Backdoor.Bifrose.ADR : false positive ?

Hello,

i bought un new computer two days ago with windows vista premium and i installed bitdefender antivirus plus v10 today.

i have launch a deep scan and BD found a backdoor "Backdoor.Bifrose.ADR" in the file "wextract.exe" in the system32 directory.

this file seem to be included with vista.

Is there a method ton control if the file is infected or not ?

Thanks :rolleyes:

Vladim

P.S: i'm french thus excuse me if my english is not good :unsure:

Find more posts tagged with

Comments

unknown

Hello and welcome,

Just browsed on the internet and saw that many antiviruses detect this but its a false positive, so the best you can do now is to upload the file on http://virusscan.jotti.org/ and see what it says.

So i think monday the file will be registered in our database and it will not prompt you that it is a virus,till then you can except the file from scanning.

I think you have the french version so i put you a link to the documentation in french http://download.bitdefender.com/windows/de...s_v10_guide.pdf .

You'll find the informations you need on page 59 , it says :

"Exclure le chemin de l'analyse

(appliqué à TOUS LES NIVEAUX)"

Tell me how it went.

Regards

vladim

I sent the file on the jotti website et it said :

File: wextract.exe

Status: POSSIBLY INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database) (Note: this file was only classified as malware by scanners known to generate more false positives than the average scanner. Do not consider these results definately accurate. Also, because of this, results of this scan will not be recorded in the database.)

Bitdefender is the only to find something in this file (BitDefender Found Backdoor.Bifrose.ADR )

Others antivirus found nothing...

the probability of false positive seem to be high... it s a good news

Thank you very much for your help

vladim

unknown

I'm happy i could help you, probably monday this problem will be solved.

Regards

vlad

Whenever reporting a false positive, please also submit the "guilty" file; it is otherwise impossible to do anything about it. And whenever you submit possible malware samples through _any_ channel, make sure you send them as an archive with the password infected (if you send them unencrypted, antivirus software along the way might delete the files or block them).