Warning for PRO users. virus found in purchased version(False Positive by Comodo)

[fastride09]

I have purchased the PRO version over the weekend for the $19.99 deal.

After downloading the software from http://www.iobit.com it wasn't the pro version, it was still the FREE version... then i had to redownload once again, and i try to click on update to PRO.. then i had to download a new installation once again, some reasons the update doesn't automaticly update the software, you have to complete run a fresh install once again...

 

anyways after getting it to work PRO version, COMODO found (3 virus ) in the PRO VERISON. BE WARNED!!!!!!!!

 

Program Files (x86)\Iobit\Advantce SystemCare 3\madExcept_.bpl

...................................................................\winSkinD7R.bpl

...................................................................\CoolTrayIcon_D6plus.bpl

Malware Name: Heur.Pck.MEW

 

 

Im really not sure how a virus could have been in the download verison of PRO, but COMODO Internet Secruity had found it.

 

 

 

Also i have noticed, last night i downloaded the FREE version for a friend of mine to clean her system, and the funny thing is its scans completely different then the PRO version, free version offered to BACKUP ur system b4 proceeding to clean the pc, and the PRO version did not.

 

 

anyone else have these issues?

 

==========================================================

Tim Xue: We have confirm that this is false positive by Comodo. You can go to virustotal.com to check the result. The madExcept_.bpl is used to generate and send bug report for our product. The winSkinD7R.bpl is skin component, and CoolTrayIcon_D6plus.bpl is SysTray component. Really joke AntiVirus product...

 

VirusTotal Report: http://www.virustotal.com/analisis/b7c24e346e74b0faff6996b2c394dfab

[solbjerg]

Hi fastride

The downloaded file for pro and free are the same, the difference comes when you register your version with the register code number you recieved.

Take a look here in post 7

http://forums.iobit.com/showthread.php?t=1979

Viruses in the install file - I doubt it very very much.

Did you check to see if it had created a restore point?

Cheers

solbjerg

p.s. You posted in the wrong section - it should have been ASC general discussion!

 

 

I have purchased the PRO version over the weekend for the $19.99 deal.

After downloading the software from www.iobit.com it wasn't the pro version, it was still the FREE version... then i had to redownload once again, and i try to click on update to PRO.. then i had to download a new installation once again, some reasons the update doesn't automaticly update the software, you have to complete run a fresh install once again...

 

anyways after getting it to work PRO version, COMODO found (3 virus ) in the PRO VERISON. BE WARNED!!!!!!!!

 

Program Files (x86)\Iobit\Advantce SystemCare 3\madExcept_.bpl

...................................................................\winSkinD7R.bpl

...................................................................\CoolTrayIcon_D6plus.bpl

Malware Name: Heur.Pck.MEW

 

 

Im really not sure how a virus could have been in the download verison of PRO, but COMODO Internet Secruity had found it.

 

 

 

Also i have noticed, last night i downloaded the FREE version for a friend of mine to clean her system, and the funny thing is its scans completely different then the PRO version, free version offered to BACKUP ur system b4 proceeding to clean the pc, and the PRO version did not.

 

 

anyone else have these issues?

[fastride09]

I am waiting for a complete scan to finish with comodo... found 4 others, which might not be with the software itself.. but comodo had found those virus i nthe advantce systemcare 3 ... so unsure how it can get in the program itself???

[solbjerg]

Hi fastride

The three you mentioned - I am certain that they are "false positives"

Cheers

solbjerg

 

I am waiting for a complete scan to finish with comodo... found 4 others, which might not be with the software itself.. but comodo had found those virus i nthe advantce systemcare 3 ... so unsure how it can get in the program itself???

[fastride09]

Problem now..

 

Advance System care 3 Program will no longer start, windows notice:

=========================================================

WinSkinD7R.bpl was not found, you may require to re-install the program to correct this problem.

=========================================================

 

going to try re-installed it...

and see if it will happen again in the next few days

[fastride09]

Hi fastride

The three you mentioned - I am certain that they are "false positives"

Cheers

solbjerg

 

 

perhaps but comodo did give it a name "Malware Name: Heur.Pck.MEW"

so if this is registered with comodo as spyware/malware.. i would think

it really is an infection.

