False Positive - WikidPad Software

False Positive Notification - Software at the location --

~Link removed. No links to possible malware please. ESET has access to the link for perusal. - Ron~

-- is being flagged as a variant of Win32/Adware.Antivirus2008.

I'm very glad that ESET is trying to target this particular malodorous malware, but the software at that site is a truly outstanding Open Source contribution and is in no way malware. I notified the author and told him that I was also notifying ESET. (The software was submitted to ESET through the AV interface.)

 

I understand. I forgot the proscription. The link, however, was to the home page rather than directly to the files.

Believe me, the stuff at that location is NOT malware.

But I do understand. Sorry.

 

I've just installed it, but my ESS remained silent and didn't alert me on any files. If you suspect a particular file to be FP, compress it with WinRAR, protect the archive with the password "infected" and send it to samples[at]eset.com with "False positive" in the subject and further information, such as the url to the file enclosed as well.

 

Hi, Marcos.

That's very interesting. I got the response I mentioned on every ...exe.zip file I downloaded from that site. They were quarantined before I could open and examine them.

I contacted Michael Butscher, the current maintainer of the project, and he suggested downloading a non-zipped version that he maintains for download at another location. The beta and rc versions (same as at the main site) that I downloaded there were not archived in a ZIP file, and they did NOT trigger NOD32.

I have my settings maxed out for real-time protection and Web access. Perhaps something in there is causing NOD32 to be paranoid about executables contained within ZIP archives?

I had already deleted the files from quarantine. I'll go collect them again and send them to ESET as you suggested.

Thank you.

 

Sorry, but I tried removing these two files from quarantine. I turned off real-time protection, tried to unzip it so that I would archive with WinRAR, but I couldn't unarchive it. It is apparently a damaged archive -- whether it is damaged at the download source or gets damaged during the download / quarantine processes I cannot determine.

ronjor said that the location was available to ESET foro perusal. I can't send it. If ESET is interested, I guess they'll get the files.

Did you download WikidPad from the location I posted (and which ronjor removed), or from some other location? Today I go there with a Vista SP1 system, and NOD32 won't let the file get saved to the system at all -- not even in quarantine. Yesterday I was using a WinXP SP3 system from work.

 

I removed version 3.0.672.0 from my wife's personal system, and from mine. It was still showing WikidPad links as being malware. Version 3.70.39 of NOD32 does not. Back to version 2 for us. I've tried version 3 more times than I care to remember. I can't see any reason to bother with it any more.