Topic: Virus in backup2ws?

[Brenno]

Hello all,

My RAV scan report this morning detected the following:

/home/e-smith/files/users/admin/home/backup2ws/wrar310.exe->(RARSfx)->Default.SFX->(UPXW) Infected: Backdoor:Win32/BBD.A.Drop

What's going on here? How could this file have become infected?  It's not in a publicly accessible area of the server and my SME 5.6 box runs in server-only mode inside our network, primarily as a mail server and small intranet server.

Doing a Google for "Win32/BBD.A.Drop" yeilded no results.

Anybody else had this and know a) how did this happen and b) how do I clean it?

Thanks in advance for your assistance!

[%sig%]

[Ray Mitchell]

This was mentioned previously. Try using a different virus scanner, I never found any virus in that file.

Regs
Ray

[Nick Ramsay]

I have the same on my server & it also reports it on a Nero install file.  I have mailed RAV support & they are investigating.  Support are still very responsive BTW.

I'm sure it's a false positive as it only started happening after the Friday RAV update & those files have been on the server for months.

[%sig%]

[Brenno]

Nick,

Please let me know what RAV support says.  I agree with your observation about the files being there for months prior to them being listed as infected, although I wasn't as observant about the exact update that triggered the false positive.

Thanks!

[Nick Ramsay]

Got an email from them early evening saying the problem had been found & fixed.  Sure enough, no virus report this morning.

Not a bad turnaround - less than 8 hours.

[%sig%]