View Full Version : Speedbit false positive?
psychokilla
November 11th, 2007, 01:33 PM
I tried to download this program :
http://www.speedbit.com/video_accelerator/
When I attempted to download it, ESS stopped the transfer with the attached declaration. The same thing happens with the beta version.
Is this a false positive?
nodyforever
November 11th, 2007, 01:45 PM
Yes false positive...it can contain them to me adware or it will be able to have an option to choose them to me if we want or not that he is installed
The programs free have to have some support of some form that will be able to take the enterprise to choose these options.
sorry my bad english psychokilla
psychokilla
November 11th, 2007, 02:10 PM
WTF? Was that english?
proactivelover
November 11th, 2007, 02:11 PM
just scan it
File size: 1455.5K
redir.asp?ID=7279 packed by BINARYRES
>redir.asp?ID=7279 packed by BINARYRES
>>redir.asp?ID=7279 - archive WISE
>>>redir.asp?ID=7279/data001 - OK
>>>redir.asp?ID=7279/data002 - OK
>>>redir.asp?ID=7279/data003 - OK
>>>redir.asp?ID=7279/data004 - OK
>>>redir.asp?ID=7279/data005 - OK
>>>redir.asp?ID=7279/data006 - OK
>>>redir.asp?ID=7279/data007 - OK
>>>redir.asp?ID=7279/data008 - OK
>>>redir.asp?ID=7279/data009 - OK
>>>redir.asp?ID=7279/data010 - OK
>>>redir.asp?ID=7279/data011 - archive BINARYRES
>>>>redir.asp?ID=7279/data011/data001 - archive BINARYRES
>>>>>redir.asp?ID=7279/data011/data001/data001 - archive ZIP
>>>>>>redir.asp?ID=7279/data011/data001/data001/contents.rdf - OK
>>>>>>redir.asp?ID=7279/data011/data001/data001/menu.xul - OK
>>>>>>redir.asp?ID=7279/data011/data001/data001/toolbarembed.html - archive HTML
>>>>>>>redir.asp?ID=7279/data011/data001/data001/toolbarembed.html/Script.0 - OK
>>>>>>>redir.asp?ID=7279/data011/data001/data001/toolbarembed.html/Script.1 - OK
>>>>>>redir.asp?ID=7279/data011/data001/data001/toolbarembed.html - OK
>>>>>redir.asp?ID=7279/data011/data001/data001 - OK
>>>>>redir.asp?ID=7279/data011/data001/data002 - OK
>>>>>redir.asp?ID=7279/data011/data001/data003 - archive ZIP
>>>>>>redir.asp?ID=7279/data011/data001/data003/contents.rdf - OK
>>>>>>redir.asp?ID=7279/data011/data001/data003/menu.xul - OK
>>>>>>redir.asp?ID=7279/data011/data001/data003/toolbarembed.html - archive HTML
>>>>>>>redir.asp?ID=7279/data011/data001/data003/toolbarembed.html/Script.0 - OK
>>>>>>>redir.asp?ID=7279/data011/data001/data003/toolbarembed.html/Script.1 - OK
>>>>>>redir.asp?ID=7279/data011/data001/data003/toolbarembed.html - OK
>>>>>redir.asp?ID=7279/data011/data001/data003 - OK
>>>>>redir.asp?ID=7279/data011/data001/data004 contains an advertising software Adware.Msearch.origin
>>>>>redir.asp?ID=7279/data011/data001/data005 - OK
>>>>>redir.asp?ID=7279/data011/data001/data006 - OK
>>>>redir.asp?ID=7279/data011/data002 packed by BINARYRES
>>>>>redir.asp?ID=7279/data011/data002 - OK
>>>redir.asp?ID=7279/data012 - OK
>>>redir.asp?ID=7279/data013 - OK
>>>redir.asp?ID=7279/data014 - OK
>>>redir.asp?ID=7279/data015 - OK
>>>redir.asp?ID=7279/data016 - OK
>>>redir.asp?ID=7279/data017 packed by BINARYRES
>>>>redir.asp?ID=7279/data017 - OK
>>>redir.asp?ID=7279/data018 - OK
>>>redir.asp?ID=7279/data019 - archive CAB
In file >>>>redir.asp?ID=7279/data019/Accelerator.dll probably found virus DLOADER.Trojan
>>>>redir.asp?ID=7279/data019/VideoAcceleratorEngine.exe - OK
>>>>redir.asp?ID=7279/data019/VideoAccelerator.exe - OK
>>>>redir.asp?ID=7279/data019/Collector.dll - OK
>>>>redir.asp?ID=7279/data019/sbbotdiXP.sys - OK
>>>>redir.asp?ID=7279/data019/sbbotdi2K.sys - OK
>>>>redir.asp?ID=7279/data019/tray_icon.ico - OK
>>>>redir.asp?ID=7279/data019/OK.gif - OK
>>>>redir.asp?ID=7279/data019/Cancel.gif - OK
>>>>redir.asp?ID=7279/data019/comtest.gif - OK
>>>>redir.asp?ID=7279/data019/progbar.gif - OK
>>>>redir.asp?ID=7279/data019/AniGIF.ocx - OK
>>>>redir.asp?ID=7279/data019/VideoAcceleratorService.exe - OK
>>>redir.asp?ID=7279/data020 - OK
>>>redir.asp?ID=7279/data021 - OK
NOD32 user
November 11th, 2007, 02:12 PM
detection:
va21.exe » WISE » apbarSp.Speedbit.exe - a variant of Win32/AdInstaller application
FP or not I cannot say bus I suggest you follow the faq for False Positives - where to submit to. Answer (http://www.wilderssecurity.com/showpost.php?p=1029463) and Answer (http://www.eset.com/threat-center/up/submit.htm)
Cheers :)
ronjor
November 11th, 2007, 02:12 PM
The download contains adware or maybe worse. I didn't see your screenshot of the warning. Did you post one?
psychokilla
November 11th, 2007, 02:58 PM
Added it now :)
ronjor
November 11th, 2007, 03:00 PM
Thank you kindly. :)
vBulletin® Copyright ©2000-2013, Jelsoft Enterprises Ltd.
Copyright ©2002 - 2013, Wilders Security Forums