DonationCoder.com Forum
Main Area and Open Discussion => General Software Discussion => Topic started by: mouser on March 11, 2008, 11:46 PM
-
Today's update of McAfee virus definitions has suddenly started alerting people that there is the Generic.Dx trojan found, whereupon the program exe is automatically deleted.
There is absolutely no malware in any of our programs -- it's a false alarm by an over eager antivirus company, which has a history of doing this software authors (see the funny articles in the linked thread).
We've gotten an official reply today confirming that it's a false alarm and there is no virus/trojan:
AVERT(tm) Labs, APAC
Thank you for submitting your suspicious file.
Synopsis -
Our Senior Virus Research Engineers have examined the file in question
and no virus was found.
Solution -
Attached is an extra.dat with correct detection. This correction will
be included in the next DAT update.
Hopefully a new update will be pushed through to users very soon.
If you can't bear to wait i'm attaching the Extra.DAT update file I was sent, and instructions for installing it can be found here: http://vil.mcafeesecurity.com/vil/systemhelpdocs/extradat.aspx
-
I can confirm that using the Extra.DAT file it seems to stop alerting on all of our programs, so at least their temporary fix works -- and hopefully their new definitions will go out with fix this right away.
-
If you ever get a virus alert, you should know that it is very common to get false positives from over-aggressive antivirus tools which aren't very concerned about falsely identifying something as a virus.
I've complained a lot in the past about the failure of antivirus tools to usefully inform users when some new detection is more of a guess than a sure thing. In cases where a brand new update detects something, it should be a no-brainer that the user should be told a little more about the possibility that it's a false alarm, and given more help and information for how to figure out if the threat is real.
If you get a virus alert one thing you can do is visit a few of the very cool free websites which will scan the file using a wide variety of different antivirus engines. If your antivirus is the only one that detects something then chances are it's probably a false alarm.
Here are the reports for a file that McAfee started alarming on today:
From virustotal.com (http://www.virustotal.com):
[ You are not allowed to view attachments ]
(the annotation is mine)
And another from http://virusscan.jotti.org/ (http://virusscan.jotti.org/):
[ You are not allowed to view attachments ]
-
maybe they are all wrong and mcafee is the lone ranger, and you are the most cunning virus writer ever, creating a whole persona over several years to fool the entire world into trusting your software :eusa_naughty:
(couldnt resist)
-
Thanks for the quick cure, mouser. Running Launchbar Commander with the new Extra.dat works fine. :Thmbsup:
-
Sometimes I wonder about these daily updates issued by most antivirus vendors.
How possible is it that most antivirus vendors only issue protection from new threats once a week and spend the rest of the week issuing fixes for all the false positives from them?
The attitude of the antivirus vendors is that a false positive is better than a false negative, and to a certain degree I would have to agree with them on that, but when a certain particular antivirus has a track record of more false positives than just about any other and it's a big name that is trusted & used by so many, it creates a situation where users believe the alerts and it can ruin a coder's reputation in a single day, especially a young one that hasn't released much yet.
About 3 years ago, a kid from my chatroom that was just learning C created a really cool little utility (http://appsapps.info/tsc_classic/projects/list2mx/index.php) and I released it on my group's site. There was nothing wrong with it...it was clean.
About a week later, people came flooding into the chatroom accusing my group of releasing malware, and this kid in particular. All of them had something in common...they were all McAfee users.
I sent a copy of the file to McAfee, along with the source, and never heard from them about it beyond an email confirming that I had sent them the file and that they would look into it.
This kid had no idea what in his code could have set off the false positive so he had no idea how to fix it. What ended up happening is another member of my group created their own version of the utility, an almost clone of the original, and we replaced the one on the site with that one. Sad, really, because to this day I feel the original is the better version. I wish I could have left the original on the site, but McAfee doesn't care about fixing their crap to protect the reputation of an unknown beginning coder.
Mouser, consider yourself lucky that they responded and issued any kind of fix at all. It means they think you are important enough to the world of software to do so. If you were a complete unknown and LBC was your first release, you'd be waiting a long long time.
-
Thanks for the info but the link detailing how to install EXTRA.DLL only applies to the Enterprise edition of McAfee. I have the Home/Home Office edition, and after a lot of hastle managed to get the following advice from McAfee
How to install an EXTRA.DAT
Summary: This document will explain how to apply an EXTRA.DAT file.
