Announcement

Collapse
No announcement yet.

How to report False Positive to us?

Collapse
This topic is closed.
X
This is a sticky topic.
X
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Sorry to be a pest

    I deleted the 'theat' that I got in the previous post but it has come back again. Here is the report from today and it is exactly the same as on the 11th

    IObit Security 360

    OS:Windows XP
    Version:1.0.0.60
    Define Version:1174
    Time Elapsed:00:05:20
    Objects Scanned:57576
    Threats Found:1

    |Name|Type|Description|ID|
    Hijack.StartMenu, Registry Data, HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced Value=Start_ShowSearch, 6-680
    Maybe this has something to do with it:

    I installed Everything Search and then went to Administrative Tools > Settings and changed Windows Search from Automatic to Disabled.

    I also customized the Start Menu and took the Search icon out.

    After deleting the threat on the 11th I found that the Search icon was back in the Start Menu the next time I started my computer.

    I have not deleted the 'threat' this time (it does not quarantine just deletes) and will see what happens :)


    EDIT: Here is the Hijack Scan report. The 'threat' is still on my computer during this scan


    Logfile of IObit HijackScan v1.0.0.0
    Scan saved at 3:48:26, on 2009-9-13

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\IObit\IObit Security 360\IS360srv.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\LAUNCH~1\QtZgAcer.EXE
    C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\RocketDock\RocketDock.exe
    C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\PhraseExpress\phraseexpress.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\igfxext.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\IObit\IObit Security 360\is360.exe
    C:\Program Files\IObit\IObit Security 360\IS360tray.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\WordWeb\wweb32.exe
    C:\Program Files\IObit\IObit Security 360\a_hijackscan.exe

    O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\SPYBOT~1\SDHelper.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKCU|\Software\Microsoft\Windows\CurrentVersion\Run\: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
    O4 - HKCU|\Software\Microsoft\Windows\CurrentVersion\Run\: [SmartRAM] "C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" /m
    O4 - HKCU|\Software\Microsoft\Windows\CurrentVersion\Run\: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [LaunchApp] Alaunch
    O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [M3000Mnt] Rundll32.exe M3000Rmv.dll ,WinMainRmv /StartStillMnt
    O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
    O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM|\Software\Microsoft\Windows\CurrentVersion\Run\: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O8 - Extra context menu item: &Download by Arles Download Manager -
    O8 - Extra context menu item: E&xport to Microsoft Excel -
    O9 - Extra button: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -
    O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700}LegitCheckControl.LegitCheck.1 - http://download.microsoft.com/downlo...eckControl.cab
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}Java Plug-in 1.6.0_16 - http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
    O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}Java Plug-in 1.6.0_16 - http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}Java Plug-in 1.6.0_16 - http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
    O23 - Service: Apple Mobile Device (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus (avast! Antivirus) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner (avast! Mail Scanner) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner (avast! Web Scanner) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Bonjour Service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: iPod Service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: IS360service (IS360service) - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    NOTE:
    O8 - Extra context menu item: &Download by Arles Download Manager

    I tried and deleted Arles Download Manager using Revo UnInstaller long ago, other than that I don't know.

    All the best, woz of oz
    Last edited by wozofoz; Sep. 12th, 2009, 21:04. Reason: EDIT:
    FORUM USAGE GUIDELINES - Read this first
    Description of IObit Forum features and requirements - Reading this is compulsory

    Comment


    • hwdrv.sys - False Positive

      IObit Security 360

      OS:Windows XP
      Version:1.0.0.60
      Define Version:1179
      Time Elapsed:00:25:47
      Objects Scanned:74709
      Threats Found:1

      |Name|Type|Description|ID|
      Rootkit.Gen, File, E:\WINDOWS\system32\Drivers\hwdrv.sys, 4-7422
      The file, hwdrv.sys on my system, is a false positive. ABIT uGURU Utility has a legit system file named HWDRV.SYS with date stamp of 12/21/1998 and removing it will crash Windows. My motherboard is the ABIT Fatal1ty Socket 775 gaming motherboard which has a uGURU feature. This utility makes Windows boot dependent upon this HWDRV.SYS file.


      http://file.abit.com.tw/pub/download/utilities/uguru/2.110/2_110_release_note.txt

      Comment


      • Several false positives being reported:

