Dr.Web false positive: Threatfire

I believe that in the past Dr.Web AV had some false positives with Threatfire and it seems it is doing so again. I downloaded Dr.Web CureIt and ran a complete scan on my system. CureIt advised that the Threatfire installer (tfinstall.exe) was infected. It only reported the installer as infected and not the running Threatfire program. No other scanner on my system is indicating a problem with the file which has been on my system for quite some time.

I attempted to send the file to Dr.Web via a link on their webpage but for some reason it would not go through. Anyone know a better way to report the false positive to them?

 

just email vms@drweb.com
and simply tell them the download
link to threatfire version you downloaded.

State, its an FP and ask for it to be fixed asap

 

Thanks C.S.J

 

It says "probably..". Does this mean the result didn't come from a virus signature match, but due to heuristics?

 

Thats what I assumed.

 

They also flag mbam.exe (malware bytes anti-malware).
According to malwarebytes forum, dr.web has shown no interest in solving this...

 

Well, whether they will fix it or not I don't know, but I sent an email to Dr.Web at the address provided by C.S.J advising them of the false positive. Let's hope they get it and the MBAM detections fixed. I wonder why they would not want to correct issues with FPs as soon as possible?

 

Does Dr.Web just have a lot of false positives with installers and archives due to its heuristics? Today was the first time I had ever used Dr.Web CureIt's full scan. I had always just used the quick scan before. Besides the TF false positive on both my systems, CureIt also alarmed on a msi file (on my several years old desktop) from a software that came with the system. Dr.Web stated again that it was "probably" a trojan. The name it gave for the trojan was STPage if I remember right. No other scanner I have ran detected anything with that file either.

 

Not really. Usually it's software with code of poor quality

Have you sent it to VMS@ drweb.com? Please do it if not.

Could you please also let me know the ticket numbers you should've received with auto-reply?

 

So poor quality software should also be detected by AV engines?

 

Then y only DrWeb detects poor quality software?

 

Should not, of course. But that's an excuse for us

 

Different AVs different heuristics. I remember MS detected windows explorer

 

BTW, Dr. Web Cureit, flags the latest Comodo installer as adware, because of the well known toolbar.

 

It is not only Dr Web that flags the Comodo toolbar as an adware, NOD32 and Avira both did as well.

 

Isn't it adware? When we are talking about adware do we always mean bad adware?

For example:
-Good adware is installed with user consent, bad adware isn't.
-Good adware allows its self to be uninstalled usually through Add/Remove Programs in Control Panel or another way, bad adware is very difficult or even impossible to uninstall.
-Good adware offers a very "light" access to adversiments or info (my english start to give up on me), bad adware often hijacks the browser and constanlty throws up pop-ups.

So when an AV makes a detection adware does it mean bad adware?

 

I consider adware as harmless, just irritating advertising.
The problem with adware is that it also can be abused to spy on me and then it becomes spyware. Spyware is dangerous.
In practice, I don't allow any object that doesn't belong to my original installation.
It doesn't matter what it is : junk files, goodware or badware, adware, spyware, viruses, worms, etc. it's all garbage and ballast on my system, that must be removed as quick and complete as possible.

 

If the ware was bad it would be mal not ad, as in MALicious softWARE

 

Adware is bad when it's not optional.

 

Just a curious thought. Is it possiable for malware or any other nasty to pigy back the adware to jump off so to speak and left behind,even If adware Is removed at a latter.I really Do not have much knowledge on such matters, so please for give my dumbness.

 

Hero!

 

i think what he means to say is:

"virusmakers usually are not good programmers and our heuristics sometimes reacts on poor coding style"

maybe, not as rude then.

 

That doesn't make any sense. If I install a trojan that while silently steals password but I introduce it through social engineering (it claims to be something useful, and/or does something useful while doing its nasty tricks) and I put an uninstallation option, it's still a trojan.

Adware is bad when it doesn't clearly state what it does and what are the privacy risks for the user, and it's bad if it introduces any high privacy risk. An adware that tracks all the visited user URLs and sends them to a remote server is bad, and must be detected, even if it provides the option to be uninstalled.

 

Hi TNT,Is It possiable what I asked In post twenty thanks.

 

Yes, it's possible.