Newbi question

  • Thread starter Thread starter Dark Avenger
  • Start date Start date
D

Dark Avenger

Hi,

first of all I´d like to appologise for my English, but I´m from Portugal
and not very good at it.

I downloaded AD-Aware SE Retail, but after installing it Kaspersky AV
identifies the program as "Backdoor.Win32,rbot.gen".
So I´d like to ask the gurus of this newsgroup the following question: Is it
possible that a program like this came infected from the vendor? What does
this virus do?.

I deleted all files that were infected and conducted another scan which came
out o.k.

Thank You

D.A.

P.S.: My e-mail is invalid. I´m affraid of spam :(
 
Hi,

first of all I´d like to appologise for my English, but I´m from Portugal
and not very good at it.

I downloaded AD-Aware SE Retail, but after installing it Kaspersky AV
identifies the program as "Backdoor.Win32,rbot.gen".
So I´d like to ask the gurus of this newsgroup the following question: Is it
possible that a program like this came infected from the vendor? What does
this virus do?.

I deleted all files that were infected and conducted another scan which came
out o.k.

Thank You

D.A.

P.S.: My e-mail is invalid. I´m affraid of spam :(
Click to expand...

I once had a virus detector tag a file editor written in 1992, giving some
fancy name to a "virus" saying that it was a key logger.

There was a key logging routine in the editor for writing macros.

BTW, your English is fine.


FACE
 
FACE said:
I once had a virus detector tag a file editor written in 1992, giving some
fancy name to a "virus" saying that it was a key logger.

There was a key logging routine in the editor for writing macros.

BTW, your English is fine.


FACE
Click to expand...

I once had one anti-virus program flag on another anti-virus program because
of it's virus definition data.

-Dr.X
 
If I understand You correctly, then my problem is a wrong interpretation of
my A.V. scanner?
If that´s the problem I´m relieved!
By the way, what does the "Backdoor.Win32.rbot.gen" virus do????

Thanks again

D.A.
 
Dark Avenger said:
If I understand You correctly, then my problem is a wrong interpretation of
my A.V. scanner?
If that´s the problem I´m relieved!
By the way, what does the "Backdoor.Win32.rbot.gen" virus do????
Click to expand...

Backdoor - it allows an outsider to use your computer. From there on it only gets worse if it was ever used.

Pssst - Eddie lives...
 
Dark Avenger said:
If I understand You correctly, then my problem is a wrong interpretation of
my A.V. scanner?
If that4s the problem I4m relieved!
By the way, what does the "Backdoor.Win32.rbot.gen" virus do????

Thanks again

D.A.
Click to expand...

Mr. Avenger,

I think what Face and I are insinuating is that it is _possible_ to get
a false positive. It's hard to tell without further investigation. Did you
try it with another anti-virus package?

Also, you didn't mention where exactly you downloaded the program (ad
aware) from. Did you get it from the authors website? Is it remotely
possible that you were duped into downloading it from a malicious site? No
one would want to admit that, but the newest exploits are very clever.
Sometimes I have to look twice to be sure I'm really at the site I intended
to visit.

Backdoor.Win32.rbot.gen is a back door virus that allows a hacker into
your computer. It defiantly is not something you want on your system, but
like I said, it may have been a false positive.

If you go to the ad-aware home page, and get the file again (making sure
you're at the right site), maybe you can scan it again and if you get a hit,
try a different av (like an on-line scanner) to be sure. You may also want
to contact the involved vendors although it's possible they already know
about it.

-Dr.X
PS: Your English is great!
 
Hi,



First of all thank you for the compliment :) It's good to know that my time
in school was well spent.



Now to what really matters. I downloaded the file from www.lavasoft.de and
stored it on my disk. Afterwards I ran a system wide scan that resulted in
what you already know.



Yesterday I went online and searched the net for online virus scanner. I
found so many, that I had a hard time picking the most suitable. I selected
Panda, Trend Micro, CA and F-Secure. I think I made a good choice. After
scanning my computer twice with every scanner I got the following results:



1- Panda Active Scan

Result: No infections found

2- Trend Micro House Call

Result: No infections found

3- CA eTrust Antivirus Web Scan

Result: No infections found

4- F-Secure

Result: No infections found



5- My scanner (KAV Personal 5)

Result: Found Backdoor.Win32.Rbot.Gen



I'm no specialist, but I think this must be a bug of KAV. Or am I wrong?



Best regards



D.A.
 
Dark Avenger said:
Hi,

First of all thank you for the compliment :) It's good to know that my time
in school was well spent.

Now to what really matters. I downloaded the file from www.lavasoft.de and
stored it on my disk. Afterwards I ran a system wide scan that resulted in
what you already know.

Yesterday I went online and searched the net for online virus scanner. I
found so many, that I had a hard time picking the most suitable. I selected
Panda, Trend Micro, CA and F-Secure. I think I made a good choice. After
scanning my computer twice with every scanner I got the following results:

1- Panda Active Scan
Result: No infections found
2- Trend Micro House Call
Result: No infections found
3- CA eTrust Antivirus Web Scan
Result: No infections found
4- F-Secure
Result: No infections found
5- My scanner (KAV Personal 5)
Result: Found Backdoor.Win32.Rbot.Gen

I'm no specialist, but I think this must be a bug of KAV. Or am I wrong?
Best regards
D.A.
Click to expand...

Yeah, I think you're right. I would contact the author of KAV and let
them know that you are getting a false positive. I doubt that you are the
only one. Perhaps they have a work around.

Is there a heuristics option in KAV? Maybe you'll need to turn it off to
run the ad-aware install. I wonder if once you finally get ad-aware
installed, if KAV will call the installed program a virus. If that's the
case, I also wonder if KAV has a list that you can enter ad-aware so it is
ignored on subsequent scans. Seems unfair, don't it. :-)

-Dr.X
 
Hi

There is neither a heuristics option nor an ignore list avaliable in this
version. Maybe the professional version has it!?

I will try to get an answer from Kaspersky.

Thank you very much for your help.

Have a nice and happy Christmas and a wonderfull New Year

Best regards from Portugal

D.A.
 
Have you downloaded it and installed it? What version does it say?

It is 2.50.19 version. :)
thanks
 
Back
Top