        IObit Security 360

        OS:Windows Vista
        Version:1.0.0.60
        Define Version:1182
        Time Elapsed:00:43:43
        Objects Scanned:91268
        Threats Found:12

        |Name|Type|Description|ID|
        Misleading.EvidenceEliminator, Folder, C:\Users\nannie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Evidence Eliminator, 3-1771
        Misleading.EvidenceEliminator, Folder, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evidence Eliminator, 3-1771
        Misleading.EvidenceEliminator, File, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evidence Eliminator\Evidence Eliminator Help.lnk, 3-1771
        Misleading.EvidenceEliminator, File, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evidence Eliminator\Evidence Eliminator License Agreement.lnk, 3-1771
        Misleading.EvidenceEliminator, File, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evidence Eliminator\Evidence Eliminator Read Me.lnk, 3-1771
        Misleading.EvidenceEliminator, File, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evidence Eliminator\Evidence Eliminator.lnk, 3-1771
        Hijack.DisplayProperties, Registry Data, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer Value=NoActiveDesktopChanges, 6-56
        Trojan.Dldr, File, C:\Program Files (x86)\Kodak\AiO\Center\dib.dll, 12-1814
        Worm.Autorun, File, C:\Users\nannie\AppData\Roaming\SystemRequirementsLab\SRLProxyQ.dll, 12-1938
        Worm.Autorun, File, C:\Users\nannie\AppData\Roaming\SystemRequirementsLab\SRLProxyR.dll, 12-1938
        Worm.Autorun, File, C:\Users\nannie\AppData\Roaming\SystemRequirementsLab\SRLProxyS.dll, 12-1938
        Worm.Autorun, File, C:\Users\nannie\AppData\Roaming\SystemRequirementsLab\SRLProxyT.dll, 12-1938

        Evidence Eliminator: http://www.evidence-eliminator.com it's legit been using it for years no problem.

        dib.dll: Needed by printer Kodak AiO EasyShare 5300

        System Requirements Lab:http://www.systemrequirementslab.com/referrer/srtest for checking comp specs against recs for games.

        Comment


        • Originally posted by CJK View Post
          The file, hwdrv.sys on my system, is a false positive. ABIT uGURU Utility has a legit system file named HWDRV.SYS with date stamp of 12/21/1998 and removing it will crash Windows. My motherboard is the ABIT Fatal1ty Socket 775 gaming motherboard which has a uGURU feature. This utility makes Windows boot dependent upon this HWDRV.SYS file.

          http://file.abit.com.tw/pub/download/utilities/uguru/2.110/2_110_release_note.txt
          hi CJK,

          sorry for the trouble with u.

          it had been solved in definitions version 1183.

          best regards.
          IObit Support Team--Any ideas or suggestions? Please kindly share with us...Thanx

          Comment


          • Originally posted by chbimun View Post
            Several false positives being reported:
            IObit Security 360
            OS:Windows Vista
            Version:1.0.0.60
            Define Version:1182
            Time Elapsed:00:43:43
            Objects Scanned:91268
            Threats Found:12
            |Name|Type|Description|ID|
            Misleading.EvidenceEliminator, Folder, C:\Users\nannie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Evidence Eliminator, 3-1771
            Misleading.EvidenceEliminator, Folder, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evidence Eliminator, 3-1771
            Misleading.EvidenceEliminator, File, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evidence Eliminator\Evidence Eliminator Help.lnk, 3-1771
            Misleading.EvidenceEliminator, File, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evidence Eliminator\Evidence Eliminator License Agreement.lnk, 3-1771
            Misleading.EvidenceEliminator, File, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evidence Eliminator\Evidence Eliminator Read Me.lnk, 3-1771
            Misleading.EvidenceEliminator, File, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evidence Eliminator\Evidence Eliminator.lnk, 3-1771
            Hijack.DisplayProperties, Registry Data, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer Value=NoActiveDesktopChanges, 6-56
            Trojan.Dldr, File, C:\Program Files (x86)\Kodak\AiO\Center\dib.dll, 12-1814
            Worm.Autorun, File, C:\Users\nannie\AppData\Roaming\SystemRequirementsLab\SRLProxyQ.dll, 12-1938
            Worm.Autorun, File, C:\Users\nannie\AppData\Roaming\SystemRequirementsLab\SRLProxyR.dll, 12-1938
            Worm.Autorun, File, C:\Users\nannie\AppData\Roaming\SystemRequirementsLab\SRLProxyS.dll, 12-1938
            Worm.Autorun, File, C:\Users\nannie\AppData\Roaming\SystemRequirementsLab\SRLProxyT.dll, 12-1938

            Evidence Eliminator: http://www.evidence-eliminator.com it's legit been using it for years no problem.
            dib.dll: Needed by printer Kodak AiO EasyShare 5300
            System Requirements Lab:http://www.systemrequirementslab.com/referrer/srtest for checking comp specs against recs for games.
            hi chbimun,

            first of all, sorry for the Fp trouble with you.

            we saw the information u offered above.

            the System Requirements and dib.dll must be Fps and they had been solved in definitions version 1183.

            for the "Hijack.DisplayProperties, Registry Data", it is a new restriction correction , one that seems to be disabled on Vista by default. For now whitelist it and we will look into asap.

