Bit Defender: False Positive

Discussion in 'other anti-virus software' started by phasechange, Jul 15, 2006.

Thread Status:
Not open for further replies.
  1. phasechange

    phasechange Registered Member

    Joined:
    Aug 10, 2004
    Posts:
    359
    Location:
    Edinburgh
    NOD32 and KAV6 say nothing but BitDefender says:

    bitdef-Fairy.png

    This is part of windowblinds I think although windowblinds is still working. False positive?

    Fairy
     
  2. ASpace

    ASpace Guest

    Hi . From your picture I can't see the full path where infection is found .
    Second , because of the file names I do see , it seems it is not a false positive . Third , if you still have a copy of them , submit them to VirusTotal and post the screenshot

    Because of the fact KAV + NOD32 don't detect this , it doesn't make it clean
    Good luck ! :D
     
    Last edited by a moderator: Jul 15, 2006
  3. TonyW

    TonyW Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    2,635
    Location:
    UK
    Sounds like HIVE scan results when it gives the result ""BehavesLike:Trojan.WinlogonHook". This is the heuristic scan result.

    This is the sort of thing that I don't like about heuristics when legitimate files are flagged up as "BehavesLike:Trojan.*".
     
  4. phasechange

    phasechange Registered Member

    Joined:
    Aug 10, 2004
    Posts:
    359
    Location:
    Edinburgh
    C:\Program Files\Stardock\Object Desktop\WindowBlinds this is the rest of the path.


    I was disappointed to see that the online Bit Defender deletes without asking (EDIT: BUT I WAS WRONG I DIDN'T SPOT THE OPTIONS DIALOGUE, TWICE!)

    Ok, I redownloaded WindowBlinds from Stardock and reinstalled it. This gave me wise_post.exe so I stumitted it to that site and lo the following result was generated:

    http://www.fairyliquidizer.pwp.blueyonder.co.uk/wisepost.png

    Looks like overly enthusiastic heuristics to me.

    Fairy
     
    Last edited: Jul 16, 2006
  5. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    7,927
    Location:
    The land of no identity :D
    Send this file in a password-protected archive to support@bitdefender.com and explain that BD is detecting a false positive with this file.
     
    Last edited by a moderator: Jul 16, 2006
  6. StevieO

    StevieO Registered Member

    Joined:
    Feb 2, 2006
    Posts:
    1,067
  7. phasechange

    phasechange Registered Member

    Joined:
    Aug 10, 2004
    Posts:
    359
    Location:
    Edinburgh
    Thanks Steve, that's what I get for doing these things when tired :) Good because I want to use BitDefender as my backup scanner on this machine.
     
  8. phasechange

    phasechange Registered Member

    Joined:
    Aug 10, 2004
    Posts:
    359
    Location:
    Edinburgh
  9. Stefan Kurtzhals

    Stefan Kurtzhals AV Expert

    Joined:
    Sep 30, 2003
    Posts:
    701
    Most likely a false positive as Windows Blinds does indeed hook the Windows Logon procedure (legally).
     
  10. phasechange

    phasechange Registered Member

    Joined:
    Aug 10, 2004
    Posts:
    359
    Location:
    Edinburgh
    hmm ok. After trying other Bit Defender addresses I eventually discovered that it was gmail that was refusing the attachment. Pain in the bum! Sent via my ISPs SMTP server.

    Fairy
     
  11. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    7,927
    Location:
    The land of no identity :D
    You could always rename the file extension while sending it to BitDefender. GMAIL refuses EXE files in archives as attachments.
     
  12. phasechange

    phasechange Registered Member

    Joined:
    Aug 10, 2004
    Posts:
    359
    Location:
    Edinburgh
    ah ok. I don't send them very often and I can understand why. Yip next time I'll do that.
     
Loading...
Thread Status:
Not open for further replies.