eTrust Antivirus Detecting Virus in SciTE.exe
39 views
Skip to first unread message
PCuff
May 1, 2008, 7:26:13 AM5/1/08
to scite-interest
Hi everyone,
I'm using SciTE version 1.76 on Windows XP.
On my laptop at work this morning, I started getting the following
alert from our antivirus software (eTrust, v 7.1.501):
The Win32/Rewas!generic was detected in C:\SCITE\WSCITE\SCITE.EXE.
I googled Win32/Rewas!generic but couldn't find anything on it.
I have a desktop computer with SciTE and eTrust on it as well, but I'm
not getting the alert there. My laptop is using version 31.3750 of the
virus signature file (updated today), while the desktop is using
version 31.5749 (updated yesterday), so I'm guessing that this is
something new in the eTrust signatures, and that my desktop won't be
able to run SciTE either once the virus signature update is pushed to
it.
I can run SciTE.exe from a network share, or from my USB thumb drive
and the eTrust real time process monitor doesn't stop it from running.
When I try to copy SciTE.exe from the thumb drive to my laptop, eTrust
just deletes it.
Is SciTE.exe v1.76 truly infected with a virus, or is this a false
positive? Has anyone else had SciTE.exe flagged with a virus by eTrust
or any other antivirus software?
Thanks,
-- Patrick
mailto:patric...@bigfoot.com
I'm using SciTE version 1.76 on Windows XP.
On my laptop at work this morning, I started getting the following
alert from our antivirus software (eTrust, v 7.1.501):
The Win32/Rewas!generic was detected in C:\SCITE\WSCITE\SCITE.EXE.
I googled Win32/Rewas!generic but couldn't find anything on it.
I have a desktop computer with SciTE and eTrust on it as well, but I'm
not getting the alert there. My laptop is using version 31.3750 of the
virus signature file (updated today), while the desktop is using
version 31.5749 (updated yesterday), so I'm guessing that this is
something new in the eTrust signatures, and that my desktop won't be
able to run SciTE either once the virus signature update is pushed to
it.
I can run SciTE.exe from a network share, or from my USB thumb drive
and the eTrust real time process monitor doesn't stop it from running.
When I try to copy SciTE.exe from the thumb drive to my laptop, eTrust
just deletes it.
Is SciTE.exe v1.76 truly infected with a virus, or is this a false
positive? Has anyone else had SciTE.exe flagged with a virus by eTrust
or any other antivirus software?
Thanks,
-- Patrick
mailto:patric...@bigfoot.com
mozers
May 1, 2008, 9:08:37 AM5/1/08
to PCuff
Thursday, May 1, 2008, 3:26:13 PM, PCuff wrote:
P> Is SciTE.exe v1.76 truly infected with a virus
P> alert from our antivirus software (eTrust, v 7.1.501):
Imho is this a false positive.
You can check up it on http://www.virustotal.com
--
mozers
PCuff
May 1, 2008, 9:58:51 AM5/1/08
to scite-interest
Thanks mozers :)
eTrust-Vet is the only scanner at VirusTotal that detects a virus. I
opened an issue with CA and asked them to verify that this file is
infected.
-- Pat
eTrust-Vet is the only scanner at VirusTotal that detects a virus. I
opened an issue with CA and asked them to verify that this file is
infected.
-- Pat
PCuff
May 2, 2008, 7:00:18 AM5/2/08
to scite-interest
WHEW!
I've received a response from CA, and the SciTE.exe's been certified
clean. They updated their signature files to remove the false
positive. A quick update of my AV this morning and I'm back in
business :)
-- Pat
> > mozers- Hide quoted text -
>
> - Show quoted text -
I've received a response from CA, and the SciTE.exe's been certified
clean. They updated their signature files to remove the false
positive. A quick update of my AV this morning and I'm back in
business :)
-- Pat
>
> - Show quoted text -
Philippe Lhoste
May 5, 2008, 5:18:13 AM5/5/08
to scite-i...@googlegroups.com
On 02/05/2008 13:00, PCuff wrote:
> I've received a response from CA, and the SciTE.exe's been certified
> clean. They updated their signature files to remove the false
> positive. A quick update of my AV this morning and I'm back in
> business :)
> I've received a response from CA, and the SciTE.exe's been certified
> clean. They updated their signature files to remove the false
> positive. A quick update of my AV this morning and I'm back in
> business :)
Cool, good move. I saw this often with UPX compressed freewares... Some
anti-virus seem to do more false positives of this kind...
--
Philippe Lhoste
-- (near) Paris -- France
-- http://Phi.Lho.free.fr
-- -- -- -- -- -- -- -- -- -- -- -- -- --
Reply all
Reply to author
Forward
0 new messages