Jump to content
IObit Forum
Top Free Driver Updater Tools Best 25 PC Optimization Software Best 22 Antimalware Best 22 Uninstaller Software IObit Coupons & Discount Offers PC Optimizer

Dashlane false positive


Recommended Posts

IObit Malware Fighter

 

OS: Windows 7

Version: 3.1.0.18

Database Version: 1440

Scan Mode:Manual

Time Elapsed: 00:00:24

Objects Scanned: 54820

Threats Found: 1

Save Time: 02/05/2015 03:31:31

 

|Name|Type|Description|ID|

Malware GUID, GUID, HKEY_CLASSES_ROOT\Typelib\{3277cd27-4001-4ef8-9d96-c6ca745ac2f9}, 402319

 

-----

 

File in registry is "%AppData%\Roaming\Dashlane\ie\KWIEBar.dll"

 

This is clearly NOT malware. In addition this addon is digitally signed by Dashlane. And VirusTotal does not report ANY alarm from ANY antivirus suite.

 

VirusTotal report (100% clean):

https://www.virustotal.com/fr/file/5...b242/analysis/

 

It is the required addon that allows Dashlane (a SAFE and SECURED password manager) to fill in forms to enter login/passwords that it will send to the visited site.

Without it, the password manager is no longer functional at all, and we need to enter them manually, and update them manually in Dashlane!

 

Dashlane is not an obscure company, it has an official street address, true phone contact, true fiscal number. The website is also clearly identified, as well as its billings, and there's never been any issue about payments and subscriptions for its cloud storage service (optional).

 

This report is about the last updated version of Dashlane (see https://www.dashlane.com/)

 

Here is what is installed in "%APPDATA%\Roaming\Dashlane\ie" (zipped and encrypted with password "infected", as instructed by you):

 

http://www.wikisend.com/download/843...e-ie-addon.zip

 

Note: the zipped file above has a 90 days lifetime on "wikisend" (the maximum allowed) starting today.

Link to comment
Share on other sites

May be some users have experienced problem only because this GUID was harnessed (in the registry of their own Windows installation) by another uynrelated malware trying to steal passwords stored in Dashlane, and installing another unsafe addon on this key.

 

Clearly it is not enough to just check the GUID without looking at the software that is pointed by this TypeLib registry key.

So the ioBit analysis is clearly unsafe if it just considers GUID's that are NEEDED by safe softwares (for example a malware may attempt to infect a GUID of Microsoft Office or Windows itself, this does not mean that the GUID itself is "malware", when it is needed by core functionality.)

Link to comment
Share on other sites

Hi verdy_p,

 

Thanks for your feedback.

 

After deep analysis, it is not a false positive. If you do not want to scan it our again, please right click it and add it in our Ignore list.

 

If you met any other issues, please feel free to tell us.

 

Thanks for choosing IObit to care your PC.

Link to comment
Share on other sites

  • 3 years later...

Dashlane is not a malware, the file I submitted was the original version downloaded secrely from their website. But ioBit is known to install various adwares (that turn to be real malwares) in its "free" products without asking permission to the user.

Seriously, this is not the first time (all your "free" products have been regularly affected by multiple different versions of your malwares). Ten when you fix them, you just try to use another trick to avoid the detection and blocking by serious antivirus solutions.

May be your "paid" versions are safe, but this is certianly not the case of your "free" versions which are constantly infected and extremely intrusive.

Link to comment
Share on other sites

Hello,

 

Sorry for my late reply.

 

What do you mean by " But ioBit is known to install various adwares (that turn to be real malwares) in its "free" products without asking permission to the user." Please describe the issue more clearly. There should be some misunderstandings.

 

IObit does install adwares for users. All users have rights to deny any unwanted programs.:-)

 

 

 

Link to comment
Share on other sites

  • 5 months later...

You've now proven thaty you make false assertions. Dashlane is reputed and recommended by serious security advisory organizations, IoBit is not. And the Adwares added by ioBit WITHOUT CONSENT (directly installed before we ever see the first dialog of your installer) are detected as malwares by almost all security suites (except yours...). They give false ads for abusing products, make illegal recurring payments, do not honor the cancellation requests. Your adverizers are really bad and this comes directly from your prodcut installer as soon as it starts, without ever asking and without providing even any way to unionstall them cleanly. They are siltently disguised under fake Microsoft product names as if they were essential Windows components.

You've lied multiple times. I've now blocked all your products.

 

You claim that "%AppData%\Roaming\Dashlane\ie\KWIEBar.dl" is a malware but simply do not check the digital signatures to see if they are legitimate copies of fake files created by others. This is the normal plugin used by Dashlane on IE to support and integrate the password manager.

And seriously you've not investigated anything, because otherwise you would have detected that there are different versions of this file, one is legit is securely signed by Dashlane, others are unsigned and not made by Dashlane and have other purpose (these may be malwares, jsut like if one installs an unsafe copy of "explorer.exe" in Wnidwos which by itself is not malware but needed (and signed by Microsoft, unlike fake versions that may replace and contaminate them).

 

I gave proof that this was a false positive. But now you insist in saying it is not only because you want to use absuive anticompetitive strategies to force users to buy your own product instead.

 

Given the level of lies you produce, ioBit is now listed as a malware authoring companyn which is unable to choose its advertizing partners responsibly and does not respect its own users.

ioBit must now be banned. Final dot.

 

And note also that your servers have also been harvested and thousands/millions of user accounts on your servers have been stolen. Your servers are compromized (since at least 1 november 2015) and you never informed your users and continued to produce infected softwares made or distributed by your servers. Even Cnet has banned multiple versions of your free products because they were found to be contaminated (reported by many users, and asserted by notices posted on VirusTotal, and multiple national digital security agencies). But you refuse to solve this problem and continue doing this business without informing users correctly. denying a problem will not help you get more trust from your users.

Link to comment
Share on other sites

Hi verdy_p,

 

Sorry to hear that you are not satisfied with our program. But there should be some misunderstandings.

 

First, we recommend programs that we think our users might be interested in. But users can always choose to accept or not according to their requirements during installation.

 

Second, you can always uninstall any recommended programs or IObit programs with the standard uninstall way.

 

Third, if you think we have false positive, please send us the scan log and zip the suspicious file with password "infected", upload it to http://www.wikisend.com and then give us the download link to help us analyze again.

 

At last, could you please give more details about " reported by many users, and asserted by notices posted on VirusTotal, and multiple national digital security agencies"? Yes, some programs detected our programs falsely sometimes. And we are communicating with them to remove it once we found. Let's focus on the facts.

 

Thanks for your understanding.

 

 

 

 

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...