Hello,

I'm sat here at home watching the snow come down and thought I would run a full scan of my PC using PCTools Spyware Doctor. Well this took ages and ages (probably due to all my sim software on here) and it came up with something called 'Backdoor.formador'.

This after having a little look on the net appears to be a not very nice Trojan (arent any of them?) and so I was surprised to find that the offending file is - rmlbfz02.exe which is the Flightzone02 Portland Scenery program.

This worried me a bit, but having had another look around it appears that my scanner is a little too sensitive and according to other comments its something called a 'false positive'. I didnt want to alter the file, as it might upset my scenery and what would happen if I wanted to install it again?

The Portland Scenery has been on my PC for ages and I've never noticed anything odd until this afternoon, so has anyone else come across this?

Thanks,

Martin

Martin, I sell a lot of digital software and I get contacted by my clients sometimes after they have initiated the install process of the item and their security will stop it mid-install.

This happens because the security has recognized a file component as being a threat, when it is actually not. It happens a lot with the newer operating systems, when you try and download/install an older software program.

So it would not surprise me if the item in question is really harmless. Of course the truth will be revealed shortly I guess...:icon_lol:

Further:-

Here is what symantec has to say about it...

Discovered: December 10, 2003
Updated: December 11, 2003 3:25:55 PM
Also Known As: Downloader-DP [McAfee], Perlovga [McAfee], Backdoor.Trojan.Client [Symantec], Backdoor.Formador.c [Kaspersky]
Systems Affected: Windows 98, Windows 95, Windows XP, Windows Me, Windows NT, Windows 2000

Backdoor.Formador is a back door server that allows unauthorized remote access to a compromised computer.

Hi,

Due to the numerous users of this scenery and no a massive complain about something wrong .. your conclusion about a false positive seems to be right.
This false positive can be triggered by some scripting in the EXE used maybe for some protection purpose.
The anti-trojans softwares scan at large and if some parts of a code or scripting is found and linked to some code of a trojan in their database .. they trigger the alarm.

My last trojan scan identified everything from Captain Sim.
The jury is still out on this one... :d

Thanks to everyone for their replies, very much appreciated. I've placed the offending .exe into quarantine for a while, but have the software backed up and having a look on an Avsim thread, think as you say its a 'false positive'.

Thanks again,

Martin

Edit: Come to think of it, as a useless bit of information, and not knowing much about how computers work, I think I understand the scripting and how it may be linked. Recently when working on one of Dave Molyneaux's Austers, a command that he instigated within the .cfg file to open a window, triggered a readme file from the Aerosoft Beaver to appear on my screen, every time I tested that function. Now, he didnt have the Beaver and so was oblivious to what was going on. Suppose in a way this is the same thing with this program being triggered by a piece of code within.