Malware False-positive?

I've been happily using SpyWare Blaster for a few years and versions, and encountered something unexpected today.

Having updated to SpywareBlaster 4.0 within days of its release, my nightly CA Antivirus scan announced this morning that it had quarantined an infection Win32/VMalum.CIDD found in SpywareBlaster's file: sbautoupdate.exe..

I scoured CA's site for more info and CA does not have info on that exact infection. Google was just as unhelpful.

I had downloaded my SBv4 from Major Geeks, so I thought I'd start over. I fully uninstalled SB, downloaded a fresh install file from Major Geeks and began installing. This time the process was about half way through and CA Antivirus pounced again with the same alert.

So I uninstalled and deleted and cleared the decks for yet another fresh install.

This time I decided to try a different distributor ... Javacoolsoftware.com.

Same CA Antivirus ambush half way through, denouncing the same Win32/VMalum.CIDD!

For now I have suspended installation of SpywareBlaster until I get informed advice.

For a couple of years CA has not found viruses anywhere on my computer, and in particular nothing in the weeks I've had SBv4 ... then suddenly it seems obsessed with Win32/VMalum.CIDD in two downloads of SBv4 from two different distributors with thorough clean-outs before each attempt at installation.

My Antivirus updates its virus signature database several times per day, and I'm now wondering if a CA update within the last 24 hours delivered a signature that CA is confusing with something inherent and legitimate in SpywareBlaster.

Therefore my question is: Could CA Antivirus's whistleblowing be a false-positive in this instance?

I'd really welcome informed opinion on this, as I'm absolutely paranoid about getting nasties on board.

BTW, I'm running XP Pro SP2, and use 2 browsers: IE7 & Mozilla FireFox 2. ZoneAlarm 7 Firewall. I have always opted to update SB manually, so I'm presuming the file sbautoupdate.exe. has never been called upon anyway.

 

Hello,

you're not alone,

https://www.wilderssecurity.com/showthread.php?t=204592

I would bet FP with latest update.



snowbound

 

Thanks for that prompt reply, Snowbound!

From the posts you redirected me to it does seem to look like an FP alright. Spent hours on this. Darned nuisance. CA has served me well for a decade but I guess there's a first time for everything ... a little overzealous this time.

 

These events(FP) do happen from time to time with AV and u are quite welcome.



snowbound