Jump to content
IObit Forum
Top Free Driver Updater Tools Best 25 PC Optimization Software Best 22 Antimalware Best 22 Uninstaller Software IObit Coupons & Discount Offers PC Optimizer Mac Boost Advice IObit Coupons A Good Utility Program From IObit IObit Promo Codes IObit Coupon Codes IObit Coupons and Deals FAQs Driver Booster Pro Review

False positives? ( Reg-RB.exe-mpegtoflash.exe - EvID4226Patch.exe) [SOLVEDby db 2501]


Recommended Posts

Posted

IObit Security 360

 

OS:Windows 7

Version:1.6.0.2

Define Version:2426

Time Elapsed:00:06:43

Objects Scanned:75844

Threats Found:4

 

|Name|Type|Description|ID|

Trojan.Crypt, File, C:\Program Files (x86)\DVD-RB PRO\Reg-RB.exe, 11-32662

Spyware.Password, File, D:\wdisplay32\mpegtoflash.exe, 11-31940

Spyware.Password, File, D:\wdisplay32\wdisplay\mpegtoflash.exe, 11-31940

Trojan.Agent, File, F:\Drivers en utilities\Applicaties en drivers\Applicaties\Windows XP TCP-IP patcher\EvID4226Patch.exe, 11-10844

 

I've confirmed that both mpegtoflash.exe files are identical, so three probable false positives.

 

The first one, Reg-RB.exe, is a file from the DVD-conversion utility DVD Rebuilder Pro.

 

The second one, mpegtoflash.exe, is a utility which is part of the program Weather Display (which collects data from my weather station).

 

The third one, EvID4226Patch.exe, is a small patching utility which can be used to expand Windows XP's limit on concurrent half-open TCP/IP connections. As it patches a system file, I can understand why heuristics would find this to be a suspicious file, however this program itself isn't a trojan or infected in any way (even though I use Windows 7, I have some friends and acquaintances who I help out with their computer and still have XP, so I still keep this file around).

 

 

Scan results from virusscan.jotti.org for Reg-RB.exe - http://virusscan.jotti.org/en/scanresult/197a6494b7f98cbce7f3df6be06571faac3bb4ef

 

Scan results from virustotal.com for Reg-RB.exe - http://www.virustotal.com/file-scan/report.html?id=c6d409849128136666a1a2c413cb865e951a4c9b3ab6bfff2afca8a4aa1ae936-1301828560

 

Scan results from virusscan.jotti.org fro mpegtoflash.exe - http://virusscan.jotti.org/en/scanresult/5ddd3d0d6f2a43fc5ac8d65c2819a0fab109bc18

 

Scan results from virustotal.com for mpegtoflash.exe - http://www.virustotal.com/file-scan/report.html?id=53c6e8b126ee5889f408566fd296f7f9471650644bfd23140e7f36507dad7cc7-1301828960

 

Scan results from virusscan.jotti.org for EvID4226Patch.exe - http://virusscan.jotti.org/en/scanresult/3203d3baac04718e38f8a7e49e604677bbc98d2c

 

Scan results from virustotal.com for EvID4226Patch.exe - http://www.virustotal.com/file-scan/report.html?id=d700fd837228f49b85bcc1012ae9d550338192d7b3810d0e834e9cf3f4de87ef-1301828679

 

 

As per the submission guidelines, the attached ZIP has been password protected with infected as password.

false_positives.zip

Posted
IObit Security 360

 

OS:Windows 7

Version:1.6.0.2

Define Version:2426

Time Elapsed:00:06:43

Objects Scanned:75844

Threats Found:4

 

|Name|Type|Description|ID|

Trojan.Crypt, File, C:\Program Files (x86)\DVD-RB PRO\Reg-RB.exe, 11-32662

Spyware.Password, File, D:\wdisplay32\mpegtoflash.exe, 11-31940

Spyware.Password, File, D:\wdisplay32\wdisplay\mpegtoflash.exe, 11-31940

Trojan.Agent, File, F:\Drivers en utilities\Applicaties en drivers\Applicaties\Windows XP TCP-IP patcher\EvID4226Patch.exe, 11-10844

 

I've confirmed that both mpegtoflash.exe files are identical, so three probable false positives.

 

The first one, Reg-RB.exe, is a file from the DVD-conversion utility DVD Rebuilder Pro.

 

The second one, mpegtoflash.exe, is a utility which is part of the program Weather Display (which collects data from my weather station).

 

The third one, EvID4226Patch.exe, is a small patching utility which can be used to expand Windows XP's limit on concurrent half-open TCP/IP connections. As it patches a system file, I can understand why heuristics would find this to be a suspicious file, however this program itself isn't a trojan or infected in any way (even though I use Windows 7, I have some friends and acquaintances who I help out with their computer and still have XP, so I still keep this file around).