Affected Suites: Affected Products: Affected Operating Systems:
Total Protection
Internet Security Suite
PC Protection Plus
VirusScan Plus
VirusScan
Windows 2000
Windows XP
Windows Vista
Description
EXTRA.DAT files contain information that is used by VirusScan to detect new viruses. When a major virus is discovered, and extra detection is required, an EXTRA.DAT file is made available until the normal VirusScan update is released.
EXTRA.DATs can be downloaded from the the Newly Discovered Threats page, the Recently Updated Threats page, or the Removal Instructions section of the description for the major virus. When an EXTRA.DAT file is added to the VirusScan folder on your hard drive, it is used by the product, in addition to the normal DAT files, to detect the new virus. This enables VirusScan to protect your computer from the new virus until the official update is released that contains the virus detection/removal information. After the official update is released and installed, the EXTRA.DAT file is no longer necessary.
EXTRA.DAT files are good for 14 days, at which time they disable themselves. McAfee recommends you keep your VirusScan up to date by downloading and installing the official daily updates.
Solution
EXTRA.DAT instructions
EXTRA.DAT should be copied into the same directory where avvclean.dat, avvnames.dat, and avvscan.dat are.
For example:
C:\Program Files\McAfee\VirusScan\DAT\xxxx.x
(where xxxx.x is the DAT version number)
Note: For Windows Vista 64-bit computers, the directory is: C:\Program Files (x86)\McAfee\VirusScan\DAT\xxxx.x.
Restart your computer.
Additional information can be found at the McAfee Threat Center: http://vil.nai.com/vil/systemhelpdocs/extradat.aspx.
Last Modified: 12/05/07
Modified by: asj
Once installed the EXTRA.DLL worked fine
-
WOW!
Today, the Generic.dx Trojan that I run on my machine informed me that McAfee Virus Scan has screwed up again.
Thank goodness for Generic.dx. Thanks to its timely warning I was able to deploy the MVS-removal tool in time to
prevent every executable on my machine from being moved into quarantine.
:huh:
-
;D ;D ;D
-
To follow up, it looks like McCafee pushed out an update as promised that stops labels the programs as having generic.dx infection.
McAfee users can now reinstall the same programs, or even just restore them from quarantine area of McAfee control center (Restore->Files).
-
This has hit me big-time!
Last Wednesday, while on holiday, I started getting notifications that McAfee had been deleting my applications (3 of them) and I had very unhappy customers.
OK - McAfee have released a new DAT file that has "fixed" the problem but not the damage that has been done. I supply software to the rather sensitive healthcare industry and although I immediately released a statement explaining what had happened, I dread to think what this has done to my reputation (no smoke without fire etc). This is compounded by the fact that we have just launched a marketing campaign aimed at a new group of potential customers.
On top of this is the support load of getting all our customers back up and running again.
The whole episode has made me absolutely livid and has spoilt what should have been a relaxing skiing holiday.
Has anyone ever succeeded in getting any form of legal compensation in these circumstances? I am sure that the McAfee EULA is watertight in respect of their responsibility to their end users but the way this has affected me and the implication that my software is a Trojan seems much like defamation.
Any lawyers out there?
Peter
-
Hi Peter,
Welcome to the site, and welcome to the club of coders who are having their reputations damaged by this outrageous behavior.
This episode was particularly grevious because not only did it tell people that there was this virus but then automatically deleted files without warning or question. Can you imagine if the program was actually performing some critical function? Not cool.
The only think I know to do is try to get information out there to the users so that the blame and anger is properly focused on these antivirus companies and not us!
-mouser
-
Christ, antivirus apps deleting what it thinks are viruses? How lame is that... at least the default action should be "block access" or "quarantine", not frigging delete. Seems like the guys are smoking too many bad floppies, and spend too little time on creating signatures when they find a new piece of malware >_<
-
well delete = quarantine. it auto deletes the file but keeps a copy in its quarantine safe that you can restore (but only after the virus update declares it clean a few days after the original detection).
but the main thing that needs to change is:
1. the antivirus programs have to be honest about how confident the program is that it has found something dangerous
2. it has to give the user useful info and allow them to decide what to do.
