
    >
    uses Kaspersky Antivirus and Antispam modules.
    >

    >


    >

    >












    I believe it may be a false positive for
    >
    Win32.Backdoor.Revell.110 enclosed within the MSRDO20.DLL file.
    >

    >


    >

    >












    Please test it and update your database if required.
    >

    >


    >

    >












    Thanks.
    I updated my anti-Virus and anti-spyware database today.
    I released MSRDO20.DLL from quarantine. I re-ran anti-spyware scan from ZASS 7.0 and Win32.Backdoor.Revell.110 was NOT detected this time.
    I thought Kaspersky handled this, not Zone Alarm.
    They tested the file in any event and fixed the database.
    Did I make a mistake informing Kaspersky instead of Zone Alarm, fax?
    Thanks, again, fax.



    Message Edited by morey on 08-21-2007 08:52 AM

    Message Edited by morey on 08-21-2007 08:58 AM

  8. #8
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,292

    Default Re: Real spyware or false positive: Win32.Backdoor.Revell.110

    Hi!Yes, you should have informed ZA instead of Kapsersky.In the antivirus logs you will find all kaspersky related files/detectionIn the spyware logs you will find all ZA related files/detection.Users have reported to ZA and ZA signature version 2245 (not Kaspersky) fixed the false positive.Cheers,Fax

    Message Edited by fax on 08-21-2007 09:16 AM

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •