Latest posts of: BillR -
Welcome Guest.   Make a donation to an author on the site July 27, 2015, 10:33:50 PM  *

Please login or register.
Or did you miss your validation email?

Login with username and password (forgot your password?)
Why not become a lifetime supporting member of the site with a one-time donation of any amount? Your donation entitles you to a ton of additional benefits, including access to exclusive discounts and downloads, the ability to enter monthly free software drawings, and a single non-expiring license key for all of our programs.

You must sign up here before you can post and access some areas of the site. Registration is totally free and confidential.
The N.A.N.Y. Challenge 2012! Download dozens of custom programs!
  Forum Home Thread Marks Chat! Downloads Search Login Register  
  Show Posts
      View this member's profile 
      donate to someone Donate to this member 
Pages: [1]
1  Special User Sections / DC Website Help and Extras / Re: Websense (Directly and via VirusTotal) - DonationCoder is Malicious on: January 21, 2014, 10:32:31 AM
So a quick summary:
  • WebSense corrected its rating. 
  • rgdot documented FP process:
    suggest that Websense researchers reevaluate a categorization by e-mailing
  • N.A.N.Y. Challenge 2014 idea suggested: website oriented VT auto-submission tool.  (I originally wrote "2104".  I hope for a much better solution by then but don't expect to see it personally.)  Or maybe this already exists?
  • This challenge to Mouser's equanimity has passed.  cheesy
2  Special User Sections / DC Website Help and Extras / Re: Websense (Directly and via VirusTotal) - DonationCoder is Malicious on: January 20, 2014, 12:37:04 PM
Has anyone found a way to report a false positive to these Websense jokers?  It never ceases to amaze me how these security services have no problem classifying things as malware for no reason and then make it almost impossible to contact them to have it corrected.

I've found reporting any reputation/blacklist false positives quite painful.   Sad  In some cases I can't request a review unless I'm registered but registration requires a non-hotmail/gmail/... and non-mailinator/... account and a business phone and review/approval by the marketing(?) dept. OR purchasing the software.  In another, I had to resort to private correspondence with the contractor supporting the blacklist site (found his email from a different project years ago) because my email address was improperly treated as blacklisted on the registration page (a configuration/programming error triggered a review) and of course I couldn't use the website contact admin form to report a problem because I was under review.

Mouser and other authors, if you don't already, you might try submitting any published program version to the three AV meta-scan sites VirusTotal,, and Metascan-Online just to see if there is a problem and to get the (slow?!) review process started.  Between them they cover at least 25 *nix and MS Windows-based antimalware engines plus another three dozen Windows-based engines (although many primarily use signatures from one of the same few sources like BitDefender).  Most of these are primarily/just signature oriented.  Won't guarantee AV-conflict-free installations with actual installed antimalware products but I assume it should help.  

Mouser or others may disabuse me of the efficacy of this idea, of course. For example the new freeware-ish version of XYplorer (a great file manager) is still listed as malware by four engines a couple of weeks later.

The best summary of how to report file false positives that I know about is by Chiron on TechSupportAlert (please chime in if you know of other good ones, especially any that automate reporting!):


towards the top of the page -- under "Classification" there's a link "suggest different classification".
Yes, tried that.  Don't expect it to work since I think the real problem is the evaluation of the file.  Of Jotti (~25 engines), VirusTotal (48), and Metascan-Online (40) only Antiy flags FARR. (Antiy FP review already requested.)

BTW, URLvoid also passes DC site as a whole.
3  Special User Sections / DC Website Help and Extras / Websense (Directly and via VirusTotal) - DonationCoder is Malicious on: January 19, 2014, 09:38:33 AM
Random Idea - Maybe a simple way to submit every(?) page of a site to VirusTotal for evaluation?  Several tools will list all links and build a tree and VT has a simple API so I guess this would be primarily a script (with a 16 second delay between submits) and some parsing of the results to build a simple report.
I've also noticed that and will return different results in VT even when one redirects to the other.

Websense (Directly and via VirusTotal) - DonationCoder is Malicious   ohmy


Requested reclassification as productivity software because:

FARR - Program launcher for MS Windows.
Other software is also available on, much of it productivity related such as ScreenshotCaptor (enhanced print/capture screen) and JottiQ (MS Windows Explorer context menu extension to submit files to -- security productivity).

File detected:   FindAndRunRobotSetup.exe
File threat classification:   Malicious
The Websense ThreatSeeker Intelligence Cloud is now reclassifying this URL due to the malicious file it drops. If you suspect someone from your organization went to this URL, inspect their machines for possible malware infection. The assessment overview below does not include the results of this file analysis.
Scroll to the bottom to see FARR.exe analysis
4 Software / Screenshot Captor / Re: Bug - Wrong Description on: November 17, 2013, 02:41:57 PM
"I'm not sure I'm following exactly."  
Sorry, I wrote the comment in a hurry.  The problem is that the description sometimes includes (as best I can tell) inaccurate information.  Citrix may be significant but for the purposes of illustration just consider it "Site 1" and Ixquick "Site 2" and DuckDuckGo "Site 3".  Sometimes the description combines Window A / Site 1 with Window B / Site 2.

In the last example the captured window has one tab only.  The last line is accurate (logged out of Citrix) but the line above appears to refer to a different window (and IIRC probably a different session) with a tab that is displaying Ixquick.

Similarly, in the first example, that window has exactly two tabs (Ixquick displayed, DDG not) but the screen capture description references Citrix (the only tab in a different window).

In both cases I used the active window button from the Quick Capture Bar.  Setup is Vista and IE9.

Is it possible that I pressed a different button and that affected the description?
Yes, this absolutely might be 100% user error!
 I'm quite sure for one of the problem cases that I used the active window button: I consciously thought about the need to capture only the active window and that I wanted the window with one tab; I slowed down and double checked, even hovering over the (correct) button to read the tip.  I'm not nearly as sure about the other case.

Thanks for investigating this.  I will try to create a clean test case (but not until midweek) where I am very careful about which button I use, whether a new session or window, documenting order of actions, etc.  Now that I know how to capture SC itself (main window, anyway), I'll partially document it that way.
5 Software / Screenshot Captor / Re: Bug - New Screenshot: Button & Field Label Text Cut Off on: November 15, 2013, 03:54:52 PM
Screenshot Captor - New Screenshot

Button Labels:
Save image and sh...
Save image but hid...

Field Labels:
...Overide filename:
6 Software / Screenshot Captor / Re: How to Capture Screenshot Capture Itself? on: November 15, 2013, 03:15:56 PM
Thanks for quick response!  Found it under Capture menu in main window.  Should have known you would include it somewhere.  Not easy to search for in the forum, though.

QUESTION: How to use it to capture the new screenshot pop-up?  I can capture main window but not the one to illustrate the bug.  I'll poke around some more in a few minutes.  I'm documenting a bug in another program (hence installed SC again earlier).
7 Software / Screenshot Captor / How to Capture Screenshot Capture Itself? on: November 15, 2013, 02:04:00 PM
How does one use Screenshot Capture to capture screenshots of itself (e.g., those in documentation)?  Or does one just use a different tool?

Apologies if this has been answered before and my clumsy self-referential search in the SC forum failed to find it.
8 Software / Screenshot Captor / Bug - Wrong Description on: November 15, 2013, 01:53:15 PM
This is the description for the IE9 window and tab ("Start new topic ..."; other tab is "Screenshot Captor - Software - Donation Coder") that I am writing in now resulting from Grab Active Window:

11/15/2013 , 2:26:53 PM
https://citrixeast.aporte...nApp/auth/loggedout.aspx?           <=====  ?????
Start new topic - - Windows Internet Explorer

But the only citrix tab open refers to a different window (different session?) which is minimized to the taskbar.

I don't have this problem if I open a new session (from "Start new topic ...") with two tabs ( and
11/15/2013 , 2:40:43 PM
Ixquick Search Engine - Windows Internet Explorer

or new window (from ("Start ...") with two tabs:
11/15/2013 , 2:41:27 PM
Ixquick Search Engine - Windows Internet Explorer

or new window from the citix window:
11/15/2013 , 2:43:33 PM
Google - Windows Internet Explorer

But the citrix window/tab itself (only tab!):
11/15/2013 , 2:46:59 PM                                                      <===== ?????
Citrix XenApp - Logged Off - Windows Internet Explorer
9 Software / Screenshot Captor / Bug - New Screenshot: Button & Field Label Text Cut Off on: November 15, 2013, 01:26:41 PM
For this laptop I set default DPI scaling to large in Vista.  I think this causes the text on the buttons to overflow.   Re-sizing the pop-up with some application implementations/settings sometimes allows more text to display but not here.

One possible quick solution might be to enable hover display.   

I only use SC a few times a year so I don't have the icons/button-positions memorized.
Pages: [1] | About Us Forum | Powered by SMF
[ Page time: 0.039s | Server load: 0.08 ]

Share on Facebook
submit to reddit