-
The problem is that many of my customers have managed AV solutions and they have no options for restoring files or modifying the behaviour of the scanner themselves.
Peter
-
Sorry for the late post, I just got to this thread from the newsletter and it caught my eye, because I was having these problems too. Twice.
First, I was using a VB script in an .msi installer to customize folder icon - to set folder attributes to readonly, because only readonly folders display custom icon (ask microsoft why...). I received complains from users that their AV said that it has detected a malicious script and whether they want to stop it. You can imagine how such a thing affects a first impression of an application. I think it is just outrageous. Not a "potentially malicious script" explaining the situation to the user, but a false and aggressive message. I can understand that when a script in a .doc file tries to access file system, it looks suspicious. But this was a .msi installer, it is supposed to access files. It is really that hard to detect a valid use of a script or are the Norton AV authors that lazy and their law department that good?
Second time, my cursor editor was affected. The animated cursor (.ani) files can contain several frames and if a frame is used multiple times it is not necessary to store it multiple times and instead a vector of frame indices can be used. Well, I took the time to auto-detect duplicate frames to have the smallest .ani files. Unfortunately, there was a exploitable bug in Windows and involving a the vector of frames. Norton AV just considered every .ani cursor with a custom frame vector a virus. A pissed off user gave me lowest rating on download.com because of this false positive and this is just a tip of the iceberg.
So, I have serious issues with AVs, especially with Norton AV. If anyone starts any initiative to improve the situation and force them to be more responsible, I am in. Needless to say I tried to contact them with the first problem, but got no response at all.
-
Uh-oh...I had what I thought was a false positive from Antivir when I downloaded the Screamer Radio Menu on my GF's computer over the weekend. I have forgotten exactly what it said now but I think it was Trojan/Spy.Agentxxxx. Antivir had no explanation other than it may have been a trojan. I got it partially ignored by Antivr but Antivir just wouldn't give up. I thought perhaps a corrupted file and did it over again - same result so I had to delete it. I downloaded the Menu on my pc this AM and my Antivir does not report anything. Now I'm really confused. Anyone have any suggestions?
-
keep in mind that the virus definitions get updated regularly after people complain about these things, so what is falsely detected one day may be fixed and not alarm the next day.
-
After today's McAfee DAT file update (#5271), it reported that Screenshot Captor contained the MalWarrior trojan. I'm hoping this is just another false-positive. Has anyone else experienced this issue?
I would have taken a screenshot of the actual error, but it had already deleted Screenshot Captor!
-
OK NOW I HAVE TO STRANGLE SOMEONE AT MCAFEE.
Thank you for the report, i will complain to mcafee. again. this is getting damned ridiculous.
-
Here's the support email of the mcafee antivirus labs where they deal with false positive issues:
I encourage everyone to email them and let them know how unhappy they are with the sloppiness and irresponsibility of McAfee, with regard to these regular false positive things.
-
One thing is clear.. McAfee is garbage. I suggest people using it find a better antivirus.
These episodes have proven that McAffee:
1) Is sloppy and untrustworthy -- they clearly are not putting any care into adding antivirus signatures.
2) Has a horrible policy of deleting files that they have the slightest suspicion about.
3) Have no interest in treating users with the slightest intelligence (they dont tell you why they are doing what they are doing, nor give you any options, nor tell you the difference between a high and low confidence detection).
-
Reply from McAfee:
Thank you for your email. We are aware of this issue and it should be
resolved in tomorrows DAT release. In the meantime I am escalating your
issue to our senior researchers. Please use the attached Extra.dat to
possibly negate any identification on your system. I tried downloading
the file for Screenshot Captor, but was unable to reproduce detection on
the file. If this extra.dat does not work, I request you to please
submit the file which is causing a mis-detection.
I've attached the latest extra.dat file.
[ You are not allowed to view attachments ]
And instructions from kelibeck above:
How to install an EXTRA.DAT
Summary: This document will explain how to apply an EXTRA.DAT file.
Affected Suites: Affected Products: Affected Operating Systems:
Total Protection
Internet Security Suite
PC Protection Plus
VirusScan Plus
VirusScan
Windows 2000
Windows XP
Windows Vista
Description
EXTRA.DAT files contain information that is used by VirusScan to detect new viruses. When a major virus is discovered, and extra detection is required, an EXTRA.DAT file is made available until the normal VirusScan update is released.
