Not sure which form to post this in, so I figuredI'd start here.

I have the free version of AVG and this morning it found backdoor.iroffer.3.ar on both my pc and my huband's. Mine was found in a file called dh77.exe in a hidden recycler directory.

I haven't been able to find any information on this, aside from one usenet post indicating it was a false positive

Does anyone know if this is in fact a false positve from AVG? Or, is it something new?

Hi dakikat,

ZIP that thing up and email a copy of the file to virus@grisoft.cz with a brief explanation. You will get a reply. Then let us know too, because this thing is new.


Best regards

_________________

Microsoft MVP Consumer Security 2006, 2007 & 2008

I received the same "BackDoor.IRoffer.3.AR" Trojan horse detected message from my free AVG this morning. It pointed to my downloaded installation file for WinRAR. Specificallly "wrar340.exe" and "wrar340.exe:\Default.SFX".

This file has been on my machine since Oct 2004 without triggering anything so I'm feeling this is a false positive?

Let me know if you need my files.

Thanks
Sherrie

Hi allsoap,

Welcome to our board and to this forum.

Cannot hurt to get it checked. Could be a false-positive, but what if it isn't?


Best regards

_________________

Microsoft MVP Consumer Security 2006, 2007 & 2008

Thanks for the warm welcome! I mainly lurk, read and learn all that I can here.

I've sent the file and patiently await the diagnosis.

Thanks
Sherrie

'lo all..

AVG Free just popped up the same warning for a file I got from a safe source over a month ago (russianbonuspack2k4.exe). I'm currently trying to get it through to grisoft (it seems my SMTP server has locked me out temporarily.. God knows why).

Hi Monkeh,

Welcome to CastleCops.

From Russia with Love?

Actually, we do not usually do this many posters, needing help all-in-one thread bit here at CastleCops.

But this is a special case so I'm allowing it. No point in having a bunch of seperate threads scattered all over. I may even "sticky" this one?

Just letting you know that if you try tacking on to other people's threads elsewhere at CastleCops you will get into hot water.

Follow the instructions given, and please let us know here what Grisoft says to you? Thanks.


Best regards

_________________

Microsoft MVP Consumer Security 2006, 2007 & 2008

Alright, sorry, I must've missed that bit

If I manage to get the email through (my SMTP server still isn't letting me in, and the file is pretty big..), I'll let you know if I get a reply.

Edit: I think it was a false detection. I just updated AVG and it shows clean.

May I offer 2 cents here? I believe that the backdoor.iroffer is a trojan and it could be quite possibly be related to a xdcc program called iroffer thats being used as a xdcc on mIRC.

Here's the website for further information: http://iroffer.org/

If you google the "iroffer" you'll come across several hits with links of people having issue with backdoor.iroffer, etc.

I note that there have been no recent responses to this topic,
so here's my 2 pence/cents worth.


The iroffer website contains no new updates since 12/12/05.
The Mcafee web site lists iroffer as a known PUP since 06/12/2002.
(Potentially Unwanted Program)
http://vil.nai.com/vil/content/v_100976.htm

Mcafee Site Advisor also warns of PUP downloads.
http://www.siteadvisor.com/sites/iroffer.org?domain=iroffer.org&ref=safe&client_ver=FF_26.6_6265&locale=en-US&premium=false&client_type=FF&aff_id=0

The iroffer software is designed for file exchange.
Considering the age of this software, it is entirely possible that hacked versions exist. Hacked or not, I would not want it on my computer.

I would say to anyone: if you did not deliberately put this on your computer for a specific reason, remove it at once, or allow your anti-virus to delete it.

I hope this may help someone.