RapidQ - A Squared question

M

MightyKitten

Allarmed by a messagre about a possible trojan, I launched A squared an hour
ago to scan everything on my disk. Fortunately, the alarm was fake, but
Asquared gave me still a waring about the RAPIDQ32.LIB. being a Backdoor.sys

I would like to know why A Squared is screaming this is a malware product
(other programming enviroments I installed (including some I find more
questionable) are not mentioned. I'm open to the posibillity it might be an
erronous warning, but then again: why?

McAfee did not warn me about it, by the way, and I downloaded RapidQ from
the 'official' website: http://www.basicguru.com/rapidq/download.html

Your advise please...

MightyKitten
 
B

Bjorn Simonsen

MightyKitten wrote in said:
Allarmed by a messagre about a possible trojan, I launched A squared an hour
ago to scan everything on my disk. Fortunately, the alarm was fake, but
Asquared gave me still a waring about the RAPIDQ32.LIB. being a Backdoor.sys
Click to expand...

I would ask in A2 forum <http://forum.emsisoft.com/>. My guess
(only!), a false postive, the lib file having some code also
identified in a backdoor trojan. In the trojan the code is put to
harmful use, in the lib file it is a just another "feature". Or A2
using heuristics, identifying possibly harmful code. Maybe e-mail both
A2 and author of RapidQ about it...I guess they both would like to
know (if they don't already).

All the best,
Bjorn Simonsen
 
A

Anti_Freak_Machine

MightyKitten said:
Allarmed by a messagre about a possible trojan, I launched A squared an hour
ago to scan everything on my disk. Fortunately, the alarm was fake, but
Asquared gave me still a waring about the RAPIDQ32.LIB. being a Backdoor.sys

I would like to know why A Squared is screaming this is a malware product
(other programming enviroments I installed (including some I find more
questionable) are not mentioned. I'm open to the posibillity it might be an
erronous warning, but then again: why?

McAfee did not warn me about it, by the way, and I downloaded RapidQ from
the 'official' website: http://www.basicguru.com/rapidq/download.html

Your advise please...

MightyKitten
Click to expand...

Someone most likely wrote a trojan using rapidq. Ad-Aware uses a string
from the rapidq library to detect the trojan. You use ad-aware to scan
your rapidq library and voila- false alarm -it thinks it sees the string
from the trojan in the library.

IIRC AVG gives a false alarm as well.

You could always send the file to a few AV companies to dbl check, but
I'm pretty sure it is a false alarm and will be corrected by the next
update (due to a bunch of people questioning AA about it)
 
A

Anti_Freak_Machine

Anti_Freak_Machine said:
Someone most likely wrote a trojan using rapidq. Ad-Aware uses a string
from the rapidq library to detect the trojan. You use ad-aware to scan
your rapidq library and voila- false alarm -it thinks it sees the string
from the trojan in the library.

IIRC AVG gives a false alarm as well.

You could always send the file to a few AV companies to dbl check, but
I'm pretty sure it is a false alarm and will be corrected by the next
update (due to a bunch of people questioning AA about it)
Click to expand...
Ooops, thought A squared was ad--aware...but same thing still applies.
 
M

MightyKitten

MightyKitten wrote:
<Whatever>

Thanks guys for the replies, I guess it is a false positive, but I'll go
mailing A Squared and RapidQ, to inform them, as I agree with Bjorn it might
be something both parties want to know about.

Migthykitten
 
R

Roger Johansson

MightyKitten said:
Allarmed by a messagre about a possible trojan, I launched A squared an hour
ago to scan everything on my disk. Fortunately, the alarm was fake, but
Asquared gave me still a waring about the RAPIDQ32.LIB. being a Backdoor.sys

I would like to know why A Squared is screaming this is a malware product
(other programming enviroments I installed (including some I find more
questionable) are not mentioned. I'm open to the posibillity it might be an
erronous warning, but then again: why?

McAfee did not warn me about it, by the way, and I downloaded RapidQ from
the 'official' website: http://www.basicguru.com/rapidq/download.html
Click to expand...

This is a known problem, and most anti-virus programs have been updated
so they do not give this false warning anymore.

It was somebody who wrote a virus once in the rapidq language, the
anti-virus programs were using a part of that virus which is a part of a
standard library in rapidq instead of using the virus code itself.

So we have had to inform all the anti-virus makers about the mistake,
and they have changed their AV scanners, but the program you are using
has obviously not been updated.

If other AV scanners do not have any problems with it you can be sure it
is a false positive.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

FWT Newsletter - Weekly - November 3, 2003 2

Top