 

 

Scan results from virusscan.jotti.org for Reg-RB.exe - http://virusscan.jotti.org/en/scanresult/197a6494b7f98cbce7f3df6be06571faac3bb4ef

 

Scan results from virustotal.com for Reg-RB.exe - http://www.virustotal.com/file-scan/report.html?id=c6d409849128136666a1a2c413cb865e951a4c9b3ab6bfff2afca8a4aa1ae936-1301828560

 

Scan results from virusscan.jotti.org fro mpegtoflash.exe - http://virusscan.jotti.org/en/scanresult/5ddd3d0d6f2a43fc5ac8d65c2819a0fab109bc18

 

Scan results from virustotal.com for mpegtoflash.exe - http://www.virustotal.com/file-scan/report.html?id=53c6e8b126ee5889f408566fd296f7f9471650644bfd23140e7f36507dad7cc7-1301828960

 

Scan results from virusscan.jotti.org for EvID4226Patch.exe - http://virusscan.jotti.org/en/scanresult/3203d3baac04718e38f8a7e49e604677bbc98d2c

 

Scan results from virustotal.com for EvID4226Patch.exe - http://www.virustotal.com/file-scan/report.html?id=d700fd837228f49b85bcc1012ae9d550338192d7b3810d0e834e9cf3f4de87ef-1301828679

 

 

As per the submission guidelines, the attached ZIP has been password protected with infected as password.

Hi Wild4fire

Thanks for your feedback.

The files (Reg-RB.exe&mpegtoflash.exe) are false positives. We will solve this issue in our later update definition 2501.

This file (EvID4226Patch.exe) is a Trojan.You can see VT results (19/42): http://www.virustotal.com/file-scan/report.html?id=d700fd837228f49b85bcc1012ae9d550338192d7b3810d0e834e9cf3f4de87ef-1301999298 Many Antivirus kill it. So you can clean it.

Posted
Hi Wild4fire

Thanks for your feedback.

The files (Reg-RB.exe&mpegtoflash.exe) are false positives. We will solve this issue in our later update definition 2501.

This file (EvID4226Patch.exe) is a Trojan.You can see VT results (19/42): http://www.virustotal.com/file-scan/report.html?id=d700fd837228f49b85bcc1012ae9d550338192d7b3810d0e834e9cf3f4de87ef-1301999298 Many Antivirus kill it. So you can clean it.

 

Thanks for the reply, but EvID4226Patch.exe is really not a trojan! It is a patch for the TCPIP.SYS file for the limitation introduced in Windows XP SP2 - only 10 concurrent, half-open TCP/IP connections were possible. Someone created a patch to fix this and that's EvID4226Patch.exe.

 

Yes, it patches a system file but does so by design and you have to initiate the patch yourself ànd confirm the actual patching itself! I have used this tool many times in the past and can confirm it really does nothing else than what it's intended for!

 

The various reactions you can read on VirusTotal say exactly the same.

 

I really don't understand why many anti-virus/anti-malware companies keep on claiming this file is malware while it obviously isn't.

 

Perhaps there are a few infected copies of this file floating around, but the one I submitted is the original one from the author himself.

 

Read his website - http://www.lvllord.de/?lang=en&url=4226patch/faq

 

A site with screenshot from this patching tool - http://www.raymond.cc/blog/archives/2006/06/22/fix-for-recent-downloadupload-speed-drop-in-bittorrent-and-p2p/

 

Also see http://forum.avast.com/index.php?topic=17353.0 -- why Avast doesn't detect it as a virus/trojan - because it isn't!

Posted

Hi hixin,

 

I do confirm the info by Wild4fire about EvID4226Patch.exe , and I have used it for some XPs.

 

Originally, it has been used for a way to overcome the limitation put by MS on the Internet traffic.

 

I would't see it as a thread, and I wouldn't expect it to be used by many if you think about the percentage of the usage of it compared to the total usage of the web.

 

I consider it as safe if the MD is original and database in Cloud, should include it as safe. :mrgreen:

 

 

Hi Wild4fire,

 

I would put it in the Ignored List (Specially in IS360 for your Windows 7.) untill IObit decides it as safe. :-D

 

 

 

Cheers.

Posted

 

I would put it in the Ignored List (Specially in IS360 for your Windows 7.) untill IObit decides it as safe. :-D

 

Cheers.

 

I only keep the file around as I have a collection of utilities that I use when people have problems with their computers (I'm the one everyone in my family goes to when they're having problems ;-)). So it's not there for myself, especially since I run Windows 7. But some of my family, friends and acquaintances still have XP so I keep the file, just to be sure.

 

I know I could put it in the ignore list, but I feel that's a little bit stupid for a file which isn't actually a threat at all. Further more, there may be people out there who have this utility and also use IObit Security 360. They will think it is malicious, while it isn't.

Posted

Hi Wild4fire

Hi enoskype

 

Thanks for your reply.

We will decides it(EvID4226Patch.exe ) in our next update definition.

 

Cheers!

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...