Dr. Web indicates SuperAntiSpyware dll is a Trojan

I have been getting this pop-up from my Dr. Web the last few days:

File: C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
Status: infected with Trojan.Fakealert.1239
Action: Quarantined
Time: Sat, 23 Aug 2008 11:31:09 GMT
Machine: MICHAEL1

Likely a false positive?

 

im very sure its a false possitive

 

Thanks- I am fairly sure it is too.

 

One of Avira's signature did the same a few weeks back.

 

Both programs obviously do not like something they find.

 

tbh both programs seem to generate quite a few fp's

 

Same here. I have send the file to Dr.Web yesterday.

Verly likely a false positive

 

It's a false positive.

 

Definetly a false/positive but strange this pattern that is forming from DW labs....it was'nt that long ago that they were flagging MBAM inaccurately.

Ironically when pushed on that detection DW labs blamed poor code in MBAM for generating the F/P which is a complete cop out IMO.

Anyway just spitballing but it was'nt that many days ago Nick S had interesting exchange with a foreign software engineer on a SAS thread here at Wilders.https://www.wilderssecurity.com/showthread.php?t=218125 (Post#21 onwards).

It is safe bet to say the new arrival at Wilders had ripped the guts(reversed) SAS code inorder to present such data:

Maybe just a pure conicidence but then hypothetically surely it would be purely coincidencidental again if the next generation of AV from a certain lab was to use *Raw disk read* in its scanning engine or any of the nifty tricks SAS/MBAM use to kill the real gnarly malcode

Anyway they say imitation is the sincerest form of flattery but to me theft is theft !

But maybe sas should create new nonsence detection(like DW labs have) but this time suggested flagging as Win32.behaves likes.Virii.ctulhu.Stole me

 

Dr.Web will never lose the title of creating most false alerts in history of avs. Personally I think this poor heuristic could be fixed easily but there seems to be a kind of lazyness or should i say insensibleness.

Avira is a paradigm how to handle false alerts very fast.

 

Perhaps we should look at things differently ? without false positives most users would never get any alerts.

 

This FP seems to have been fixed by Dr. Web, with the latest database update, dated August 25, 2008.
Cheers

 

Yes, I just have received an email: false positive acknowledged.

Fast response by Dr.Web