False postive with Microsoft Anitspyware

Author	All Replies
Lappen join:2000-12-07 sweden ·Bredbands Bolaget	False postive with Microsoft Anitspyware I downloaded and installed zonelog (»zonelog.co.uk/) from this site hxxp://accs-net.com/zonelog/zl119_full.exe I get this report after install quote: Spyware Scan Details Start Date: 2005-02-24 17:39:34 End Date: 2005-02-24 17:40:53 Total Time: 1 mins 19 secs Detected Threats Free Popup Killer Adware more information... Status: Quarantined High threat - High-risk items have a large potential for harm, such as loss of computer control, and should be removed unless knowingly installed. Infected files detected c:\windows\is-ugh11.exe Infected registry keys/values detected HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce InnoSetupRegFile.0000000001 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce InnoSetupRegFile.0000000001 Detected Spyware Cookies No spyware cookies were found during this scan. Virusscan at »virusscan.jotti.org/ gives Status: OK Wondering if this is a fp or if it's really a correct entry -- I can also be found at the SWI Forums as Lappen
	to forum · permalink · · 2005-02-24 11:52:05 ·
CalamityJane Premium,VIP,MVM join:2002-08-27 Eustis, FL	Most likely a FP, yes. There is a note on that download page: quote: Some users have reported that their anti-virus software has alerted them to a virus during installation of ZoneLog Analyser, these are false alerts. We are using the most recent versions of different Antivirus Programs on all of our computers and development systems, to ensure a maximum protection. You can be sure that our software, which you download from the sites below, do not contain viruses. But I'll send MS the file and ask them to see about fixing it. -- It takes a disaster to make a woman out of a female Gladiator Security Forum Proud Member of ASAP (Alliance of Security Analysis Professionals)
	to forum · permalink · · 2005-02-24 13:04:17 ·
Jim Gurd Premium join:2000-07-08 Plymouth, MI	reply to Lappen I'm not surprised. I got several FP's when I tried it. It's now gone from my machine. They need to work out quite a few bugs before this thing comes out of beta.
	to forum · permalink · · 2005-02-24 13:28:56 ·
Lappen join:2000-12-07 sweden ·Bredbands Bolaget	reply to CalamityJane Thanx CalamityJane , I started a thread at the newsgroup in signatures and aslo mailed the developer -- I can also be found at the SWI Forums as Lappen
	to forum · permalink · · 2005-02-24 14:25:08 ·
CalamityJane Premium,VIP,MVM join:2002-08-27 Eustis, FL	said by Lappen : Thanx CalamityJane , I started a thread at the newsgroup in signatures and aslo mailed the developer Great! Thanks
	to forum · permalink · · 2005-02-24 15:23:42 ·
Lappen join:2000-12-07 sweden ·Bredbands Bolaget	Got this reply from the developer I can confirm it is a false positive, the file in question is a temporary file created by the installer to clean up other temporary files it has created after the next reboot. It has often been flagged, falsely, as virus or malware simply because it is programmed in Delphi, a common programming language seemingly used by the malware programmers, and, presumably, has a fairly basic signature. I informed him about these 2 pages »www.spynet.com/falsepositive.aspx »www.spynet.com/vendors.aspx -- I can also be found at the SWI Forums as Lappen
	to forum · permalink · · 2005-02-25 06:17:02 ·


Wednesday, 02-Dec 21:53:11	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 10 years online! © 1999-2009 dslreports.com. page compression OFF