evilfantasy

False positive?

Recommended Posts

Is this a FP?

From their homepage. "Note: Since the application disables the Task Manager buttons and makes some system changes, some antivirus programs may identify it as malware. Rest assured that the program is clean and its a false positive."

Prevent v 1.0 http://www.thewindowsclub.com/prevent-cut-paste-copy-delete-re-naming-of-files-folders

VirScan results, 7/37 found malware. http://virscan.org/report/8345d21dc9f84d6579a825fe0f4bf6b3.html

Share this post


Link to post
Share on other sites

Hi, evilfantasy, welcome to the forum

Please post a scan report so that we can see exactly what has been detected.

When we have that information, we can progress.

I was unable to open the product website you linked to.

Share this post


Link to post
Share on other sites

Thanks for the welcome. Had to re-register from the old forums.

Scan report. (I only scanned the Prevent Setup.exe) I'll also attach the .zip file which is what you download to get the Prevent Setup.exe.

a-squared Free - Version 4.5

Last update: 10/12/2009 3:21:23 PM

Scan settings:

Scan type: N/A

Objects: C:\Users\*****\Desktop\Prevent\Prevent Setup.exe

Scan archives: On

Heuristics: Off

ADS Scan: On

Scan start: 10/13/2009 3:36:49 PM

C:\Users\*****\Desktop\Prevent\Prevent Setup.exe detected: Trojan.StartPage!IK

Scanned

Files: 1

Traces: 0

Cookies: 0

Processes: 0

Found

Files: 1

Traces: 0

Cookies: 0

Processes: 0

Registry keys: 0

Scan end: 10/13/2009 3:36:49 PM

Scan time: 0:00:00

Share this post


Link to post
Share on other sites

Hey, Kevin

Looks like a false positive heuristics detection to me. It's an Installshield installer and the main executable is upx packed. Malicious programs can do many of the things Prevent is designed to accomplish. 2 of the executable files were built with Delphi.

Submit to [email protected]

Share this post


Link to post
Share on other sites

Hi evilfantasy,

Welcome to our new forum.

Just a note for the future:

Please do not provide neither links for downloading suspects nor EXEs in the attachments

In the old forum links were removed immediately.

Neither developers nor users are not suppose to install any Software.

Only the precise files (the code) from the user's computer should to be Submitted to the developers for analysis in case you are suspecting FP.

Since this is a new forum with new features the matter like I mentioned (links & archives) is discussed currently with developers and moderators and the decisions will be made very soon.

My regards

P.S. You can submit by e-mail as ShadowPuterDude suggested

Before submitting, create a password protected archive (ZIP or RAR) containing the file(s). Make sure the main body of the email contains the password for the compressed archive.

OR

Submit from the detection list:

Right-Click on selected item; choose "Submit as false alert" from the pop-up menu

If items were quarantined you can submit from Quarantine as well

Share this post


Link to post
Share on other sites

Thanks Lynx. I've already been in touch with Christain and he's aware of the attachment/links in this topic. I wouldn't post links/attach something if I thought it could damage anyone's computer.

Share this post


Link to post
Share on other sites

... I wouldn't post links/attach something if I thought it could damage anyone's computer...

Thank you for reply, evilfantasy.

I hope you understand that there were no intentions whatsoever of accusing you personally ;) ...

... but we have to be careful; think about other users; consequences,

and establish proper procedure

Cheers!

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.