EXTRA.DATs can be downloaded from the the Newly Discovered Threats page, the Recently Updated Threats page, or the Removal Instructions section of the description for the major virus. When an EXTRA.DAT file is added to the VirusScan folder on your hard drive, it is used by the product, in addition to the normal DAT files, to detect the new virus. This enables VirusScan to protect your computer from the new virus until the official update is released that contains the virus detection/removal information. After the official update is released and installed, the EXTRA.DAT file is no longer necessary.
EXTRA.DAT files are good for 14 days, at which time they disable themselves. McAfee recommends you keep your VirusScan up to date by downloading and installing the official daily updates.
Solution
EXTRA.DAT instructions
EXTRA.DAT should be copied into the same directory where avvclean.dat, avvnames.dat, and avvscan.dat are.
For example:
C:\Program Files\McAfee\VirusScan\DAT\xxxx.x
(where xxxx.x is the DAT version number)
Note: For Windows Vista 64-bit computers, the directory is: C:\Program Files (x86)\McAfee\VirusScan\DAT\xxxx.x.
Restart your computer.
Additional information can be found at the McAfee Threat Center: http://vil.nai.com/vil/systemhelpdocs/extradat.aspx.
-
Mcafee isnt the only one, Kaspersky just flagged one of skrommel's utilities as having a backdoor. [ You are not allowed to view attachments ]
Well I downloaded v136 and kaspersky seems to like is so who knows what up with that.
-
Thanks a lot mouser for going through all the trouble for us. :up:
I had that false positive today with Launchbar Commander.
But this is developing into a workflow: Starting the PC, checking what McAffee killed today, visiting this forum, feeling with you, loading the extra.dat file, restarting the system, resinstalling the deleted program, feeling warm and cozy again and thinking of the good old days when I used F-Secure. ;)
-
I encourage everyone to email McAfee and complain about these mistakes.
If you own a blog or participate in another forum, please spread the word about how McAfee is being irresponsible in their antivirus updates.
Something *has* to change in how they are updating their signatures or dealing with heuristic new detections.
Their email is: [email protected]>
Their are many ways they could address this problem:
- Being more careful about the patterns they use in their signature
- Being more honest when reporting a detection, and saying clearly that a brand new, possibly false-alarm incorrect detection has taken place. This seems down right obvious to me -- if you just update your signature database and suddenly thousands of people have a virus detection in a 6 month old program then there is a high likelyhood it's a false alarm.
- Give people some choice about what to do when a virus is detected.
McAfee are doing harm to software authors with their sloppy irresponsible behavior -- please help spread the word so that they are forced to take some corrective action.
And by all means demonstrate your dis-sastisfaction by demanding a refund and boycotting their software until they address this.
-
I just had a thought.. should we actually try to organize a "official" boycott/protest against McAfee?
We've never done such a thing before -- I don't expect we would have much luck maybe we should try?
The goal would be to bring attention to this false alarm issue and insist that they come up with a more sensible way of dealing with it.
-
My software has been hit again by this. 3 completely separate apps have been wiped from end-users PCs without a by-your-leave.
This happened a month ago and we were just recovering from the damage that had done. It has now happened again. McAfee just say "it will be fixed in the next DAT" but that quite frankly is not good enough
I write software for the healthcare industry and many end-users have managed AV solutions so they cannot add exclusions themselves.
This has done incalculable damage to my companies reputation (not to mention my blood pressure)
Peter
-
bassclarinet, it's yet another false alarm on all Autohotkey programs.. You can download the ahk source code for the tool and compile it yourself if you are concerned.
-
The problem's wider than just McAfee's fun and games, though isn't it?
AVG Free is one of the scanners that I use.
It has happily scanned and passed executable files belonging to PECompact for ages.
Then, suddenly, the identical files all are suspect and quarantined. Next... oops they're OK again.
Annoying though this is, I suppose, from a user's point of view, I'd rather have it this way round
-- better safe than sorry -- than fall foul of something nasty.
OTOH, were a product of mine left with mud sticking to it due to some innuendo I'd be hopping mad.
-
No one expects 100% perfect detection.
What i do expect is:
1) a reasonable amount of care and intelligence when adding new signatures.
