Sign in to follow this  
FudgePickle

And why FreeRIP entries in registry bad?

Recommended Posts

Got the following entries from the report. Why

are they considered "Medium Risk"?

a-squared Free - Version 4.5

Last update: 12/1/2009 12:59:11

c:\documents and settings\all users\start menu\programs\freerip3 detected: Trace.Directory.FreeRIP v3.0!A2

Value: HKEY_USERS\S-1-5-21-26502413-1610628737-1200237635-500\Software\MGShareware\FreeRIP3 --> AllowMultipleInstances detected: Trace.Registry.FreeRIP v3.0!A2

Value: HKEY_USERS\S-1-5-21-26502413-1610628737-1200237635-500\Software\MGShareware\FreeRIP3 --> AutoCheckNewVersion detected: Trace.Registry.FreeRIP v3.0!A2

~ INLINE LOGS REMOVED {Lynx}

Share this post


Link to post
Share on other sites

Hi FudgePickle, and welcome to the forum

I edited your post:

1) Please follow Forum Posting Rules and

- provide information about your system

- do not inline post reports, please attach them;

In addition your report was incomplete and actually you could use just a few lines since that is the same type of detection (I left a few as an example)

2) In order to investigate the matter in the first place submit entries from the detection list to EMSI developers for analysis

Please ask if you have questions about the procedure

in brief: Right-Click on the flagged item and choose Submit as False alert from pop-up menu

3) Here are few links to read in order to be more familiar with investigating the matter:

a ) [sticky]

b ) In the reply from Thursday, 25 December under “submitting and or auto-rescanning” there are helpful references about different ways to do that.

I hope you will learn how to investigate, submit detected items, setting Re-Scan option, etc., e.g.: How should I treat the malware I found?

4) Traces are not necessarily dangerous. Read about Traces here

It's just necessary to find out what is the FreeRIP Software that was flagged since there is Trace.Directory detection - if that is removed - the whole package will be quarantined or deleted

My regards

Share this post


Link to post
Share on other sites

Hi FudgePickle, and welcome to the forum

I edited your post:

1) Please follow Forum Posting Rules

Do you mean this link?

and

- provide information about your system

Windows 2000; Service Pack 4; platform=x86

other security Software especially those with

real-time Guards and other background

processes running=none;

Firewall=Zone Alarm

- do not inline post reports, please attach them;

Sorry.

In addition your report was incomplete

How so?

2) In order to investigate the matter in the first place submit entries from the detection list to EMSI developers for analysis

Right clicked and submitted as false alerts.

Please ask if you have questions about the procedure

When will these be reviewed?

It’s actually not necessary for the EMSI Lab to “personalize” submissions. The goal is to analyze and provide a fix with the update if that was FP. That will affect others with the similar detection(s).

In average it may take ~2-3 days. You can rescan manually by Custom Scan.

How will I know that they have been reviewed?

3) Here are few links to read in order to be more familiar with investigating the matter:

a ) [sticky: 82-using-security-software-to-scan-data ]

Read.

b ) In the reply from Thursday, 25 December under “submitting and or auto-rescanning” there are helpful references about different ways to do that.

Do you mean this link?

I hope you will learn how to investigate, submit detected items, setting Re-Scan option, etc., e.g.:

Rescan is set to silent.

How should I treat the malware I found?

Read.

4) Traces are not necessarily dangerous. Read about Traces here[/b]

It's just necessary to find out what is the FreeRIP Software that was flagged since there is Trace.Directory detection - if that is removed - the whole package will be quarantined or deleted

Well, when I do a Google search, it comes up #1:

I doubt that it is a malware program if it has

such a high Google ranking:

Why doesn't A-Squared recognize this?

Share this post


Link to post
Share on other sites

Thanks for reply, FudgePickle

1st, my apology for the missed link – typo - and I fixed that in my previous reply.

The most important note:

Windows 2000; Service Pack 4; platform=x86

A2 is not compatible with win2000, staring from version 4

Version 4.5.0.21 - 11/5/2009 - for Windows XP, 2003/2008 Server, Vista and 7…

there is only the special version 3.5 of Anti-Malware Suite, which is still available since its life was prolonged a bit compare to what was declared. See Download Page

=======

Other than that ... basically, it should not take more than 48 hours (usually less than 24) after the submission from detection list or Quarantine and rescanning with updated signatures whether it is manual or “auto-“respectively according to the method.

If there is a delay and/or the user still has doubting about the result - there is away to send e-mail if there are files or just a report if there are Traces with no file associations.

The address: [email protected]

Before submitting, create a password protected archive (ZIP or RAR) containing the file(s). Make sure the main body of the email contains the password for the compressed archive.

As for Google ranking that is just ranking and you can find these as well currently when checking (see attached images)

“http: // www. freerip. com/download.php” from your 1st link of rankings

or “red WOT” about MGShareware from the 2nd link

But the final verdict can come only from EMSI developers

My regards

Share this post


Link to post
Share on other sites

The first chunk of search results I get for Freerip +spyware show similar disgruntled posts. Although I am not familiar with Freerip, it is not enough that a product be free of spyware. I have found that some detections are also based on the performance of a company - it they distribute undesirable software, whatever its nature, all their products will likely be flagged. Just because they do sdomething 'good', does not mean they can do something 'bad' and thus be ignored.

Share this post


Link to post
Share on other sites
H_D: Although I am not familiar with Freerip, it

is not enough that a product be free of spyware.

I can certainly respect that. For me, if it's not

malware, then it's fine by me. In fact, WebCopier

2.1a DOES have spyware, but it can be removed. I haven't

found a program that copies websites as well, so I

keep using it.

Lynx: A2 is not compatible with win2000, staring from version 4

Download Page said: Version 4.5.0.21 - 11/5/2009 - for

Windows XP, 2003/2008 Server, Vista and 7…

There is only the special version 3.5 of Anti-Malware

Suite, which is still available since its life was

prolonged a bit compare to what was declared.

Well, dang! It works great on my Windows 2000, SP4

system. Do I gotta stop using it?

Lynx: It should not take more than 48 hours (usually less

than 24) after the submission

Still showing as medium risk. I'll keep updating and

scanning.

Lynx: But the final verdict can come only

from EMSI developers

OK. I'll pray that they lower it to "low-risk".

Share this post


Link to post
Share on other sites
...Well, dang! It works great on my Windows 2000, SP4 system. Do I gotta stop using it?...

I really cannot tell how that is working "great"

except considering that "great" = "not crashing" - but not more than that.

And yes, I think that it should not be used on unsupported system.

The preparation of stopping the support for win9x and win2000 was going for a year (see the old forum) prior to the event... and after another official announcement there was quite a discussion(s), since many are still using those systems.

It was mentioned what is still supported as a special version.

Other than that I hope the developers will add some comments

As a final note I may just say that current installer must check the System and be silent in this respect for supported systems , otherwise the notification should be displayed.

If that's not happening - that has to be fixed

My regards

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.