Boclean false positive?

Discussion in 'other anti-trojan software' started by Atomas31, Jul 22, 2006.

Thread Status:
Not open for further replies.
  1. Atomas31

    Atomas31 Registered Member

    Joined:
    Sep 7, 2004
    Posts:
    923
    Location:
    Montreal, Quebec
    Hi,

    Since the most recent update, when I open firefox, I received a message that a nasty has started (see my pics)... Is it a false positive since nothing else found it?

    Thanks,
    Atomas31
     

    Attached Files:

  2. john2g

    john2g Registered Member

    Joined:
    Feb 10, 2002
    Posts:
    207
    Location:
    UK
    It is a FP and will be corrected later today.
     
  3. Robyn

    Robyn Registered Member

    Joined:
    Feb 1, 2004
    Posts:
    1,189
    Thank you I have this alert sitting in front of me now.
    I haven't actioned do you want to remove file also - presume I just say no now?

    I am in Opera posting as I got a shock with Firefox :'(
     
  4. Kegel

    Kegel Registered Member

    Joined:
    Oct 28, 2003
    Posts:
    159
    GREAT! I removed the file. Is my Firefox install porked now? I keep gettign warnings that the browser cant verify the certificate of a website now. Great program but how does such a bug slip through? The majority of users on this board use firefxprobably.
     
  5. Atomas31

    Atomas31 Registered Member

    Joined:
    Sep 7, 2004
    Posts:
    923
    Location:
    Montreal, Quebec
    Thanks, I wasn't sure ;-)
     
  6. Robyn

    Robyn Registered Member

    Joined:
    Feb 1, 2004
    Posts:
    1,189
    It is the certificate file as I googled after the shock
    I am surprised I didn't just delete but something made me look again.

    Component Name: nssckbi.dll

    Description of nssckbi.dll
    This is a component of Mozilla Firefox. A Web browser that is used to navigate the Internet. It imports users ™ Favorites, settings, and other information and backs it up to avoid loss. Mozilla Firefox features tab browsing, popup blocking, live bookmarks, and optional Java and ActiveX disabling to avoid security threats.


    Recommendation for nssckbi.dll
    .
    Trusted: Yes
    Trojan: No
    Chronic: No
    Adware: No
    Carrier: No
    Browser Hijacker: No
    Dialer: No
    Commercial Keylogger: No
    Remote Administration Tool: No
    Suspected: No

    Company Name: Mozilla Organization
    Platforms Affected:
    Methods of Distribution: This program can be downloaded from website
     
  7. JimmyD

    JimmyD Registered Member

    Joined:
    Sep 13, 2004
    Posts:
    100
    Glad I checked here as soon as I got the popup. I did not delete the file and have currently shut down BOClean until they get it fixed. So far, it looks like no "damage" was done.

    If it's not too much trouble, can someone please post when the update is available?

    Thanks!!
     
  8. Robyn

    Robyn Registered Member

    Joined:
    Feb 1, 2004
    Posts:
    1,189
    The update will be posted in updates I wasn't sure if I should start Firefox again until then so am posting with Opera.
    Keeping watch for the update too.
     
  9. Nancy_McAleavey

    Nancy_McAleavey Expert Member

    Joined:
    Feb 10, 2002
    Posts:
    244
    Location:
    Voorheesville, NY, USA
    The intraday update is out. Use "Check for Update" from the traybar menu and it'll be fixed. Thanks for your patience, we raced into the lab to fix this !
     
  10. Robyn

    Robyn Registered Member

    Joined:
    Feb 1, 2004
    Posts:
    1,189
    Thank you for the quick update.
    I have updated now and can open Firefox again.
     
  11. ronny

    ronny Registered Member

    Joined:
    Feb 18, 2004
    Posts:
    231
    Location:
    Belgium
    I only read this now. In the mean time i have already send the file to support of Boclean for analysis.
    My Boclean "last update 07/22/2006" still gives "Quo Vadis" Trojan.

