Some of my customers have lately been reporting to me that a file I've been
distributing with a paradox program is infected with a trojan.

Obviously I tested their setup and it turns out it is a file in the paradox
9 runtime that is flagged as a trojan. The file 'AXDISTEX.EXE' is reported
as being infected with TROJ_CIH.DAM by the latest definitions in Trend Micro
Office Scan Version7. As the file was last changed 11/2-1998 and not found
by any other the other 3 antivirus programs I tested with I considered this
a 100% false positive and submitted it to the Trend Micro lab to have it
cleared in their next update.

However the exe file does not execute properly (dunno if it requires params
to work or it really is broken) so the response from Trend Micro after
having analyzed it is that they consider it not normal and quote "acting
suspicious". From the fileinfo I can see that the original borland filename
is regarc.exe suggesting that it's used to do registry functions but since
it won't run I haven't been able to monitor what it is doing with
file/regmon.

Has anyone else run into this or a similar situation and can suggest what to
do? I dont have access to a newer version of the runtime so if anyone could
check if this file is in the newer versions as well I'd appreciate it..

Jon,
yes, some of my clients have been scared by the same warning. So I did some
research in the internet and found out - IIRC - that this file was necessary
for the use of IE 4 (or so). Later versions didn't need the file. So I
decided to not deliver it with my apps and never got problems. Otherwise the
virus warning was a real handicap for selling. One of my reseller would not
offer my products as long as this trojan-suspicion did exist. No matter,
that none of the famous anti-virus scanners did complain about.
So my tip: leave it away off you distribution.

Egbert

--
_______________________________
Babst, Institutionsberatung,
BabstSoft e.K.
Ludwigstr. 86
64546 Mörfelden-Walldorf
Tel: 06105 74974
Handelsregister:
Amtsgericht Darmstadt HRA 53360
www.BabstSoft.com
_______________________________
"Jon" <nono@*.com> schrieb im Newsbeitrag
news:469b1155$1 (AT) pnews (DOT) thedbcommunity.com...

"Egbert Babst" <EgbertBabst (AT) BabstSoft (DOT) com> skrev i en meddelelse
news:469bf5de (AT) pnews (DOT) thedbcommunity.com...

Was good to get confirmation. I will bypass the file in my next release.

Thank you.

//Jon