Author Topic: Trojan in EvID4226Patch?  (Read 9224 times)

0 Members and 1 Guest are viewing this topic.

MystikTK

  • Guest
Trojan in EvID4226Patch?
« on: November 11, 2005, 08:15:00 PM »
EvID4226Patch is a TCP/IP connections patch that modifies the tcpip.sys file to combat the connections problem associated with SP2 so that P2P prgrams can run effectively.

Anyway, since downloading the newest definitions (yesterday, I believe) avast! gives me a Win32:Trojano-2756 [Trj] in the EvID4226Patch.exe file.

I assume this is a false positive since this an extremely widely-used patch by people concerned with their speeds. Can anyone confirm this?


Thanks.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88897
  • No support PMs thanks
Re: Trojan in EvID4226Patch?
« Reply #1 on: November 11, 2005, 08:25:37 PM »
If you are getting a virus warning that you believe is a false positive, then if you can zip and password protect ('virus', will do) the suspect file and send it to virus @ avast.com (no spaces).

Give a brief outline of the problem, the fact that you believe it to be a false positive and include the password in the body of the email. Some info on the avast version and VPS number (see about avast {right click avast icon}) will also help.

You could also check the offending/suspect file at: Jotti - Multi engine on-line virus scanner if any other scanners here detect them it is less likely to be a false positive. You can't do this with the file in the chest, you will need to move it out.
Or VirusTotal - Multi engine on-line virus scanner

If it is indeed a false positive, add it to the exclusions lists and check scan it periodically using the ashQuick scan (right click scan), when it is no longer detected then remove it from the exclusions.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Spiritsongs

  • Guest
Re: Trojan in EvID4226Patch?
« Reply #2 on: November 11, 2005, 08:31:38 PM »
 :) And why use a "dangerous" P2P when there is a safer &
    cleaner "Shareaza" available at www.shareaza.com !?
    You may also want to use Ewido, a FREE premier anti-trojan
     program from www.ewido.net/en to see what it "finds",
     if anything !?

MystikTK

  • Guest
Re: Trojan in EvID4226Patch?
« Reply #3 on: November 11, 2005, 08:36:25 PM »
:) And why use a "dangerous" P2P when there is a safer &
    cleaner "Shareaza" available at www.shareaza.com !?
 

LOL. I think you misunderstood me. This is a patch to fix the issue of XP SP2 only allowing 10 concurrent TCP connections, thus severely affecting P2P prgrams. As a matter of fact, one the programs I used it for was Shareaza. I also use Bit Torrent (BitComet client) and DC++, for the record. It's not a P2P prog itself.

Anyway, I ran one of those multi-scanners and they confirmed it to be "Evid [not a virus]", so I guess it was just a flase positive. I'll probably send it to avast anyway, just to be sure.

Offline igor

  • Avast team
  • Serious Graphoman
  • *
  • Posts: 11849
    • AVAST Software
Re: Trojan in EvID4226Patch?
« Reply #4 on: November 11, 2005, 08:42:37 PM »
I believe today's VPS updade should have changed the detection to something like Evid [Not-a-virus] as well...

MystikTK

  • Guest
Re: Trojan in EvID4226Patch?
« Reply #5 on: November 11, 2005, 09:17:07 PM »
I believe today's VPS updade should have changed the detection to something like Evid [Not-a-virus] as well...


Yup, I just updated and that's what it says. Thanks.

Mastertech

  • Guest
Re: Trojan in EvID4226Patch?
« Reply #6 on: November 19, 2005, 01:32:57 PM »
Avast should not be giving any warning about this file. It is non malicious, you have to manually run it to change the TCP/IP Connection limit. I had it give the warning on a clients computer yesterday. Norton, Trend Micro and CA do not detect this as anything because it is nothing.