Jump to content


Photo

Backdoor.Win32.IRCNite.pl!A2 in Google Earth! FP?

Started by jerome, Aug 04 2010 09:29 AM

  • Please log in to reply
7 replies to this topic

#1 jerome

jerome

    Member

  • Members
  • PipPip
  • 36 posts
  • LocationFrance

Posted 04 August 2010 - 09:29 AM

Hello,
as usual yesterday all was clean. And this morning my daily full scan finds this:
C:\Program Files\Google\Google Earth\client\googleearth_free.dll Objets détectés : Backdoor.Win32.IRCNite.pl!A2
C:\Program Files\Google\Google Earth\plugin\googleearth_free.dll Objets détectés : Backdoor.Win32.IRCNite.pl!A2
I noticed on another recent post that the same file was detected as a near backdoor:
http://support.emsis...cnite-and-krap/
The file is heavy (24.6 Mo) so can't be submitted at Virus Total. But this kind of file in this tkind of program does not seem suspect.
Report in attachment.
File submitted by right click.
Regards,

Attached Files


JEROME from Paris, France.
Windows Vista Home Premium SP2 updated.
Acer computer.3 Gb RAM.
McAfee security suite allways updated.
Emsisoft Anti-Malware (5.1.0.4) and Malwarebytes-Anti-Malware just to scan on demand.

#2 Lynx

Lynx

    Forum Veteran

  • Members
  • PipPipPipPipPip
  • 3189 posts
  • LocationAustralia

Posted 04 August 2010 - 10:00 AM

Hi Jerome,

This FP was recently discussed in several threads here

Just reoccurred ... will be fixed

My regards

p.s. one user though reported that fie is too big to submit.
Do you have any issues like that?

XP Pro, SP3 (32-bit); EAM Full Suite v7.0.0.21(beta) ; Firewall: Comodo 3.14 FW only! (Defense+ HIPS)
Win 7 Home Premium x64, SP1; Firewall: Comodo 3.14 FW only! (Defense+ HIPS); EAM Full Suite v7.0.0.21(beta)

#3 jerome

jerome

    Member

  • Members
  • PipPip
  • 36 posts
  • LocationFrance

Posted 04 August 2010 - 10:38 AM

Hello,
and thank you for your answer.
The file is big (24.6 mo).
During the submition I had a bar with x%... I took about 1 minute.
At the end I had NOT a message saying for instance: "File submitted" or something like that. Neither an error message.
Regards,
JEROME from Paris, France.
Windows Vista Home Premium SP2 updated.
Acer computer.3 Gb RAM.
McAfee security suite allways updated.
Emsisoft Anti-Malware (5.1.0.4) and Malwarebytes-Anti-Malware just to scan on demand.

#4 Lynx

Lynx

    Forum Veteran

  • Members
  • PipPipPipPipPip
  • 3189 posts
  • LocationAustralia

Posted 04 August 2010 - 11:01 AM

...thank you for your answer.
The file is big (24.6 mo). During the submition I had a bar with x%... I took about 1 minute.
At the end I had NOT a message saying for instance: "File submitted" or something like that. Neither an error message...

Yes, the file is indeed a big one, but if you search the forum one of the users managed to submit it after my replies

I am sure you have nothing to worry about, but in case you cannot find the case I can find it & post the link

Cheers!

XP Pro, SP3 (32-bit); EAM Full Suite v7.0.0.21(beta) ; Firewall: Comodo 3.14 FW only! (Defense+ HIPS)
Win 7 Home Premium x64, SP1; Firewall: Comodo 3.14 FW only! (Defense+ HIPS); EAM Full Suite v7.0.0.21(beta)

#5 jerome

jerome

    Member

  • Members
  • PipPip
  • 36 posts
  • LocationFrance

Posted 04 August 2010 - 12:29 PM

Hello,
I have just sent it as a zip file (8 Mo) at fp@emsisoft.com
Did I well?
Regards,
JEROME from Paris, France.
Windows Vista Home Premium SP2 updated.
Acer computer.3 Gb RAM.
McAfee security suite allways updated.
Emsisoft Anti-Malware (5.1.0.4) and Malwarebytes-Anti-Malware just to scan on demand.

#6 Lynx

Lynx

    Forum Veteran

  • Members
  • PipPipPipPipPip
  • 3189 posts
  • LocationAustralia

Posted 04 August 2010 - 12:40 PM

Thanks, Jerome
Sure you did it right...
well it seems like I will install "the thing"
don't like 2 b in the dark ;) Will post later
Cheers, man!

XP Pro, SP3 (32-bit); EAM Full Suite v7.0.0.21(beta) ; Firewall: Comodo 3.14 FW only! (Defense+ HIPS)
Win 7 Home Premium x64, SP1; Firewall: Comodo 3.14 FW only! (Defense+ HIPS); EAM Full Suite v7.0.0.21(beta)

#7 jerome

jerome

    Member

  • Members
  • PipPip
  • 36 posts
  • LocationFrance

Posted 05 August 2010 - 10:39 AM

Hello,
sorry I was too busy to come here before.
Full scan clean this morning after update.
Thank-you!
2 stupid questions:
1.Almost each day, during the updates I can see "Download Anti Malware Network Module" (Community Module). Is this normal?
2. On the right and low part of the main page, when the cursor of the mouse is on the number of signatures, I have a little pop-up open with the number of dections (here 11, all FP!). Is it possible to reset this and to have it at 0?
Regards,
JEROME from Paris, France.
Windows Vista Home Premium SP2 updated.
Acer computer.3 Gb RAM.
McAfee security suite allways updated.
Emsisoft Anti-Malware (5.1.0.4) and Malwarebytes-Anti-Malware just to scan on demand.

#8 Rob R.

Rob R.

    Forum Regular

  • Emsisoft Employee
  • 900 posts
  • LocationNetherlands
  • OS:Windows XP
  • AV:Emsisoft Anti-Malware
  • HIPS:Online Armor

Posted 05 August 2010 - 11:32 AM

Jerome,

About your 2 questions.


1. Yes, it's normal. I guess they are finetuning this component, there is nothing wrong with your installation. Released updates can also be seen here; http://www.emsisoft....gelog/personal/

2. Good question! I never missed that "reset button" until now.
Back to Emsisoft Emergency Kit


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Emsisoft Support Forums
  2. Company & Products
  3. Customer Support
  4. Emsisoft Emergency Kit
  5. Privacy Policy
  6. Terms of Use ·