SDBot.Gen8 detection - false positive

   Unii antivirusi pot detecta versiunea 4.1.2 Retail ca fiind infectata cu SDBot.Gen8 

In urma raportarilor produsul a fost transmis catre analiza la F-Secure constatand ca detectia este falsa, conform corespondentei de mai jos: 

F-Secure:

Hello,

Thank you for your e-mail.

The file you submitted is indeed clean. A database update will be released to resolve this issue.

For the latest database updates please visit this page:

http://www.f-secure.com/download-purchase/updates.shtml

We apologize for any inconveniences that this may have brought you.

Should you have further questions, please do not hesitate to email us again.

Have a nice day!

--
F-Secure Security Labs              http://www.f-secure.com/weblog/
F-Secure Corporation                http://www.f-secure.com/
BE SURE.

-----Original Message-----
From: office@borgdesign.ro
To: vsamples@f-secure.com
Cc: vsamples@f-secure.com
Date: Thu, 21 May 2009 11:15:55 +0000
Subject: SAS:3960 : False positive : office@borgdesign.ro

> SampleType: False positive
> E-mail: office@borgdesign.ro
> Name: Diac Iustin
> Country: RO
> Phone:
> Source: 84.247.2.135
> 
> OS: Windows XP
> Product: Other or Unknown
> ProductVersion:
> DetectionName: SDBot.Gen8
> UpdatesVersion:
> 
> Subject: False positive
> 
> Description:
> 
> Our customers using F-Secure are reporting SDBot.Gen8 detection.
> 
> Our app is using Themida as protection.
> Need an answer for our customers, it is a virus or a false positive?

Nod32:

From: NOD32 Romania Suport 
To: office@borgdesign.ro 
Sent: Monday, May 25, 2009 1:26 PM
Subject: RE: [virus a variant of Win32/Packed.Themida application] Re: [virus a variant of Win32/Packed.Themida application] fals pozitiv

Buna ziua,
Fisierul lstfirme.exe nu este detectat ca fiind virusat de nod32.
 Cu stima,

ESET NOD32 Romania Suport Tehnic

Antivirusii care detecteaza (fals) virus: 
Norman, Sophos, ClamAV

Cauza: aplicatia este protejata cu sistemul Themida (pentru care unii antivirusi fac confuzie)

Editat de borgdesign - 25 May 2009 la 14:58

Autor	Mesaj Subiect Cauta Optiuni Subiect Raspunde Creeaza Nou subiect Versiune Printabila Translate Subiect
borgdesign Profilul Membrilor Trimite Mesaj Privat Cauta Postarile Membrilor Add to Buddy List Admin Group Aderat: 01 Jan 2006 Locatie: Romania Status: Offline Puncte: 485	Optiuni Postare Raspunde Citeaza borgdesign Raporteaza Multumiri(0) Citeaza Raspunde Subiect: SDBot.Gen8 detection - false positive Postat: 25 May 2009 la 12:18
	Unii antivirusi pot detecta versiunea 4.1.2 Retail ca fiind infectata cu SDBot.Gen8 In urma raportarilor produsul a fost transmis catre analiza la F-Secure constatand ca detectia este falsa, conform corespondentei de mai jos: F-Secure: Hello, Thank you for your e-mail. The file you submitted is indeed clean. A database update will be released to resolve this issue. For the latest database updates please visit this page: http://www.f-secure.com/download-purchase/updates.shtml We apologize for any inconveniences that this may have brought you. Should you have further questions, please do not hesitate to email us again. Have a nice day! -- F-Secure Security Labs http://www.f-secure.com/weblog/ F-Secure Corporation http://www.f-secure.com/ BE SURE. -----Original Message----- From: office@borgdesign.ro To: vsamples@f-secure.com Cc: vsamples@f-secure.com Date: Thu, 21 May 2009 11:15:55 +0000 Subject: SAS:3960 : False positive : office@borgdesign.ro > SampleType: False positive > E-mail: office@borgdesign.ro > Name: Diac Iustin > Country: RO > Phone: > Source: 84.247.2.135 > > OS: Windows XP > Product: Other or Unknown > ProductVersion: > DetectionName: SDBot.Gen8 > UpdatesVersion: > > Subject: False positive > > Description: > > Our customers using F-Secure are reporting SDBot.Gen8 detection. > > Our app is using Themida as protection. > Need an answer for our customers, it is a virus or a false positive? Nod32: From: NOD32 Romania Suport To: office@borgdesign.ro Sent: Monday, May 25, 2009 1:26 PM Subject: RE: [virus a variant of Win32/Packed.Themida application] Re: [virus a variant of Win32/Packed.Themida application] fals pozitiv Buna ziua, Fisierul lstfirme.exe nu este detectat ca fiind virusat de nod32. Cu stima, ESET NOD32 Romania Suport Tehnic Antivirusii care detecteaza (fals) virus: Norman, Sophos, ClamAV Cauza: aplicatia este protejata cu sistemul Themida (pentru care unii antivirusi fac confuzie) Editat de borgdesign - 25 May 2009 la 14:58