trendmicro's sysclean.exe and VBS:Redlof

Avast Free Antivirus / Premium Security
1

When i try to run sysclean.exe (“demage cleanup engine” from trendmicro) avast stops it and tells me that it is infected by VBS:Redlof. I have searched this forum and wasn’t able to find any explenation except one that was assuming that it is propably due to a pattern file withih. That doesn’t seem to be true since pattern file has to be downloaded separately therefor it is a diferent file …
May be i haven’t done my homework (i never do) and i missed something but why guys from avast hasn’t deal with this. Because even though avast has recieved 100% from virus bulletin and i am happy for them it doesn’t convince me that it can deal with running worms well since it has overlooked at least one 2 days ago. I don’t like to turn the standart shield off everytime i want to run sysclean.

2

  1. Please submit the file in question to virus@avast.com and add a link to the thread to the message body.

  2. Your complaint about avast not detecting some viruses is too vague for me to help. I’d need much more info. e.g. what were these files like (ideally if you still have them), why do you think they were infected, by which worm/virus etc…

Thanks
Vlk

3

i have post this problem here:
http://forum.avast.com/index.php?board=4;action=display;threadid=3274;start=msg23410#msg23410

Include “sysclean” in exclusion file ?

4

avast has detected this for some time. best way is to put it in the exclude list as I can guarentee you it is no virus

5

here is the link
http://www.trendmicro.com/ftp/products/tsc/sysclean.com

and it has found this BKDR_IRCFLOOD.X
it may be nothing 'cause when i checked log file it has removed only few registry keys and they didn’t look harmful to me.

i am sorry if my post sounded little ofensive (haven’t been in good mood yesterday). I use sysclean at work too, even though all computers run officescan from the same company.

6

I just checked here with Avast version 4.1.396 and vps 0418-2. No virus detected whatsoever in that cleaning prog. Don’t know if Avast and/or Trend changed anything. But I do know I have seen more false reports about the ircflood.x And they where reported by several different anti-virus software. Out the top of my head I have seen Norton (symantec), Trend, nod32 and McAfee reported this false alarm. This is the 1st time I hear aobut Avast reporting it. The reports where about different files/progs. Sofar it is not clear to me how/why but it in the meantime I will consider it a known fact that it happens. Ofcourse being cautious when it reports this backdoor is needed. You never know.