[fastride09]

Program does not work at all after re-install

 

 

Error in destination directory...

\madExcept_.bpl

 

Move file code: 5

Access Denied

 

 

Also

 

\CoolTrayIcon.D6plus.bpl

 

 

 

Software states to reinstall software, which i was doing, Retry does not work so i clicked Ignore, installion does not work now..

 

 

And im not sure it is a good idea to unblock or remove the 3 files infected that comodo found...

 

any ideas?

 

SEE ATTACHED IMAGE OF ERROR OR VIRUS

http://www.freeimagehosting.net/image.php?f3c540015b.jpg

[enoskype]

fastride09,

 

Please read Clean install-uninstall-reinstall in Usage of IObit Products thread in Lounge section.

 

Follow solbjerg's advices, I have checked the setup file and it is clean.

 

Download the new setup file for ASC 3.2 from MajorGeeks which is linked in NEWS section.

 

Please disable Comodo and follow the instructions. It is false positive.

 

Thank you and cheers.

[solbjerg]

Hi fastride

When you remove 3 files from the program you cannot expect it to work.

If you take a look at the internet, several places it will say that

(Heuristick. progammable C (Programming language) key. Modified early warning) (my guess as to the meaning) is a false positive and that comodo is investigating it.

My advise is to white list these three files and put them back in the ASC program.

Cheers

solbjerg

p.s. You will probably have to do a clean install

read about this procedure here:

http://forums.iobit.com/showthread.php?t=1979

post #2

 

Program does not work at all after re-install

 

 

Error in destination directory...

\madExcept_.bpl

 

Move file code: 5

Access Denied

 

 

Also

 

\CoolTrayIcon.D6plus.bpl

 

 

 

Software states to reinstall software, which i was doing, Retry does not work so i clicked Ignore, installion does not work now..

 

 

And im not sure it is a good idea to unblock or remove the 3 files infected that comodo found...

 

any ideas?

[fastride09]

Alright i have disabled COMODO, and still no success...

 

unins0000.msq is missing, etc etc obtain new installation..

 

I can not remove the files from COMODO it will not allow them to be removed,

i have successfully removed 3, but 1 remains which will not allow to be removed

from the COMODO vault.

 

Image again, showing error and the comodo popup alert.

<a href=http://www.freeimagehosting.net/><img src=http://www.freeimagehosting.net/uploads/72f13e0bb5.jpg border=0 alt="Free Image Hosting"></a>

http://www.freeimagehosting.net/uploads/th.72f13e0bb5.jpg

 

 

The free version had worked fine b4! Now that i am using the paid version

PRO, i can not use it cuz of these issues... anyways i think i'll just able for a refund, comodo is always going to see this as a virus, and it can not be removed from the vault... I will try to upload a photo, so people have a better understanding whats happening, like the photo i have attached here...

 

*providing the images displays this time..

[fastride09]

Third Image:

 

Image belows shows all "possible" infected files with PRO.

i say possible since COMODO does NAME the files as KNOWN with the name of

"Heur.Pck.MEW" so unlike others virus it might list as unknown, but it is displayed as KNOWN. I hope these images helps you guys to clear this with all the leading anti-virus programs out there... still dont understand why the free version worked ok, but when i purchased the PRO i am having all these problems, also I went to delete the FOLDER "IOBIT" without success, will not allow the folder to be removed from the system, even REVO UNINSTALLER CAN NOT REMOVE pro folder!!! arrgggg lol

 

 

 

http://www.freeimagehosting.net/image.php?659e44a033.jpg

 

http://www.freeimagehosting.net/uploads/th.659e44a033.jpg

[solbjerg]

Hi fastride

I think that the heuristic scanning discovers that the file in question is able to send and recieve information, and the program probably have that parameter that this is a characteristic of a virus - and as they haven't bothered to check what it really is - they flag it as a possible virus and deletes and quarantine it. I am fairly sure that this is a file that is needed in order for IObit to be able to identify your computer and your registration.

