drweb.exe false positive ID as virus

[WSecure]

hi all, thanks for reading!

yesterday I was searching for a anti-virus tool that works on windows server 2008 and installed Ikarus virus.utilities.
It seems it was a good choice to do so, because pctools etc didn't found anything.

however today I login to the box and voila, drweb is a trojan!

I recommend that everyone who uses drweb does a scan on it...


regards

btw: the box is freshly installed since two days, no one has access to it but me, everyone else is blocked from several firewalls!
comodo does find a virus too and here is the jotti.org result!

http://virusscan.jotti.org/de/scanresult/b78a85002740db8b30c5aa0d6e80cecd4f37558e

 

[WSecure]

I tried now to update drweb to see if the file comes infected from the update, but drwebupw.exe is so clever, that it doesn't reload the drweb.exe even tho I told the updater to update ALL and not just the virus definitions...

so... I can't say currently where this virus comes from, sry!

would be good, if others upload their drweb exe to jotti and scan it please, so we know if its only me, or a major problem, thx!

regards

 

[marko1103]

sorry but this smells like a false positive to me...

 

[WSecure]

I would hope so too..
but do you have the exe yourself and could you check if it is a false positive, or do you just smell something?

regards

 

[Blake@Parallels]

DrWeb is a virus scanning tool. It is extremely common for virus scanning tools to falsely identify each other (when scanning one another) as containing virus signatures (because, of course, they scan for them).