Results 1 to 2 of 2

Thread: Is this real or a false positive?

Hybrid View

  1. #1
    mistress Guest

    Default Is this real or a false positive?

    I scanned a short while ago, and found this: Backdoor.Win32.IRCBot.are,C:\WINDOWS\97029.exe
    I did a search on ZA site and Kaspersky Labs and found nothing but ...
    When I googled it I found on http://vgrep.viruspool.net/virus.cms the following:
    Backdoor.Win32.IRCBot.are
    Aliases:
    Backdoor.Win32.IRCBot.are IKARUS T3SCAN V1.28 T3 V1.01.15 16-Dec-2007
    Backdoor:Win32/IRCbot.AD Microsoft MP CL 1.3109 16-Dec-2007
    Generic9.XYS GRISoft AVG 7.5.503/1187 16-Dec-2007
    Win32/Rotisbot.I CA VET RESCUE 8.3.0.0 14-Dec-2007
    Win32:IRCBot-CJE [Trj] ALWIL **bleep**! ashCmd 4.7/071216-0 16-Dec-2007
    Worm.DR.SdBot.TMF VirusBuster VirusBuster 1.3.4 9.117.4/11.0 16-Dec-2007
    Worm/IrcBot.70656.2 Avira AntiVir/Win32-Console Version 7.4.0.15 16-Dec-2007
    Detected by: Kaspersky Lab KavCon 1.0.0.48 16-Dec-2007

    And there's a bit more.
    So is it or isn't it?
    -
    -
    -
    (hi Oldsod!)

  2. #2
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: Is this real or a false positive?

    Hi Mistress

    How are you doing? I hope you are well.

    Sounds very suspicious. Copy the file and upload it to Jotti and Virustotal to confirm and then remove if it malicious with these:

    http://www.majorgeeks.com/McAfee_AVE...ger_d4063.html

    and

    http://www.majorgeeks.com/Norman_Mal...er__d5450.html

    and

    http://www.emsisoft.com/en/software/free/.

    If the stuff does not clear up after a scan, then start in the safemode and scan agian and once more in the normal mode. If it says bad files in the system information, then disable the system restore and then rescan in the safe mode. Delete all found.

    Follow up with a full online scan with the Internet Explorer (these two use activeX - allow the activeX in the ZA too)

    http://www. b i t d e f e n d e r .com/scan8/ie.html

    (spaced to break the forum filters) and

    http://www.ewido.net/en/onlinescan/

    Cheers, Oldsod
    Best regards.
    oldsod

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •