NOD32 and KAV6 say nothing but BitDefender says:

181291

This is part of windowblinds I think although windowblinds is still working. False positive?

Fairy

-{ Quote: "NOD32 and KAV6 say nothing but BitDefender says:

This is part of windowblinds I think although windowblinds is still working. False positive?

Fairy" }-Hi . From your picture I can't see the full path where infection is found .
Second , because of the file names I do see , it seems it is not a false positive . Third , if you still have a copy of them , submit them to VirusTotal (http://www.virustotal.com) and post the screenshot

Because of the fact KAV + NOD32 don't detect this , it doesn't make it clean
Good luck ! ;D

Sounds like HIVE scan results when it gives the result ""BehavesLike:Trojan.WinlogonHook". This is the heuristic scan result.

This is the sort of thing that I don't like about heuristics when legitimate files are flagged up as "BehavesLike:Trojan.*".

C:\Program Files\Stardock\Object Desktop\WindowBlinds this is the rest of the path.


I was disappointed to see that the online Bit Defender deletes without asking (EDIT: BUT I WAS WRONG I DIDN'T SPOT THE OPTIONS DIALOGUE, TWICE!)

Ok, I redownloaded WindowBlinds from Stardock and reinstalled it. This gave me wise_post.exe so I stumitted it to that site and lo the following result was generated:

http://www.fairyliquidizer.pwp.blueyonder.co.uk/wisepost.png

Looks like overly enthusiastic heuristics to me.

Fairy

-{ Quote: "C:\Program Files\Stardock\Object Desktop\WindowBlinds this is the rest of the path.


I was disappointed to see that the online Bit Defender deletes without asking. A bit heavy handed for a heuristic scanner.

Ok, I redownloaded WindowBlinds from Stardock and reinstalled it. This gave me wise_post.exe so I stumitted it to that site and lo the following result was generated:


Looks like overly enthusiastic heuristics to me.

Fairy" }-
Send this file in a password-protected archive to support@bitdefender.com and explain that BD is detecting a false positive with this file.

In a similar way to their installed AV, the online version does actually give you quite a few options to select from.

http://img99.imageshack.us/img99/2087/bdbj7.png (http://imageshack.us)

http://www.bitdefender.com/scan8/ie.html


StevieO

Thanks Steve, that's what I get for doing these things when tired :-) Good because I want to use BitDefender as my backup scanner on this machine.

I tried to send it but get this response to password protected ZIP:

http://www.fairyliquidizer.pwp.blueyonder.co.uk/attachment.png
got to go for lunch with my wife now will investigate on return.

Most likely a false positive as Windows Blinds does indeed hook the Windows Logon procedure (legally).

hmm ok. After trying other Bit Defender addresses I eventually discovered that it was gmail that was refusing the attachment. Pain in the bum! Sent via my ISPs SMTP server.

Fairy

-{ Quote: "hmm ok. After trying other Bit Defender addresses I eventually discovered that it was gmail that was refusing the attachment. Pain in the bum! Sent via my ISPs SMTP server.

Fairy" }-
You could always rename the file extension while sending it to BitDefender. GMAIL refuses EXE files in archives as attachments.

ah ok. I don't send them very often and I can understand why. Yip next time I'll do that.