Inoculate detecting Backdoor IRC Server 392192 virus

[Kaicolo]

Distributed new Inoculate signature 23.67.08 today and since received several alerts regarding the Backdoor IRC Server virus.

The files that it identifies as having the virus are packages which we have developed to deploy hotfixes and the Office XP service pack. The program used is Install Shields - Packages for the web.

We believe that this is a false positive and the CA 'tech' after little discussion tells me that it is with little [NO] verifying information. Never had much faith in them. So I sent one of the packages to virus@ca.com. I got an automated response to say that it was confirmed clean.

To confirm my belief that it is a false positive, Inoculate also identified Adobe reader patches as also infected with the same virus.

Anyone else experiencing the same?

 

[Kaicolo]

The following is a response I got from CA after sending in a sample package that was being identified as having the Backdoor IRC Server virus.

This is to notify you of the results of your submission, issue number 428970.

With regards to the file "Project2003_Hotfix_838344.exe" submitted by you on 26 Oct 14:21:47 (Australian Eastern Standard Time), we have updated our signature files to resolve the false positive problem of the InoculateIT engine.

The Windows PE (I386,EXE) file "Project2003_Hotfix_838344.exe" has been determined to be clean. Our researchers have analysed the file and found nothing suspicious.


SO if you have Inoculate signatures 23.67.09 or more recent, you should not experience this issue.