NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

nickbatch's avatar
nickbatch
Aspirant
Nov 25, 2013

Virus incorrectly flags wextract.exe

I am new to the readynas product and have just installed a RN10400 and for belts and braces turned on the antivirus feature. Having copied my XP latop I now keep getting:-

Antivirus scanner found threat (Downloader:W32/Downldr2.IOGH) in the file '/data/Backup/Nick/SyncBackFree/WINDOWS/SoftwareDistribution/Download/fab149e21283fbaa0a0322fb64cc3aa3/wextract.exe'. Please refer to the documentation for threat types.

Which i think to be a false positive flag as from what I can make out wextract.exe is a must have component of XP.

No other virus checking applications have ever flagged this up. (Sophos, Trend Micro, AVG).

Does anyone have any suggestions/views on 1) This as a threat or 2) If not who to prevent it being flagged as a threat?

It also raises the question as to what documentation to refer for the threat types.
Other Discussions
Questions

5 Replies

Replies have been turned off for this discussion
  • nickbatch's avatar
    nickbatch
    Aspirant
    Nov 25, 2013
    Thank you for your prompt reply. As I suspected, it is a safe file. A search of my C drive gives 8 instances of the file, the most recent, by date and time, are in
    c:\windows\system32 and c:\windows\ServicePackFiles\i386 (both with identical date and time). So they look to be valid.

    Now, how did we get to inform Netgear to tell their supplier about the problem with their virus scan?
  • chirpa's avatar
    chirpa
    Luminary
    Nov 25, 2013
    How do you investigate and study false negative and false positive mail for improving your anti-spam engine?

    Commtouch provides a easy tool for partners to report false negatives (FNs) or false positives (FPs). A team of spam analysts manually reviews each false positive and adjusts RPD algorithms to avoid similar FPs in the future. An automated process analyzes false negatives and uses that information as part of the RPD feed, to benefit future queries.
    -- source: http://www.commtouch.com/product-faqs/

    So you can't report directly, but NTGR can ask the AV vendor to update their signature database.
  • nickbatch's avatar
    nickbatch
    Aspirant
    Nov 26, 2013
    My thanks for the responses.

    Interestingly this has not appeared in the log since Yesterday @ 20:34. I did though have 4 entries in quick succession:-

    Mon Nov 25 2013 20:34:35 System: Antivirus scanner found threat (Downloader:W32/Downldr2.IOGH) in the file '/data/Backup/Nick/SyncBackFree/WINDOWS/SoftwareDistribution/Download/fab149e21283fbaa0a0322fb64cc3aa3/wextract.exe'. Please refer to the documentation for threat types.
    Mon Nov 25 2013 20:34:35 System: Antivirus scanner found threat (Downloader:W32/Downldr2.IOGH) in the file '/data/Backup/Nick/SyncBackFree/WINDOWS/SoftwareDistribution/Download/fab149e21283fbaa0a0322fb64cc3aa3/wextract.exe'. Please refer to the documentation for threat types. Mon Nov 25 2013 20:34:35 System: Antivirus scanner found threat (Downloader:W32/Downldr2.IOGH) in the file '/data/Backup/Nick/SyncBackFree/WINDOWS/SoftwareDistribution/Download/fab149e21283fbaa0a0322fb64cc3aa3/wextract.exe'. Please refer to the documentation for threat types.Mon Nov 25 2013 20:34:34 System: Antivirus scanner found threat (Downloader:W32/Downldr2.IOGH) in the file '/data/Backup/Nick/SyncBackFree/WINDOWS/SoftwareDistribution/Download/fab149e21283fbaa0a0322fb64cc3aa3/wextract.exe'. Please refer to the documentation for threat types.

    I guess the scan has given up reporting it or its been fixed with one of the AV downloads.

NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology! 

Join Us!

ProSupport for Business

Comprehensive support plans for maximum network uptime and business peace of mind.

 

Learn More