Author Topic: trendmicro's sysclean.exe and VBS:Redlof  (Read 11030 times)

0 Members and 1 Guest are viewing this topic.


  • Guest
trendmicro's sysclean.exe and VBS:Redlof
« on: April 23, 2004, 05:38:35 AM »
When i try to run sysclean.exe ("demage cleanup engine" from trendmicro) avast stops it and tells me that it is infected by VBS:Redlof. I have searched this forum and wasn't able to find any explenation except one that was assuming that it is propably due to a pattern file withih. That doesn't seem to be true since pattern file has to be downloaded separately therefor it is a diferent file ...
May be i haven't done my homework (i never do) and i missed something but why guys from avast hasn't deal with this. Because even though avast has recieved 100% from virus bulletin and i am happy for them it doesn't convince me that it can deal with running worms well since it has overlooked at least one 2 days ago. I don't like to turn the standart shield off everytime i want to run sysclean.

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11658
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re:trendmicro's sysclean.exe and VBS:Redlof
« Reply #1 on: April 23, 2004, 08:40:27 AM »
1. Please submit the file in question to and add a link to the thread to the message body.

2. Your complaint about avast not detecting some viruses is too vague for me to help. I'd need much more info. e.g. what were these files like (ideally if you still have them), why do you think they were infected, by which worm/virus etc...

If at first you don't succeed, then skydiving's not for you.


  • Guest
Re:trendmicro's sysclean.exe and VBS:Redlof
« Reply #2 on: April 23, 2004, 11:19:53 AM »
i have post this problem here:;action=display;threadid=3274;start=msg23410#msg23410

Include "sysclean" in exclusion file ?
« Last Edit: April 23, 2004, 11:22:51 AM by offpol »

Offline .: Mac :.

  • Avast √úberevangelist
  • Ultra Poster
  • *****
  • Posts: 5093
Re:trendmicro's sysclean.exe and VBS:Redlof
« Reply #3 on: April 23, 2004, 01:03:44 PM »
avast has detected this for some time. best way is to put it in the exclude list as I can guarentee you it is no virus
"People who are really serious about software should make their own hardware." - Alan Kay


  • Guest
Re:trendmicro's sysclean.exe and VBS:Redlof
« Reply #4 on: April 24, 2004, 03:13:28 AM »
here is the link

and it has found this BKDR_IRCFLOOD.X
it may be nothing 'cause when i checked log file it has removed only few registry keys and they didn't look harmful to me.

i am sorry if my post sounded little ofensive (haven't been in good mood yesterday). I use sysclean at work too, even though all computers run officescan from the same company.

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31078
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re:trendmicro's sysclean.exe and VBS:Redlof
« Reply #5 on: April 28, 2004, 01:18:03 PM »
I just checked here with Avast version 4.1.396 and vps 0418-2. No virus detected whatsoever in that cleaning prog. Don't know if Avast and/or Trend changed anything. But I do know I have seen more false reports about the ircflood.x And they where reported by several different anti-virus software. Out the top of my head I have seen Norton (symantec), Trend, nod32 and McAfee reported this false alarm. This is the 1st time I hear aobut Avast reporting it. The reports where about different files/progs. Sofar it is not clear to me how/why but it in the meantime I will consider it a known fact that it happens. Ofcourse being cautious when it reports this backdoor is needed. You never know.