False Positive Remote.exe

[Jan Coulson]

MS AntiSpyware Beta detected the RAT trojan 'Cyanure'
within a file called remote.exe (Part of Microsoft's own
Windows 2000 support tools!!)

The creation and modification dates of the file are the
same as all of the other ustilities in that folder.

On demand scans with Sophos, Trend and pestpatrol failed
to find any threat.

I am 100% sure this is a false positive.

 

[RWS]

Are you 100% positive that Backdoor.Cyanure isn't just
using remote.exe?

Check out #939 in the following site's list:

(You may have to copy and paste the URL)

http://www.emsisoft.com/en/support/malware/default.aspx?
showmalware=trojan

 

[Bill Sanderson]

What definition version were you on when this detection ocurred?

(Help, About)

I've heard reports that the current definitions (5680, but beware--the
servers may not be reachable)--no longer give this reading.