Is avast right by not detecting it or is this really malware/spyware?
MBAM and SAS find the file to be secure,
Here I get two flags: http://www.garyshood.com/virus/results.php?r=e82b923d6d2ac34b611d2f410b159a7d
F-prot finds a security risk and AntiVir
aALERT: [TR/Dldr.Genome.ooc] ewido_micro.exe
Is the Trojan horse TR/Dldr.Genome.ooc
I think I will remove the executable. Also have set my zonemap setting stricter via MicroSoft FixIt Center. e.g. improve performance, safety and security with IE-fix. As this was affected here, so the fix had prevention of data export restored,
Hello,
it looks, that it is some old digitally signed file from “ewido networks GmbH & Co. KG” which belongs to “ewido anti-malware”, the certificate has expired in 03/07/2007. I think it’s clean.
But with this file a we should be careful as this was pointed out to me by our forum friend, Pondus, who had that particular file analyzed at Norman’s and got these specifics, I quote:
At 2011-6-23 9:18:53, len wrote:
Greetings,
We have sandbox detection of this file as suspicious(downloading activity). Although it seems to be a part of Ewido antimalware(Now acquired by avg) but it has expired certificate and can be easily modified for malicious purpose. Also, this file has characteristic to download some file form ewido website. Generally security software have websites name in encrypted form but this file has in plain text that can be modified easily to download some other files.
Note: I have added this file to my track list.
Regards
Additionally I add this specific scan with the same MD5 hash, but a complete different file name re:
File Name : 430D5A2E.E7F
File Size : 134496 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : e82b923d6d2ac34b611d2f410b159a7d
SHA1 : dd50332945c62e8f0cd9bc610446be27329c795f
Could that be the malicious counterpart of the original ewido executable?