Bit Defender: False Positive

NOD32 and KAV6 say nothing but BitDefender says:



This is part of windowblinds I think although windowblinds is still working. False positive?

Fairy

 

Hi . From your picture I can't see the full path where infection is found .
Second , because of the file names I do see , it seems it is not a false positive . Third , if you still have a copy of them , submit them to VirusTotal and post the screenshot

Because of the fact KAV + NOD32 don't detect this , it doesn't make it clean
Good luck !

 

Sounds like HIVE scan results when it gives the result ""BehavesLike:Trojan.WinlogonHook". This is the heuristic scan result.

This is the sort of thing that I don't like about heuristics when legitimate files are flagged up as "BehavesLike:Trojan.*".

 

C:\Program Files\Stardock\Object Desktop\WindowBlinds this is the rest of the path.


I was disappointed to see that the online Bit Defender deletes without asking (EDIT: BUT I WAS WRONG I DIDN'T SPOT THE OPTIONS DIALOGUE, TWICE!)

Ok, I redownloaded WindowBlinds from Stardock and reinstalled it. This gave me wise_post.exe so I stumitted it to that site and lo the following result was generated:

http://www.fairyliquidizer.pwp.blueyonder.co.uk/wisepost.png

Looks like overly enthusiastic heuristics to me.

Fairy

 

Send this file in a password-protected archive to support@bitdefender.com and explain that BD is detecting a false positive with this file.

 

In a similar way to their installed AV, the online version does actually give you quite a few options to select from.

http://img99.imageshack.us/img99/2087/bdbj7.png

http://www.bitdefender.com/scan8/ie.html


StevieO

 

Thanks Steve, that's what I get for doing these things when tired Good because I want to use BitDefender as my backup scanner on this machine.

 

I tried to send it but get this response to password protected ZIP:

http://www.fairyliquidizer.pwp.blueyonder.co.uk/attachment.png
got to go for lunch with my wife now will investigate on return.

 

Most likely a false positive as Windows Blinds does indeed hook the Windows Logon procedure (legally).

 

hmm ok. After trying other Bit Defender addresses I eventually discovered that it was gmail that was refusing the attachment. Pain in the bum! Sent via my ISPs SMTP server.

Fairy

 

You could always rename the file extension while sending it to BitDefender. GMAIL refuses EXE files in archives as attachments.

 

ah ok. I don't send them very often and I can understand why. Yip next time I'll do that.