2) an appropriate message to the user, something like:
"A file on your computer which was previously reported as fine has matched a brand new untested pattern in our database. There is a reasonable chance that this is a false alarm on our part. If you are confident that the program is safe, press this button to keep using it. If you are unsure, press this button to quarantine the program and be informed in a few days when we determine for sure whether the program is dangerous or not. Click here to view detailed information about the pattern found."
-
I agree. However I suspect that McAfee will say that what happens when a suspected virus is found is up to the user. There are usually options to be alerted/quarantine/delete permanently.
They will then hide behind the fact that what happens is the responsibility of the end user
No comfort to me though as the end users don't quite see it like that :(
Another interesting point is that the risk identified in my files by McAfee this time is "MalWarrior". However searching the risk database at McAfee doesnt find it and googling shows that MalWarrior is actually a rogue anti-spyware application. I cannot quite see how any of my applications can be confused with an antispyware application (rogue or otherwise)
Peter
-
I just had a thought.. should we actually try to organize a "official" boycott/protest against McAfee?-mouser
But doesn't anyone with any sense/knowledge avoid McAfee anyway?
-
Sadly we are talking about the UK NHS IT project here. £14bn ($27bn) spent on the largest IT project in the world. It doesnt work properly and as you have so correctly observed it uses C**p software.
The project is so advanced that it doesnt work with IE7 and everyone has to use IE6 or it crashes.
So everyone has managed McAfee installed which then makes a dogs dinner of the job it's meant to do
Sigh . . . :'(
Peter
-
But doesn't anyone with any sense/knowledge avoid McAfee anyway?
-Dormouse
Speaking as one who is ill equipped to enter a battle of wits, I must protest on behalf of myself and the rest of the WOODen tops.
We in the World Organization Of Dopes fail to see why people without sense and/or knowledge in this area should be penalized.
We're the very people most likely to be spooked into turning away in fear from perfectly respectable, legitimate, safe software.
More importantly, we are the most susceptible to inheriting items such as McAfee through slick marketing techniques.
It's also true that this kind of issue emanates from most, if not all, A-V vendors at some point.
Perhaps it's because I've seen a few issues lately, but I have a sense that the problem is increasing.
Maybe it's just that more and more insidious stuff is being released into the wild...?
-
But doesn't anyone with any sense/knowledge avoid McAfee anyway?
-Dormouse
I'd say a big no on that. Everyone I know who buys a Dell has McAfee bundled on their system. They don't care because they need an anti-virus, and they got it "free" for a year. :deal:
In fact, just before I married my wife, she renewed her subscription to McAfee. :wallbash: I've been trying to get her to let me format all that crap off her laptop and put some good applications on there, but thus far she's been resistant.
-
just before I married my wife, she renewed her subscription to McAfee
-Deozaan
What, and you went ahead with the wedding? :o
-
just before I married my wife, she renewed her subscription to McAfee
-Deozaan
What, and you went ahead with the wedding? :o
-cranioscopical
Yeah, another one of these was involved: :deal:
:P
-
I felt strange when reading how people will install this dat fix instead of installing a trustworthy Antivirus...
-
Edited:
Oh, I didn't notice before posting that this thread has two pages..
But speaking of trustworthiness and some kind of campaign against McAfee, my feeling is that such demonstartion would have to come from users of the relevant programs, wouldn't it. Or do 'you' think we could all participate?
-
I know that a number of my users have emailed McAfee already. I am following this up with a letter that I am currently writing
Doubt if it will do any good but it makes me feel better ;)
-
But speaking of trustworthiness and some kind of campaign against McAfee, my feeling is that such demonstartion would have to come from users of the relevant programs, wouldn't it. Or do 'you' think we could all participate?
-Curt
That's what I was thinking. We can't really boycott the product if we're not using it already. And it's not like you can just cancel your subscription half-way through and get your money back if you are using McAfee. It would require some major campaign that spans a couple of years before McAfee would noticed anything from people no longer subscribing. And I'm afraid that, as I said, McAfee being bundled with all Dell hardware I'm aware of, they wouldn't notice a thing anyway.
-
- so now we are going after Dell!! 8) Well, if I was president...
No, civilization, culture and industrialisation has only little to do with genuine progress! :(
-
- so now we are going after Dell!! 8) Well, if I was president...
