Virus which is not a virus (TIBCO product)

Hi,

I’m using TIBCO product for my work. Recently, Avast detected that TIBCO Rendezvous Communications Daemon (messaging system) is a Virus/Worm.

Here are the details:
File name: C:\tibco\tibrv\bin\rvd.exe
Malware name: Win32:Trojan-gen {Other}
Malware type: Virus/Worm
VPS version: 080717-0, 17/07/2008

I tried to had this file in the Exclusions list, but I guess this exclusions list only contains file that won’t be scanned.

Please advise what would be the best approach as the only solution I found so far is to pause the standard shield then start the service. It is not a viable solution as my computer is then not protected.

OS: Windows XP pro SP2.

Regards,

Ben

Upload the file to VirusTotal and post the results.

You can’t upload the file if it is in the chest, you need to extract it to a temporary location.

Create a folder called Suspect in the C:\ drive, e.g. C:\Suspect. Now exclude that folder in the Standard Shield, Customize, Advanced, Add, type (or copy and paste) C:\Suspect* That will stop the standard shield scanning any file you put in that folder. You should now be able to export any file in the chest to this folder and upload it to VirusTotal without avast alerting.

There are two exclusions lists:
Standard Shield, Customize, Advanced, Add and
Program Settings, Exclusions (this is the one you appear to have used and it doesn’t work for on-access scanning)

Sorry for the late reply.

I simply disabled the standard shield to be able to upload the file. Here is the result:
MD5: a8e240b25b25bb54560b6b31a3395b16
First received: 07.01.2008 13:15:58 (CET)
Date: 07.01.2008 13:15:58 (CET) [>21D]
Results: 3/32
Permalink: http://www.virustotal.com/analisis/d91f4c095c534895c733dad9fcb66b2b

Let me know if I can do anything else.

I would say there is a high possibility it is an FP as the 3 detections are heuristic (which can be prone to FP). The avast Win32:Trojan-gen is generic signature ( the -gen at the end of the malware name), so that is trying to catch multiple variants of the same type of malware and is a fine balance between detecting a new variant and detecting something valid as infected.

If it is indeed a false positive (very likely), see http://forum.avast.com/index.php?topic=34950.msg293451#msg293451, how to report it to avast! and what to do to exclude them until the problem is corrected.

Thank you very much for the reply. I will follow your advise and report it to Avast. I will also check with TIBCO to make sure why this is happening.

Cheers.

No problem, glad I could help.

It may be nothing to do with TIBICO, the Win32:Trojan-gen is generic signature (the -gen at the end of the malware name), so that is trying to catch multiple variants of the same type of malware and is a fine balance between detecting a new variant and detecting something valid as infected.

A belated welcome to the forums.