Why is this considered Malware?

Hi
I just need some educating really … please.
Avast is ‘picking up’ Win32:Evid(Not a virus) as Malware and this is located in a file named EvID4226Patch.exe from www.lvllord.de/ which is used to remove the limit on tcp connection attempts introduced in Windows XP SP2. I understand this is widely used by the P2P community and wondered why Avast considers this Malware … or am I missing something by using this patch?

Cheers
JT.

Hello :slight_smile:

First you can try to upload the file to virusscan.jotti.org or to www.virustotal.com to see if only avast! detects that file as a virus, if so it’s probable a false positive(false alarm)
If it is a false alarm you can send that file to virus[at]avast[dot]com in zip protected archive(usually the password is “virus”) and in the mail body you must write that you think that this file is detected and that this is a false positive. And from Alwil will fix the problem :wink:
Meanwhile you can put that file to the exclusion list :wink:

If not only avast! detect this file as a virus(and others AVs detect this as a virus) it’s probably a virus :wink:

Thanks for the info .:x:M:A:S:.
Unfortunately I cannot upload to either site! The first says the file is 0bytes and the second site says ‘cannot upload files over 10mb’ (file is actually 39kb) … very strange!
The file is suggested as essential at P2P program www.kceasy.com/docs and others?
I think I’ll send it to Avast for their comments.
Thanks again

JT.

You can’t upload it from the chest location, it is protected storage so any virus can’t be activated, you would have to move it out of the chest first.

Thanks DavidR but I hadn’t put it in the chest, it’s still in My Documents and I can delete it easily. It’s just that I want to know if it’s a false positive so that I can decide whether to use it or not!

Cheers
JT.

I suppose that avast! is preventing the access to the file(when avast! finds a virus it blocks the access to it to prevent further infections) :wink:
Maybe thats why you cannot upload the file. You’ll have to stop the resident protecton to upload the file or you have to add the file to the exclusion list.

I hope this helps:

Installing SP2 limits your TCP connection attempts to 10 whereas there wasn’t any limit in SP1. MS supposedly did this as a security measure.
Running EvID4226Patch212 has increased the connection attempts to 50. If 50 is not enough,
then run EvID4226Patch212 using the /L=limit switch. Replace “limit” with any value from 10 to 16777214.
I you wanted to make the number of connection attempts unlimited just like SP1 then run the utility like this:
EvID4226Patch.exe /L=16777214
For a listing of program switches and their usage run it like this:
EvID4226Patch.exe /?

Remember,
This is something I’ve read. I haven’t personally tried or confirmed any of this information.

XP is not a server OS and therefor it is limited to 10 simultanious connections. It has nothing to do with connecting to the net.

And that so called ‘patcher’ is not gonna speed up internet access. In fact it even can slow down the connection speed. Only reliable way to speed up things is getting a faster connection.

I think it really helps, I mean, setting a higher limit than 10 simultaneous connections, in P2P applications.
The limit DOES NOT protect the user himself. It does only help to avoid spreding in the Internet. It is there due to Windows that can be exploited, nothing more. I think it WILL improve connections, specially P2P applications (so, speeding up internet access).

And that so called 'patcher' is not gonna speed up internet access. In fact it even can slow down the connection speed.
Eddy It's not meant to increase your download speed only meant to allow you to be able to connect to more than the default 10 connections. Also, it doesn't slow down the overall speed. The maximum speed is always spread over the total number of used connections. Adding up all of the used download connections will give you your overall download speed.

By the way, avast! still reports this as Malware and we need some kind of an answer and
resolution from them before we can use this patch.
Until I know it’s perfectly safe, I’ve put it into the chest

Sure, a false positive yet not solved :stuck_out_tongue:

It is definitely a false positive. EvID4226Patch.exe is NOT a virus.

It is definitely a false positive. EvID4226Patch.exe is NOT a virus.
Agree but I don't want to add this to the ignore list. I want avast! to fix the false detection. ;D

We too 8)

As of right now, This is still being detected by avast! which means it
hasn’t been corrected. :cry:

We have had 3 more updates but this programs is still being detected as a virus???
Is the fix being worked on???

Dear Alwil,
Another bunch of updates have occured and still no fix for this false positive.
How much longer is this going to take?
Ignoring a problem or in this case a false positive, doesn’t make it go away.
Please rectify this matter. Thanks

Another day and this is still being falsely detected as a virus.
Please correct this, I’m getting tired of checking this every day.
Thanks

I agree, who do we contact to get this resolved?