-Curt
:)
My point I'm trying to make is that I don't think a boycott would be a very effective way for us to communicate our distaste for McAfee's practices. We'll have to think of other means to get their attention.
-
It's not just Dell...McAfee has a partnership with AOL and some other ISP's to promote their stuff, and in some cases to give it away for free to all their customers.
-
If there is to be a boycott, I am 100% supporting it. (see my compaint on the previous page of this thread)
Emailing McAfee may not be enough, they'll just ignore it, we are not their customers anyway and I suppose it even may be their strategy to report the false positives on purpose to appear "useful" to the end user. The truth is, an antivirus is not a replacement for common sense and the virus threat is not that big if you are behind firewall and have OS properly updated.
I'll try to write a blog post about my experiences and give them some bad PR, but I am not sure how effective it would be. I anyone joins the effort it has much better chance to succeed.
-
Thought you may be interested in this reply I just received from McAfee. It came as a result of a letter I wrote to the US, UK and European headquarters. It seems to have hit the right button:
First of all I wish to express my regret in the inconvenience you and your customers may have experienced with the reported incidents. I’ve contacted Mr. Mann, Sr. Manager Avert Labs and he suggests the following:
GP-IT can work with McAfee to get copies of their applications added to our False Testing Rigs, systems that contain known good files that we verify against on every dat release test. If this is something GP-IT is interested in, have them provide us with the contact phone number for someone within GP-IT for us to work with and Avert Labs will contact them to get this process started.
I’d appreciate if you could forward the name and contact details of your liaison with McAfee to me so that similar occurrences may be avoided in the future.
With kind regards
Ronald Rosbergen
Manager Customer Service EMEA
McAfee, Inc.
Peter
-
Go Peter!! :up: :up: :up:
-
...I wonder how much that's going to cost you?
-
"...expressed regret in the inconvenience" and allowed you to help them fix their problems...hmmm. :-\ That's the right business attitude.
Sorry for sounding so ironic. You have managed to do much more than many of us in similar position. :Thmbsup:
-
I am trying hard not to be cynical and am prepared to give them the benefit of the doubt. I will keep you all posted.
Peter
-
Deleting clean software just coz they're incompetent is plain obnoxious! Maybe software authors should start informing users about McAfee's clumsiness using a nice dialog box displayed right at the install phase. Mention that you're not the only developers affected & even urge users to change their AV to something more reliable. I'm sure if enough authors do this it's bound to get them off their asses. Hit right back if the bastards don't listen!
-
Maybe software authors should start informing users about McAfee's clumsiness using a nice dialog box displayed right at the install phase. Mention that you're not the only developers affected & even urge users to change their AV to something more reliable. I'm sure if enough authors do this it's bound to get them off their asses. Hit right back if the bastards don't listen!
-nosh
Sorry if I seem like a pessimist, but I'm still convinced that ignorance is the main problem here. I'm not sure how effective this would be, because everybody I know who uses McAfee AV also fits into the same category of people who don't know much about computers and just look for whatever button they can press to make those pesky dialog boxes go away. Along the same lines, I think they also just click Next -> Next -> Next -> Finish when installing things. I don't think they read it anything. That's how they end up with Google Dekstop/Toolbar or all that Yapoo! crap that's bundled in.
-
Aaaaaaand, another one down! ;D
Microsoft mistakes Skype for a Trojan
http://www.download.com/8301-2007_4-9926921-12.html?part=rss&tag=feed&subj=TheDailyDownload
-
Microsoft mistakes Skype for a Trojan-nosh
Mistakes happens, okay, but it took Microsoft four days to correct the error - I mean, 4 days are like forever for the Skype users caught in between! I would have been extremely disappointed had the same fault taken ESET (makers of NOD32 antivirus) this long to get right.
-
Well, the telcos would agree with calling Skype a trojan... in their business that is ;D
-
I can believe that one or two antivirus like McAffe have a false positive on virus checks but I have used http://virusscan.jotti.org/ and visustotal.com services (recommended on this thread) and I had many, many positives for my setup for screenshotCaptor.
It's hard to believe that a site like this with great software contains virus, but I'm starting to have some doubts...
