Trojan in EvID4226Patch?

EvID4226Patch is a TCP/IP connections patch that modifies the tcpip.sys file to combat the connections problem associated with SP2 so that P2P prgrams can run effectively.

Anyway, since downloading the newest definitions (yesterday, I believe) avast! gives me a Win32:Trojano-2756 [Trj] in the EvID4226Patch.exe file.

I assume this is a false positive since this an extremely widely-used patch by people concerned with their speeds. Can anyone confirm this?

Thanks.

If you are getting a virus warning that you believe is a false positive, then if you can zip and password protect (‘virus’, will do) the suspect file and send it to virus @ avast.com (no spaces).

Give a brief outline of the problem, the fact that you believe it to be a false positive and include the password in the body of the email. Some info on the avast version and VPS number (see about avast {right click avast icon}) will also help.

You could also check the offending/suspect file at: Jotti - Multi engine on-line virus scanner if any other scanners here detect them it is less likely to be a false positive. You can’t do this with the file in the chest, you will need to move it out.
Or VirusTotal - Multi engine on-line virus scanner

If it is indeed a false positive, add it to the exclusions lists and check scan it periodically using the ashQuick scan (right click scan), when it is no longer detected then remove it from the exclusions.

:slight_smile: And why use a “dangerous” P2P when there is a safer &
cleaner “Shareaza” available at www.shareaza.com !?
You may also want to use Ewido, a FREE premier anti-trojan
program from www.ewido.net/en to see what it “finds”,
if anything !?

LOL. I think you misunderstood me. This is a patch to fix the issue of XP SP2 only allowing 10 concurrent TCP connections, thus severely affecting P2P prgrams. As a matter of fact, one the programs I used it for was Shareaza. I also use Bit Torrent (BitComet client) and DC++, for the record. It’s not a P2P prog itself.

Anyway, I ran one of those multi-scanners and they confirmed it to be “Evid [not a virus]”, so I guess it was just a flase positive. I’ll probably send it to avast anyway, just to be sure.

I believe today’s VPS updade should have changed the detection to something like Evid [Not-a-virus] as well…

Yup, I just updated and that’s what it says. Thanks.

Avast should not be giving any warning about this file. It is non malicious, you have to manually run it to change the TCP/IP Connection limit. I had it give the warning on a clients computer yesterday. Norton, Trend Micro and CA do not detect this as anything because it is nothing.