• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

drweb.exe false positive ID as virus

W

WSecure

Basic Pleskian
hi all, thanks for reading!

yesterday I was searching for a anti-virus tool that works on windows server 2008 and installed Ikarus virus.utilities.
It seems it was a good choice to do so, because pctools etc didn't found anything.

however today I login to the box and voila, drweb is a trojan!

I recommend that everyone who uses drweb does a scan on it...


regards

btw: the box is freshly installed since two days, no one has access to it but me, everyone else is blocked from several firewalls!
comodo does find a virus too and here is the jotti.org result!

http://virusscan.jotti.org/de/scanresult/b78a85002740db8b30c5aa0d6e80cecd4f37558e
 

Attachments

  • drweb-trojan.jpg
    drweb-trojan.jpg
    108.8 KB · Views: 4
Last edited by a moderator:
I tried now to update drweb to see if the file comes infected from the update, but drwebupw.exe is so clever, that it doesn't reload the drweb.exe even tho I told the updater to update ALL and not just the virus definitions...

so... I can't say currently where this virus comes from, sry!

would be good, if others upload their drweb exe to jotti and scan it please, so we know if its only me, or a major problem, thx!

regards
 
I would hope so too..
but do you have the exe yourself and could you check if it is a false positive, or do you just smell something?

regards
 
DrWeb is a virus scanning tool. It is extremely common for virus scanning tools to falsely identify each other (when scanning one another) as containing virus signatures (because, of course, they scan for them).
 
You must log in or register to reply here.

Similar threads

G
Issue Database Malware or False Positive?
Replies
2
Views
2K
Gene Steinberg
G
LordLiverpool
Resolved A false positive with KernelCare???
Replies
11
Views
3K
LordLiverpool
LordLiverpool
danami
Input Sentinel Anti-malware Extension for Plesk
Replies
6
Views
4K
danami
danami
danami
Input Warden Antispam & Virus Protection Extension for Plesk
7 8 9
Replies
175
Views
49K
danami
danami
E
How to Set up Your WordPress Website Security
Replies
0
Views
2K
Elvis Plesky
E
Back
Top