Here are the results from http://virusscan.jotti.org/:
A-Squared -> Found nothing
AntiVir -> Found BDS/Delf.cue.2
ArcaVir -> Found nothing
Avast -> Found nothing
AVG Antivirus -> Found BackDoor.Generic9.LHX
BitDefender Found nothing
ClamAV -> Found Trojan.Delf-4268
CPsecure -> Found nothing
Dr.Web -> Found Trojan.PWS.Gamania.8999
F-Prot Antivirus -> Found nothing
F-Secure Anti-Virus -> Found Backdoor.Win32.Delf.cue
Fortinet -> Found W32/Delf.CUE!tr.bdr
Ikarus -> Found nothing
Kaspersky Anti-Virus ->Found Backdoor.Win32.Delf.cue (probable variant)
NOD32 -> Found nothing
Norman Virus Control -> Found nothing
Panda Antivirus -> Found Bck/BackPort.G
Sophos Antivirus -> Found nothing
VirusBuster -> Found nothing
VBA32 -> Found Backdoor.Win32.Delf.cue
-
Just so everyone understands where this is coming from, let me tell you a little about myself, first. I have serious trust issues. It is rare that I trust anyone at all, never mind trust anyone completely. I am a well above average in my skills for evaluating a person's character. This is why I don't trust people. ;)
I have known mouser long enough to know that he is the most honest, respectable, trustworthy, caring, generous man I have come across in the 42 years that I have been on this earth. In the dictionary, the word "integrity" should have his picture. I could compare him to Mother Theresa.
I not only would trust my computer to him, I'd trust him with my personal information, the keys to my house, my deepest darkest secrets, and my life...because I know he would never ever intentionally harm anyone or anything. He would never be able to live with himself if he did.
Not only would he never hurt anyone, he goes out of his way to bend over backwards to help people in any way he can.
So when I saw the alleged results posted by bartolome.simpson, I had to go see this with my own eyes, because I could not believe that that many antivirus products could give off that many false positives for a single application.
I downloaded the ScreenshotCaptor setup file and using the exact same online scanner, my results were vastly different than that of bartolome.simpson.
Rather than a "copy & paste", I decided to give the screenshots:
[ You are not allowed to view attachments ]
[ You are not allowed to view attachments ]
I could express some more thoughts, but rather than attack someone else's integrity and say something I may live to regret, I'll just keep quiet now and let what I have posted so far speak for itself.
-
bartolome.simpson: I'm sorry, but you must be doing something wrong. I just downloaded the latest version of SC from its page (https://www.donationcoder.com/Software/Mouser/screenshotcaptor/) and sent it to http://virusscan.jotti.org/ but no virus was found on any antivirus...
[ You are not allowed to view attachments ]
[edit] looks like app beat me to it
bartolome: Something serious might be happening in your computer, most possibly, it is infected with some virus and generating these wrong results..
[/edit]
-
bartolome, something is definitely going wrong on your side -- those are not results that come from any version of screenshot captor that i can find. either you got an antivirus from somewhere else and it's infected your whole computer, including screenshot captor, or you uploaded the wrong file, or else it's possible i guess that you have a really old version of screenshot captor which for some reason has these false positive alarms that no one else is seeing because no one has that version of screenshot captor installed.
maybe you can zip up your screenshot captor folder and mail it to me ([email protected]) and i can see what i can see.. i definitely would not ignore these results, as they look scary and they are not the results that any of the rest of us are getting.
-
I think there's another important issue here: bartolome may have downloaded SC from a site that is modifying people's software.. I really wouldn't like to see that happen. Thus, if it's possible, could you try to find out where you got SC from?
-
http://209.85.175.104/search?q=cache:D_8r2OkclV0J:www.datasecurity-event.com/uploads/runtimepacker.ppt+pecompact+triggers+false+positives&hl=en&ct=clnk&cd=1
Is PECompact really worth all this trouble?
-
Nothing is farther from my intention than to harm or blame anyone (and more after these quick answers that seems to me trustworthy). I was just commenting my problem and my sincere thoughts after the results of my checks.
I'll send Mouser my old setup. It is true that it is not an updated and that could have being infected after I downloaded it time ago from this site (this last option would be weird, given that I've not had problems before and this is the only .exe on my hard disk with the problem, but I have to admit that it is possible).
Sorry for the inconvenience caused and I hope this help to clarify the issue.