Bit Defender: False Positive

Discussion in 'other anti-virus software' started by phasechange, Jul 15, 2006.

Thread Status:
Not open for further replies.
  1. phasechange

    phasechange Registered Member

    Joined:
    Aug 10, 2004
    Posts:
    359
    Location:
    Edinburgh
    NOD32 and KAV6 say nothing but BitDefender says:

    bitdef-Fairy.png

    This is part of windowblinds I think although windowblinds is still working. False positive?

    Fairy
     
  2. ASpace

    ASpace Guest

    Hi . From your picture I can't see the full path where infection is found .
    Second , because of the file names I do see , it seems it is not a false positive . Third , if you still have a copy of them , submit them to VirusTotal and post the screenshot

    Because of the fact KAV + NOD32 don't detect this , it doesn't make it clean
    Good luck ! :D
     
    Last edited by a moderator: Jul 15, 2006
  3. TonyW

    TonyW Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    2,724
    Location:
    UK
    Sounds like HIVE scan results when it gives the result ""BehavesLike:Trojan.WinlogonHook". This is the heuristic scan result.

    This is the sort of thing that I don't like about heuristics when legitimate files are flagged up as "BehavesLike:Trojan.*".
     
  4. phasechange

    phasechange Registered Member

    Joined:
    Aug 10, 2004
    Posts:
    359
    Location:
    Edinburgh
    C:\Program Files\Stardock\Object Desktop\WindowBlinds this is the rest of the path.


    I was disappointed to see that the online Bit Defender deletes without asking (EDIT: BUT I WAS WRONG I DIDN'T SPOT THE OPTIONS DIALOGUE, TWICE!)

    Ok, I redownloaded WindowBlinds from Stardock and reinstalled it. This gave me wise_post.exe so I stumitted it to that site and lo the following result was generated:

    http://www.fairyliquidizer.pwp.blueyonder.co.uk/wisepost.png

    Looks like overly enthusiastic heuristics to me.

    Fairy
     
    Last edited: Jul 16, 2006
  5. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    8,056
    Location:
    The land of no identity :D
    Send this file in a password-protected archive to support@bitdefender.com and explain that BD is detecting a false positive with this file.
     
    Last edited by a moderator: Jul 16, 2006
  6. StevieO

    StevieO Registered Member

    Joined:
    Feb 2, 2006
    Posts:
    1,067
  7. phasechange

    phasechange Registered Member

    Joined:
    Aug 10, 2004
    Posts:
    359
    Location:
    Edinburgh
    Thanks Steve, that's what I get for doing these things when tired :) Good because I want to use BitDefender as my backup scanner on this machine.
     
  8. phasechange

    phasechange Registered Member

    Joined:
    Aug 10, 2004
    Posts:
    359
    Location:
    Edinburgh
  9. Stefan Kurtzhals

    Stefan Kurtzhals AV Expert

    Joined:
    Sep 30, 2003
    Posts:
    701
    Most likely a false positive as Windows Blinds does indeed hook the Windows Logon procedure (legally).
     
  10. phasechange

    phasechange Registered Member

    Joined:
    Aug 10, 2004
    Posts:
    359
    Location:
    Edinburgh
    hmm ok. After trying other Bit Defender addresses I eventually discovered that it was gmail that was refusing the attachment. Pain in the bum! Sent via my ISPs SMTP server.

    Fairy
     
  11. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    8,056
    Location:
    The land of no identity :D
    You could always rename the file extension while sending it to BitDefender. GMAIL refuses EXE files in archives as attachments.
     
  12. phasechange

    phasechange Registered Member

    Joined:
    Aug 10, 2004
    Posts:
    359
    Location:
    Edinburgh
    ah ok. I don't send them very often and I can understand why. Yip next time I'll do that.
     
Loading...
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.