            Evidence Eliminator, which defined as rogue by us, it is fake privacy protection or rogue registry cleaner software. here for reference:http://www.411-spyware.com/remove-evidence-eliminator

            you would better remove it asap.

            however, if you really like it, put it into ignore list (not recommended).

            best regards
            IObit Support Team--Any ideas or suggestions? Please kindly share with us...Thanx

            Comment


            • Originally posted by chbimun View Post
              Hijack.DisplayProperties, Registry Data, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer Value=NoActiveDesktopChanges, 6-56
              hi friends,

              here is a reference of solving the problem above: If you are running Vista then this is a false positive and should be added to the Ignore List.

              Even in XP this detection isn't actually malware, it's a setting that is often modified by malware to prevent changing the desktop settings.

              If you've removed it, then just restore it from quarantine and the next time you scan, just add it to the ignore list.

              BTW, if someone can not find it from quarantine any more, donot worry, you can navigate to here (u'd better somewhat comfortable with the registry):
              Code:
              HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges
              change it back to 1 instead of 0.

              cheers
              Last edited by itobe; Sep. 17th, 2009, 04:18.
              IObit Support Team--Any ideas or suggestions? Please kindly share with us...Thanx

              Comment


              • I wanted to remove the notification area from my desktop but after following the steps below and run iobit securit 360 smart scan i might receive false positive report...

                here it is:

                How to Remove The Notification Area In Windows XP Pro

                1.Click on the START button in your task bar and select RUN from the menu.

                2.Type “gpedit.msc” (for General Policy Editor) in the box for the file name and click “Okay”. Note: do not type the quotation marks.

                3.Once the General Policy Editor file has loaded, click to expand the “Administrative Template”, and then click to select the Start menu and Task bar.

                4.From the options on the screen, locate and click to select the “Hide the Notification Area”. Right-click it and select “Properties”.

                5.In the Properties option window, click “Enable” and then click “Okay” to save your changes. The next time you log onto your machine, the Notification Area will be gone.

                This is the report after following that steps and scan my computer with oibit.

                IObit Security 360

                OS:Windows XP
                Version:1.0.0.60
                Define Version:1183
                Time Elapsed:00:00:30
                Objects Scanned:9141
                Threats Found:1

                |Name|Type|Description|ID|
                Hijack.Tray - Removed, Registry Data, HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer Value=NoTrayItemsDisplay, 6-720


                What should i do?

                Thanks and more power to iobit security!!!

                Comment


                • False positive - sdm-2_0-windows-i586.exe

                  IObit Security 360

                  OS:Windows XP
                  Version:1.0.0.60
                  Define Version:1183
                  Time Elapsed:00:11:09
                  Objects Scanned:74497
                  Threats Found:1

                  |Name|Type|Description|ID|
                  Adware.EShoper, File, C:\FOLDER\Installed\Java\Sun Java Download Manager\sdm-2_0-windows-i586.exe, 12-236

                  ==================================================================



                  Sun Download Manager v2.0 README FILE



                  ==================================================================



                  Sun Download Manager (SDM) is subject to the terms detailed in

                  the binary code license agreement supplied in this release. See the

                  files SDMEntitlement.txt and SDMTranslatedLicense.html in the directory

                  where SDM is installed.



                  Before running SDM please review the online help:

                  http://www.sun.com/download/sdm/sdm_help.xml.



                  It provides complete installation and usage instructions as well as

                  known issues and troubleshooting advice. Help may also be accessed at

                  any time by selecting Help->Online Help from the SDM application.



                  ==================================================================



                  Obtaining Sun Download Manager

                  ------------------------------



                  Go to the URL below and follow the steps to "Get the Software".

                  The Sun Download Manager package is available for:

                  Solaris OS SPARC, Solaris OS x86, Linux, Windows, and generic Java (for

                  any Java platform, such as Mac OSX).



                  http://www.sun.com/download/sdm/



                  This README file accompanies the "stand alone" version of SDM.

                  Comment


                  • False positive: TheWorld Browser.

                    LS,

                    Since when a legitimate browser that I'm already using for a long time seems to be malware???
                    This browser, called TheWorld browser is already promoted and praised as a valuable, faster and safer alternative for Internet Explorer by ZDNet, CNet and more. Better protection, more options, more user-friendly. It uses the same render-engine of Internet Explorer but improved it by adding its own features.

                    Never experienced complaints about it, also no other well-known antivirus or antimalware scanner has discovered any harm in it.

                    Just to let you know that I have my sincere doubts about considering this IE-alternative as malware. It's rather a false positive imho. Please consider further research in order to make sure it's a 100 percent safe application. I've downloaded it from their official website. McAfee SiteAdvisor is also not aware of any complaints.

                    Greetings,

                    M.
                    Registered customer of Advanced SystemCare 3.
                    "Destroyers of false hope are the true Messiahs" - Anton Szandor LaVey.

