I downloaded tiny watcher from donation coders website and ran it through virus total and jotti and virus total reported 3 trojans and jotti reported one trojan. I see people around here using tiny watcher. Did you download it from donation coders website and did you also run the file through these virus detecting websites and get these results? Could there be that many false positives on this file?

Check the hash:
- MD5: 2c2154e64f154aad9c4043df331423c3
- SHA1: c2939b89d6a9b5c958e5ac1b70497217990b6515

EDIT:
eSafe, Prevx and TheHacker have a FP with the installer.

Dunno whats up there but grab what should be a clean copy from SnapFiles and run WatcherSetup15.exe thru Jotti.

This is my result:

Ikarus: Found Trojan-PWS.Win32.Delf.ho

-{ Quote: "Dunno whats up there but grab what should be a clean copy from SnapFiles and run WatcherSetup15.exe thru Jotti." }-
DonationCoders redirects to SnapFiles :)
-{ Quote: "This is my result:

Ikarus: Found Trojan-PWS.Win32.Delf.ho " }-
Ikarus doesn't have this FP at Virustotal (Jotti uses Linux)

I have the same md5 as posted above so I'm hoping that is ok. Here is the results from virus total.


eSafe - suspicious Trojan/Worm
Prevx1 - Heuristic: Suspicious File Which Interferes With Vulnerable Files Like The HostsFile
TheHacker - Trojan/Spy.GhostKeyLogger.c

Can I feel safe?


Is snapfiles a known safe place to download from? Says on their website no adware no spyware but you never know.

-{ Quote: "I have the same md5 as posted above so I'm hoping that is ok." }-
Then, don't worry :) Matching checksums are you best insurance against tampering (although the MD5 algorithm is considered weak nowadays)
-{ Quote: "Here is the results from virus total. eSafe - suspicious Trojan/Worm Prevx1 - Heuristic: Suspicious File Which Interferes With Vulnerable Files Like The HostsFile TheHacker - Trojan/Spy.GhostKeyLogger.c" }-
I have the same results and my copy is several months old.
Let's analyze the report:
- eSafe. This is a gateway scanner and it's known to have a paranoid heuristic scanner which flags most runtime packed files. TW's setup file is packed with UPX (according to FileAlyzer and Virustotal) so a FP isn't a surprise.
- Prevx. It's a heuristic detection, probably made by the sandbox. Tiny Watcher monitors the host file, so this behaviour is triggering a somewhat aggresive heuristic rule.
- TheHacker. It seems a signature detection. Probably a bad signature or a mistake done by the viruslab.

Virustotal and Jotti are powerful tools. However, they may cause harm if you don't partially understand the report. Also, they might use older versions of the scanning engines or different settings (this is evident when scanning riskware/PUPs)
-{ Quote: "Is snapfiles a known safe place to download from? Says on their website no adware no spyware but you never know." }-
It's one of the major download sites (together with MajorGeeks, Softpedia, Download.com) so it's fairly safe. However, it's always better to download from the author's site if possible.

Thanks for the info. I feel a bit better now. I was going to recommend this app to a friend and didn't want to infect them with a nasty bug accidently

IrfanView had also 3 infections according VirusTotal, while Jotti didn't report anything.

The main problem is this.

You are scanning with 32 scanners with virus total. Consider that even if the chance of FP for 1 scanner individually is low, when you have 32 different chances of FP, this accumulates to a fairly high chance at least one of them will alert.

Add the fact that 1) many of the scanners are set to maximum heuristics (to look good because people are using virustotal to judge quality of scanners) , 2) that you are uploading security related software which do a lot of unusual things.... , I reckon the chance of a FP is much higher than usual....

If each scanner has a 1% chance of FP, there is a 1- {0.99^32} = 27% chance of at least one hit....

I have scanned TW with DrWeb, Avira, A-squared, & Threatfire. It is clean.

Same SHA-1 code as the installer .exe on my disk... glad to know I am safe :D

BTW, SnapFiles are not generous enough to do the downloads; their page is getting the file from DonationCoders who is hosting me for free...
On DonationCoders I redirected to SnapFiles to have a single place to count the downloads.

Also: I know this installer as an executable is quite old fashioned now; XP is already alerting because of the lack of digital signature, etc. and maybe Vista complains even more. If you think there are easy steps to make the installer more "conforming" to today's policies, please let me know.

Cheers,
Olivier

For SnapFilesPro subscribers there is a SnapFiles local download. For free users though, it's only through DonationCoders.

SnapFiles provides downloads from their site as a paying subscriber feature.