Loading Profile...
wextract.exe false positive with vipre???
Hello everybody!
I have this problem:
I ran today i quick scan with Vipre and it found Trojan.Win32.Packed.gen (v) in my wextract.exe file in system32 folder. It also found the same trojan in the executable of a program which I instantly uninstalled it. This happened in 2 computers, my laptop and my desktop.
My problem is that I did some tests: I expanded wextract.ex_ from my Windows installation CD (sp3 slipstreamed) and Vipre found the same trojan. I even extracted the same file from the Windows Service Pack 2 and 3 executables (which I used to update my installation) and it found the trojan in wexctract.exe (file version 6.0.2900.2180 for sp2, 6.0.2900.5512 for sp3).
I had a backup copy of my windows installation sp1a cd in a hard drive. I expanded the wextract.ex_ and it found nothing on the expanded wextract.exe (file version 6.0.2900.1106).
I noticed that this happened after vipre updated itself to the new definitions' version (I currently have version 5010). Before this update it found nothing neither in the system32 folder nor in the program now found to have the same trojan.
I don't know whether it is a false positive or the new vipre engine is better than the old one but I think it's a bit difficult that the trojan infected the compressed files inside the service pack package.
I have submitted you the files for analysis.
Thank you for your time!
Peter Perdikouris
I have this problem:
I ran today i quick scan with Vipre and it found Trojan.Win32.Packed.gen (v) in my wextract.exe file in system32 folder. It also found the same trojan in the executable of a program which I instantly uninstalled it. This happened in 2 computers, my laptop and my desktop.
My problem is that I did some tests: I expanded wextract.ex_ from my Windows installation CD (sp3 slipstreamed) and Vipre found the same trojan. I even extracted the same file from the Windows Service Pack 2 and 3 executables (which I used to update my installation) and it found the trojan in wexctract.exe (file version 6.0.2900.2180 for sp2, 6.0.2900.5512 for sp3).
I had a backup copy of my windows installation sp1a cd in a hard drive. I expanded the wextract.ex_ and it found nothing on the expanded wextract.exe (file version 6.0.2900.1106).
I noticed that this happened after vipre updated itself to the new definitions' version (I currently have version 5010). Before this update it found nothing neither in the system32 folder nor in the program now found to have the same trojan.
I don't know whether it is a false positive or the new vipre engine is better than the old one but I think it's a bit difficult that the trojan infected the compressed files inside the service pack package.
I have submitted you the files for analysis.
Thank you for your time!
Peter Perdikouris
3
people have this problem
I have this problem, too!
Tell me when someone solves it.
The more people who report this problem, the more it gets noticed.
The more people who report this problem, the more it gets noticed.
Create a customer community for your own organization
Plans starting at $19/month
-
Inappropriate?Thepeterp, Thank you for posting your question. This is probably a false positive, if you already submitted it to us, then you can just have it add that file to the always allowed list to prevent it form blocking it again., and our researchers will work on fixing it in a definition update.
If you have any further questions please let us know. -
Inappropriate?I have just downloaded Windows XP service pack 3 redistributable package, I extracted wextract.ex_ from it, expanded it to wextract.exe and vipre found the same trojan.... so it's probably a false positive...
Thanks for your immediate reply!
