Re: Superantispyware - false positives?

[Nick Skrepetos]

lessmalwareiscool@nohotmail.org wrote:
> A recent scan found (and REMOVED!) these items:
>
> Trojan.Media-Codec
> E:\PROGRAM FILES\AV\TOOLS\AVICODEC\UNINST.EXE
> E:\DOCUMENTS AND SETTINGS\GIZENTA1\START MENU\PROGRAMS\AVICODEC
> \UNINSTALL.LNK
>
> Adware.Spyware Labs
> E:\PROGRAM FILES\UTILITIES\INTERNET\PROXYWAY\PROXYWAY.EXE
>
>
>
> AVICODEC is a highly recommended program on many sites for AV enthusiasts,
> and Proxyway is a legit anonymous proxy program. Both are freeware.
>
> Looks like I'll have to reinstall them now.

Did you report these too us as False Postives? I checked the database
and it does not look like it -can you do that? You can restore these
items directly from the Quarantine - you do not need to re-install.

In the future, please always contact us, the vendor, if you have
problems before positing as we can often times resolve these issues
without causing "panic" regarding a "false positive".

Nick Skrepetos
SUPERAntiSpyware.com
http://www.superantispyware.com

[lessmalwareiscool@nohotmail.org]

"Nick Skrepetos" <nskrepetos@yahoo.com> wrote in
news:1161704150.865620.10490@m73g2000cwd.googlegro ups.com:

>
> lessmalwareiscool@nohotmail.org wrote:
>> A recent scan found (and REMOVED!) these items:
>>
>> Trojan.Media-Codec
>> \PROGRAM FILES\AV\TOOLS\AVICODEC\UNINST.EXE
>> \DOCUMENTS AND SETTINGS\START MENU\PROGRAMS\AVICODEC
>> \UNINSTALL.LNK
>>
>> Adware.Spyware Labs
>> \PROGRAM FILES\UTILITIES\INTERNET\PROXYWAY\PROXYWAY.EXE
>>
>>
>>
>> AVICODEC is a highly recommended program on many sites for AV
>> enthusiasts, and Proxyway is a legit anonymous proxy program. Both
>> are freeware.
>>
>> Looks like I'll have to reinstall them now.
>
> Did you report these too us as False Postives? I checked the database
> and it does not look like it -can you do that? You can restore these
> items directly from the Quarantine - you do not need to re-install.
>
> In the future, please always contact us, the vendor, if you have
> problems before positing as we can often times resolve these issues
> without causing "panic" regarding a "false positive".
>
> Nick Skrepetos
> SUPERAntiSpyware.com
> http://www.superantispyware.com


I just uploaded all three files to Virustotal.com and only Fortinet
viewed Proxyway.exe as suspicious

I also sent Proxyway.exe to virusscan.jotti.org


Here's the Proxyway site.

http://www.proxyway.com/

The Jotti scanners found nothing but did issue this warning:

Proxyway.exe

MIGHT BE INFECTED/MALWARE (Sandbox emulation took a long time and/or
runtime packers were found, this is suspicious. Normally programs aren't
packed and don't force the sandbox into lengthy emulation. Do realize no
scanner issued any warning, the file can very well be harmless. Caution
is advised, however.

[Nick Skrepetos]

lessmalwareiscool@nohotmail.org wrote:
> "Nick Skrepetos" <nskrepetos@yahoo.com> wrote in
> news:1161704150.865620.10490@m73g2000cwd.googlegro ups.com:
>
> >
> > lessmalwareiscool@nohotmail.org wrote:
> >> A recent scan found (and REMOVED!) these items:
> >>
> >> Trojan.Media-Codec
> >> \PROGRAM FILES\AV\TOOLS\AVICODEC\UNINST.EXE
> >> \DOCUMENTS AND SETTINGS\START MENU\PROGRAMS\AVICODEC
> >> \UNINSTALL.LNK
> >>
> >> Adware.Spyware Labs
> >> \PROGRAM FILES\UTILITIES\INTERNET\PROXYWAY\PROXYWAY.EXE
> >>
> >>
> >>
> >> AVICODEC is a highly recommended program on many sites for AV
> >> enthusiasts, and Proxyway is a legit anonymous proxy program. Both
> >> are freeware.
> >>
> >> Looks like I'll have to reinstall them now.
> >
> > Did you report these too us as False Postives? I checked the database
> > and it does not look like it -can you do that? You can restore these
> > items directly from the Quarantine - you do not need to re-install.
> >
> > In the future, please always contact us, the vendor, if you have
> > problems before positing as we can often times resolve these issues
> > without causing "panic" regarding a "false positive".
> >
> > Nick Skrepetos
> > SUPERAntiSpyware.com
> > http://www.superantispyware.com
>
>
> I just uploaded all three files to Virustotal.com and only Fortinet
> viewed Proxyway.exe as suspicious
>
> I also sent Proxyway.exe to virusscan.jotti.org
>
>
> Here's the Proxyway site.
>
> http://www.proxyway.com/
>
> The Jotti scanners found nothing but did issue this warning:
>
> Proxyway.exe
>
> MIGHT BE INFECTED/MALWARE (Sandbox emulation took a long time and/or
> runtime packers were found, this is suspicious. Normally programs aren't
> packed and don't force the sandbox into lengthy emulation. Do realize no
> scanner issued any warning, the file can very well be harmless. Caution
> is advised, however.

If you care to report those to us when you scan next, I can take a look
and update our definitions if necessary. We can then see which
definition detected the file and update it if necessary.

The best option at all times if you have a file in question, or problem
with one of our products is to contact us, the vendor first - as we
deal with all kinds of situations on a daily basis and are the most
knowledgable in dealing with potential false postives when it comes to
items detected by SUPERAntiSpyware.

Nick Skrepetos
SUPERAntiSpyware.com
http://www.superantispyware.com