pev.exe FP

[oldman]

Hi,

Avast is detecting this file. It's a file used by one of our malware tools. I believe the file was submitted a day or so ago. If you need a new copy let me know.

C:\Windows\PEV.exe **INFECTED** Win32:Rootkit-gen [Rtk]

Thanks

[essexboy]

I have also sent a copy to the labs via the ftp..  so hopefully should be cleared soon

[polonus]

Hi oldman and essexboy,

Here avast did not flag it as yet: http://r.virscan.org/115a7219f89268b928d51a632bccb300
There is lot of disinformation on this executable: http://www.backgroundtask.eu/Systeemtaken/taakinfo/37294/pev.exe/F1FBA6185A6A2BC6456970914875078E/
and here on this totally bad web rep info site: http://www.latest-virus.com/pevexe-1060
and then you have this info ignating all this: http://www.prevx.com/filenames/2534574636446686797-X1/PEV.EXE.html
So now you see what then happens. After that the reputation of this previewer tool has been damaged. Let us hope the FP will be fixed soon and file status could change to something like risktool, PUP, something in the realm to what these heuristical av flags finds up,

pol

[oldman]

2009/06/24 00:09:47

Those results are about 2 1/2 years old. Because of the behavior of some of our tools, AVs do detect them from time to time.

Seems to be fixed.