                    Dixit Magister Noctis.

                    Comment


                    • False positive on a GLBasic tool

                      Hi
                      This is the log:
                      IObit Security 360

                      OS:Windows XP
                      Versione:1.0.0.60
                      Versione database:1194
                      Tempo trascorso:00:08:03
                      Oggetti analizzati:65360
                      Minacce rilevate:3

                      | Nome | Tipo |Descrizione|ID|
                      Disabled.SecurityCenter, Registry Data, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center Value=UpdatesDisableNotify, 6-14
                      Tracking Cookies, Cookies, Cookie:pluto@atdmt.com/, 7-1545
                      ADSPY.AdSpy, File, C:\Programmi\GLBasic\Tools\DoctorGBAS.exe, 12-2216
                      "DoctorGBAS.exe" isn't a virus...
                      Plese fix this problem

                      Comment


                      • False positive

                        This False positive is AVG Anti-Rotkit's uninstaller.

                        Comment


                        • IOBit flagging Email Sender Deluxe as trojan!

                          The content of the log file is below:

                          IObit Security 360

                          OS:Windows XP
                          Version:1.0.0.60
                          Define Version:1201
                          Time Elapsed:01:05:29
                          Objects Scanned:69457
                          Threats Found:2

                          |Name|Type|Description|ID|
                          W32.Sality, File, D:\j2sdk1.4.2_15\bin\java.exe, 12-1385
                          Trojan.Crypt, File, E:\Email Sender Deluxe\Email Sender Deluxe.exe, 12-687

                          Please tell me if Email Sender Deluxe is really infecting my computer, I use it to send email campaigns!

                          Comment


                          • Hi hifunda,

                            Please upload Deluxe.exe file to VirusTotal for analization by 41 Anti Virus engines. Feedback of the result will be appreciated.

                            Cheers.
                            enoskype

                            - Beauty lies in the eye of the beholder and belongs to the man who can appreciate it. -

                            Comment


                            • Another (known) false positive! SpywareBlaster.

                              Lectori salutem,


                              Following logfile in Dutch, hope you understand the translations of your own software, however, the Dutch translation of Security 360 v1.0 is far from perfect, it's in fact full of wrong spelling and grammar as well...

                              ---------------------------------

                              IObit Security 360

                              OS:Windows XP
                              Versie:1.0.0.60
                              Define Versie:1202
                              Verstreken Tijd:00:24:15
                              Objecten Gescand:59952
                              Bedreigingen gevonden:1

                              |Naam|Type|Beschrijving|ID|
                              Hijack.Homepage, Registry Data, HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel Value=Homepage, 6-238

                              ----------------------------------

                              This is without a doubt a false positive, but other antimalware scanners often make the same mistake. Just take a look at the screenshot attached and you will know what I mean....

                              I locked the homepage of Internet Explorer (or should I say Internet Exploder, for I prefer Mozilla Firefox above all other inferior, unsafe browsers) intentionally with a legitimate and trusted tool called SpywareBlaster to PREVENT malicious attacks from changing my homepage! There are more scanners that confuse this prevention measure in order to safeguard my browser settings with a "hijack". I wonder why...

                              Any ideas how Iobit could avoid confusing an intentionally protection with a hijack in future releases or (minor) updates? If you are the ones who pretend to have developed a security tool that's much better than all other scanners, then it's pitiful that Security 360 makes the very same mistake as all others, which is imho a potential proof that there is still a lot of work to be done to make this software more worthwhile in the future, just as ASC3 Pro had several nasty flaws in its first releases, but in the meantime after several upgrades and bugfixes they are solved at last.

                              I had my complaints about ASC3 Pro in the past, but thanks to the many bugfixes I'm nowadays quite satisfied.

                              But to stay on-topic: proof of the false positive that I am reporting now = screenshot (file-attach).

                              Grtz,

                              M.
                              "Destroyers of false hope are the true Messiahs" - Anton Szandor LaVey.

                              Dixit Magister Noctis.

                              Comment


                              • Hi MagisterNoctis,

                                First of all, I do use SpywareBlaster together with IS 360 and others.

                                Think about a malware that changes the Home Page and locks it. A computer rookie will not know that, and the result is that the home page is hijacked!!!

                                IS 360 is warning that the Home Page is locked by a software, without accusing SpywareBlaster.

                                Since a user would know that the Home Page is willingly locked (There are many other softwares that doing the same thing.), and easily this warning can be ignored and the item can be moved to the Ignore List.

                                In summary, I don't think that IObit is going to change that behaviour exactly like the other security software which will not change, because Home Page is one of the first targets for hijacking.

                                Cheers.
                                enoskype

                                - Beauty lies in the eye of the beholder and belongs to the man who can appreciate it. -

                                Comment

                                Working...
                                X