Are uninstall files infection-prone?

Discussion in 'malware problems & news' started by conceptualclarity, May 12, 2014.

Thread Status:
Not open for further replies.
  1. conceptualclarity

    conceptualclarity Registered Member

    Joined:
    Jun 11, 2013
    Posts:
    52
    Location:
    USA
    Until recently I had Webroot as my antivirus, and it was frequently flagging uninstall files. Now Roboscan in its full scan is claiming that the uninstall.exe for VideoLAN is or is infected by a trojan horse : Gen:Trojan.Heur.P.dW5@fmvpAzm (1).

    I'm skeptical. I think at the end of the scan I'll whitelist it, and then scan it with the multi-program scanners (Virus Total, Jotti, VirScan. WinMHR, etc.) and the on demand scanners in my right-click menu. Right now it appears I can't scan the file with any of those.

    So far, I do like Roboscan, however. I've come to expect false positives from all security programs, but one can't do without them.


    Operating System
    Windows XP Home Edition 32-bit SP3
    CPU
    Intel Pentium 4
    Northwood 0.13um Technology
    RAM
    2.00GB DDR @ 166MHz (2.5-3-3-7)
    Motherboard
    Dell Computer Corp. 0G1548 (Microprocessor)
    Graphics
    Default Monitor (1280x1024@60Hz)
    Intel 82845G/GL/GE/PE/GV Graphics Controller (Dell)
    Storage
    74GB Seagate ST380011A (ATA) 28 °C
    3GB Lexar USB Flash Drive USB Device (USB)
    119GB PNY USB 2.0 FD USB Device (USB)
    Optical Drives
    SAMSUNG CD-R/RW SW-252S
    Audio
    Unimodem Half-Duplex Audio Device
    Anti-Virus
    Roboscan
     
  2. guest

    guest Guest

    Was it legitimate VLC to begin with? If yes, I'll drop Roboscan (or at least if you still want to give it a chance, report the FP to the developers).
     
  3. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    Yep seeing what file that was detected and judging by the detection name, I am pretty confident to say it's an FP. But to be sure reporting it like an FP to the vendor is always a good idea.
     
  4. conceptualclarity

    conceptualclarity Registered Member

    Joined:
    Jun 11, 2013
    Posts:
    52
    Location:
    USA
    Thanks for your input, SweX.

    I'm not aware of the problem of illegitimate VLC. I don't know how to check on that. I have it on my flash drive. For an unknown reason on the Start Menu, VideoLAN shows "(Empty)". But I can bring it up by going to the folder.

    I won't drop Roboscan over a false positive because I have experienced that as typical for security programs. After doing the scanning I spoke of, I'll report it to Roboscan if it seems to be a false positive indeed.
     
  5. SweX

    SweX Registered Member

    Joined:
    Apr 21, 2007
    Posts:
    6,429
    I think GrafZeppelin mean if VLC was downloaded from a known good source, like from the official website: http://www.videolan.org/vlc/. Or other safe download sites like Softpedia, Majorgeeks etc...

    And you're welcome :)
     
  6. guest

    guest Guest

    As far as I can remember, none of the big 3 AVs I have used in the past on different occasions (Avira, Avast!, MSE) ever detected VLC. Plus, VLC is a well known software. So an FP for it is highly unlikely. Seeing Roboscan detected a well known software like VLC (assuming it's a legitimate VLC), I would just drop it and use something which gives less FPs, or at least the more sensible FPs. But your decision is yours.
     
    Last edited by a moderator: May 12, 2014
  7. conceptualclarity

    conceptualclarity Registered Member

    Joined:
    Jun 11, 2013
    Posts:
    52
    Location:
    USA
    I don't remember where I downloaded it from. But my rule is this : I seek to download from the developer's own website under the belief that the fewer hands a file goes through, the better. If that is not possible, I go to Softpedia or Major Geeks, rarely something else like Freeware Files or downloadcrew.com.

    Thank you for your input, GrafZeppelin. I also recall Webroot putting VLC not in quarantine but in the Block column on Block/Allow Files and my undertaking to switch it to the Allow column. So far I can't say Roboscan detects more false positives than other AVs. Avast is renowned, but on my system it flagged well known programs such as Panda Cloud Cleaner and MozBackup.
     
  8. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,730
    Location:
    localhost
    Also keep default settings for WSA otherwise it will be prone to false positives.
     
Loading...
Thread Status:
Not open for further replies.