Announcement

Collapse
No announcement yet.

Dashlane false positive

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Dashlane false positive

    IObit Malware Fighter

    OS: Windows 7
    Version: 3.1.0.18
    Database Version: 1440
    Scan Mode:Manual
    Time Elapsed: 00:00:24
    Objects Scanned: 54820
    Threats Found: 1
    Save Time: 02/05/2015 03:31:31

    |Name|Type|Description|ID|
    Malware GUID, GUID, HKEY_CLASSES_ROOT\Typelib\{3277cd27-4001-4ef8-9d96-c6ca745ac2f9}, 402319


    -----

    File in registry is "%AppData%\Roaming\Dashlane\ie\KWIEBar.dll"

    This is clearly NOT malware. In addition this addon is digitally signed by Dashlane. And VirusTotal does not report ANY alarm from ANY antivirus suite.

    VirusTotal report (100% clean):
    https://www.virustotal.com/fr/file/5...b242/analysis/

    It is the required addon that allows Dashlane (a SAFE and SECURED password manager) to fill in forms to enter login/passwords that it will send to the visited site.
    Without it, the password manager is no longer functional at all, and we need to enter them manually, and update them manually in Dashlane!

    Dashlane is not an obscure company, it has an official street address, true phone contact, true fiscal number. The website is also clearly identified, as well as its billings, and there's never been any issue about payments and subscriptions for its cloud storage service (optional).

    This report is about the last updated version of Dashlane (see https://www.dashlane.com/)

    Here is what is installed in "%APPDATA%\Roaming\Dashlane\ie" (zipped and encrypted with password "infected", as instructed by you):

    http://www.wikisend.com/download/843...e-ie-addon.zip

    Note: the zipped file above has a 90 days lifetime on "wikisend" (the maximum allowed) starting today.
    Last edited by verdy_p; May. 2nd, 2015, 03:16.

  • #2
    May be some users have experienced problem only because this GUID was harnessed (in the registry of their own Windows installation) by another uynrelated malware trying to steal passwords stored in Dashlane, and installing another unsafe addon on this key.

    Clearly it is not enough to just check the GUID without looking at the software that is pointed by this TypeLib registry key.
    So the ioBit analysis is clearly unsafe if it just considers GUID's that are NEEDED by safe softwares (for example a malware may attempt to infect a GUID of Microsoft Office or Windows itself, this does not mean that the GUID itself is "malware", when it is needed by core functionality.)

    Comment


    • #3
      Most probably a Malware as well. I think I have worked on dashlane once.

      Comment


      • #4
        Hi verdy_p,

        Thanks for your feedback.

        After deep analysis, it is not a false positive. If you do not want to scan it our again, please right click it and add it in our Ignore list.

        If you met any other issues, please feel free to tell us.

        Thanks for choosing IObit to care your PC.
        IObit Support Team --
        If you're happy with our products, please tell your friends, families and colleagues about IObit and IObit products! We'd be very grateful!

        Comment


        • #5
          Dashlane is not a malware, the file I submitted was the original version downloaded secrely from their website. But ioBit is known to install various adwares (that turn to be real malwares) in its "free" products without asking permission to the user.
          Seriously, this is not the first time (all your "free" products have been regularly affected by multiple different versions of your malwares). Ten when you fix them, you just try to use another trick to avoid the detection and blocking by serious antivirus solutions.
          May be your "paid" versions are safe, but this is certianly not the case of your "free" versions which are constantly infected and extremely intrusive.

          Comment


          • #6
            Hello,

            Sorry for my late reply.

            What do you mean by " But ioBit is known to install various adwares (that turn to be real malwares) in its "free" products without asking permission to the user." Please describe the issue more clearly. There should be some misunderstandings.

            IObit does install adwares for users. All users have rights to deny any unwanted programs.


            IObit Support Team --
            If you're happy with our products, please tell your friends, families and colleagues about IObit and IObit products! We'd be very grateful!

            Comment


            • #7
              You've now proven thaty you make false assertions. Dashlane is reputed and recommended by serious security advisory organizations, IoBit is not. And the Adwares added by ioBit WITHOUT CONSENT (directly installed before we ever see the first dialog of your installer) are detected as malwares by almost all security suites (except yours...). They give false ads for abusing products, make illegal recurring payments, do not honor the cancellation requests. Your adverizers are really bad and this comes directly from your prodcut installer as soon as it starts, without ever asking and without providing even any way to unionstall them cleanly. They are siltently disguised under fake Microsoft product names as if they were essential Windows components.
              You've lied multiple times. I've now blocked all your products.

              You claim that "%AppData%\Roaming\Dashlane\ie\KWIEBar.dl" is a malware but simply do not check the digital signatures to see if they are legitimate copies of fake files created by others. This is the normal plugin used by Dashlane on IE to support and integrate the password manager.
              And seriously you've not investigated anything, because otherwise you would have detected that there are different versions of this file, one is legit is securely signed by Dashlane, others are unsigned and not made by Dashlane and have other purpose (these may be malwares, jsut like if one installs an unsafe copy of "explorer.exe" in Wnidwos which by itself is not malware but needed (and signed by Microsoft, unlike fake versions that may replace and contaminate them).

              I gave proof that this was a false positive. But now you insist in saying it is not only because you want to use absuive anticompetitive strategies to force users to buy your own product instead.

              Given the level of lies you produce, ioBit is now listed as a malware authoring companyn which is unable to choose its advertizing partners responsibly and does not respect its own users.
              ioBit must now be banned. Final dot.

              And note also that your servers have also been harvested and thousands/millions of user accounts on your servers have been stolen. Your servers are compromized (since at least 1 november 2015) and you never informed your users and continued to produce infected softwares made or distributed by your servers. Even Cnet has banned multiple versions of your free products because they were found to be contaminated (reported by many users, and asserted by notices posted on VirusTotal, and multiple national digital security agencies). But you refuse to solve this problem and continue doing this business without informing users correctly. denying a problem will not help you get more trust from your users.

              Comment


              • #8
                Hi verdy_p,

                Sorry to hear that you are not satisfied with our program. But there should be some misunderstandings.

                First, we recommend programs that we think our users might be interested in. But users can always choose to accept or not according to their requirements during installation.

                Second, you can always uninstall any recommended programs or IObit programs with the standard uninstall way.

                Third, if you think we have false positive, please send us the scan log and zip the suspicious file with password "infected", upload it to www.wikisend.com and then give us the download link to help us analyze again.

                At last, could you please give more details about " reported by many users, and asserted by notices posted on VirusTotal, and multiple national digital security agencies"? Yes, some programs detected our programs falsely sometimes. And we are communicating with them to remove it once we found. Let's focus on the facts.

                Thanks for your understanding.



                IObit Support Team --
                If you're happy with our products, please tell your friends, families and colleagues about IObit and IObit products! We'd be very grateful!

                Comment

                Working...
                X