Anti-virus companies are far from infallible!!

Well - I think you must download the program again and install it, - then uninstall, clean up totally and install it again.

That way you might get around the missing uninstall file.

Please read the thread Usage of IObit Products and glean the useable information from that.

Cheers

solbjerg

 

 

Third Image:

 

Image belows shows all "possible" infected files with PRO.

i say possible since COMODO does NAME the files as KNOWN with the name of

"Heur.Pck.MEW" so unlike others virus it might list as unknown, but it is displayed as KNOWN. I hope these images helps you guys to clear this with all the leading anti-virus programs out there... still dont understand why the free version worked ok, but when i purchased the PRO i am having all these problems, also I went to delete the FOLDER "IOBIT" without success, will not allow the folder to be removed from the system, even REVO UNINSTALLER CAN NOT REMOVE pro folder!!! arrgggg lol

 

 

 

http://www.freeimagehosting.net/image.php?659e44a033.jpg

 

http://www.freeimagehosting.net/uploads/th.659e44a033.jpg

[enoskype]

Hi fastride09,

 

You must have activated the automatic fuctions of ASC, and most probably they are running in the background.

 

Kill all the processes concerning ASC from Task Manager.

 

Download Unlocker 1.8.7 - From this website . And install it.

 

Use this program to delete the files and folders left of IObit. Use a free registry cleaner and CCleaner to clean all the junk files.

 

Start from the beginning and download the last ASC version 3.2 from Major Geeks.

 

Disable Comodo and install the setup file. Enter your e-mail address and Code for PRO edition.

 

I hope this helps.

 

Cheers.

 

Note: Your image in post #10 is not clear and too small to see anything.

[Tim Xue]

Hello, everyone! Once you have the same question, you can upload it to http://www.virustotal.com, then you can see the result.

 

First, those reports are 100% false positive. The MadException is the compnent that collect, generate and feedback the bug report of our prouct. As it will inject our main program to debug at runtime, so some anti-virus product thing it is a virus. But this component is added by us to debug. Also PCTools' Spyware Doctor and Registry Mechanic use MadException as well, but the different is they include the Bpl file into their .exe program file. And the CoolTray bpl is the component of the SysTray.

 

You can visit http://madshi.net/madExceptDescription.htm to check what MadException is.

 

Also you can search "Spyware doctor MadExcept" and check the result, http://www.google.com/search?hl=en&q=spyware+doctor+madexcept&btnG=Google+Search&aq=f&oq=, you will find that PCTools use Mad Except as well.

[IcyFrostPyro]

tim edited ur post

 

 

Tim Xue: We have confirm that this is false positive by Comodo. You can go to virustotal.com to check the result. The madExcept_.bpl is used to generate and send bug report for our product. The winSkinD7R.bpl is skin component, and CoolTrayIcon_D6plus.bpl is SysTray component. Really joke AntiVirus product...

 

VirusTotal Report: http://www.virustotal.com/analisis/b...6996b2c394dfab

 

 

btw fastride, you sure comodo doesnt have an ignore list?

perhaps comodo will fix this in their next database version if tim sent it. or you can do it. please now, asc3pro is really something you should keep :)

[angel115]

tim edited ur post

 

 

Tim Xue: We have confirm that this is false positive by Comodo. You can go to virustotal.com to check the result. The madExcept_.bpl is used to generate and send bug report for our product. The winSkinD7R.bpl is skin component, and CoolTrayIcon_D6plus.bpl is SysTray component. Really joke AntiVirus product...

 

VirusTotal Report: http://www.virustotal.com/analisis/b...6996b2c394dfab

 

 

btw fastride, you sure comodo doesnt have an ignore list?

perhaps comodo will fix this in their next database version if tim sent it. or you can do it. please now, asc3pro is really something you should keep :)

 

It seems to be fixed from comodo side, there is no more false positive.

 

For those who lost winSkinD7R.bpl and CoolTrayIcon_D6plus.bpl (like me :sad: ) I've found them available for download on down-dll.com

winskind7r.bpl

cooltrayicon_d6plus.bpl

 

I hope that will help,

Angel