    By the way, which is the correct address for submitting files? (i' ve used support[at]nsclean.com)

    EDIT: OK false positive gone with def 22/07/2006 14:14:42
    That was VERY quick! :thumb:
     
    Last edited: Jul 22, 2006
  12. Nancy_McAleavey

    Nancy_McAleavey Expert Member

    Joined:
    Feb 10, 2002
    Posts:
    244
    Location:
    Voorheesville, NY, USA
    (also posted on the other thread)

    There's two options to fix it- hopefully the easy one will do it ... look for a file called EVIDENCE.BOC (if you have BOClean set to "keep a copy of evidence") and if so, copy THAT file to:

    C:\Program Files\MOZILLA FIREFOX\NSSCKBI.DLL

    If you are unable to find "EVIDENCE.BOC" then, sorry to say, you'll have to reinstall Firefox. My most EXTREME apologies for this ... :(
     
  13. divedog

    divedog Registered Member

    Joined:
    Jun 7, 2004
    Posts:
    265
    Location:
    Seabeck WA
    No problem Nancy, BoClean has been probably the best money I have ever spent on security software. I have received several upgrades free, the original purchase price was very reasonable; it runs light and does the job well. Over the years it has caught several Trojans that nod missed and they co exist nicely. I for one think you are doing an excellent job.
     
  14. sig

    sig Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    716
    May have another one here. Today BOClean ID'd WeatherWatcher's update downloader as a baddie: "rkit update trojan stopped." Hasn't happened before. Weather Watcher's been around for years. http://www.singerscreations.com/Software.asp

    I didn't delete the file but haven't yet rebooted. Meanwhile, I know it was 100 degrees before noon PDT and our usual "dry heat" is not dry due to higher than normal humidity. Icky. ('Course I didn't need WW to tell me that it was bleepin hot and the air feels like a muggy blanket, LOL.)
     
  15. Nancy_McAleavey

    Nancy_McAleavey Expert Member

    Joined:
    Feb 10, 2002
    Posts:
    244
    Location:
    Voorheesville, NY, USA
    We are investigating it now. Sorry about all this.
     
  16. dmax

    dmax Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    1
    For now, dragging weather watcher's dl.exe {not deleted, of course :p } and ww.exe {perhaps 'belt and suspenders,' but WTH ;)} into Boclean excluder and rebooting the box keeps WW up and running fine.
     
    Last edited: Jul 22, 2006
  17. Nancy_McAleavey

    Nancy_McAleavey Expert Member

    Joined:
    Feb 10, 2002
    Posts:
    244
    Location:
    Voorheesville, NY, USA
    That one will be fixed in the next Intraday Update, we have more malware to analyse:( , it'll be out soon.:thumb:
     
  18. sig

    sig Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    716
    OK dokey, Nancy. Thanks. After the alert I excluded WW and the dl.exe (as dmax said,"belt and suspenders"), rebooted and all is fine.

    It's 109 now. *puppy*

    :cool:
     
  19. Nancy_McAleavey

    Nancy_McAleavey Expert Member

    Joined:
    Feb 10, 2002
    Posts:
    244
    Location:
    Voorheesville, NY, USA
    Good...you're Ok for now. As to the heat, I'd stand under those flying pigs and enjoy the breeze.....we had a few 90+ dyas here, they were miserable....when it gets that hot around here, it always comes with humidity.
     
  20. Kegel

    Kegel Registered Member

    Joined:
    Oct 28, 2003
    Posts:
    159

    No problem. Reinstalling was easy enough. I STILL think this is the best piece of software I ever purchased. If you ever introduce another security app, I will be 1st on the list.
     
  21. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Just an OT but I want to ask how long u can get version upgrades if u buy Boclean.
     
  22. jbob

    jbob Registered Member

    Joined:
    Dec 2, 2005
    Posts:
    10
    Location:
    Arkansas
    Kinda curious but I use Firefox and BOC didn't peep at all for me on two different systems today. Makes me wonder if there is something else that might be causing some to get a BOC alert and others not.

    I checked and that .DLL file is on my system but other than that unsure. That specific .DLL is also used for Mozilla Thunderbird as well. Could it be one version of the said .DLL file that was the issue?
     
  23. Robyn

    Robyn Registered Member

    Joined:
    Feb 1, 2004
    Posts:
    1,189
    Just wondering when you updated BOClean as the team were out with the fix for this very quickly after the bit alert.
    If you updated after that then the alert wasn't there, anyone just updating this morning would not even know it existed.
     
  24. Longboard

    Longboard Registered Member

    Joined:
    Oct 2, 2004
    Posts:
    3,187
    Location:
    Sydney, Australia
    Yeah
    Me too
    Have the .dll

    ?Why no warning from BOClean?

    ?Nancy?

    Regards
     
  25. Nancy_McAleavey

    Nancy_McAleavey Expert Member

    Joined:
    Feb 10, 2002
    Posts:
    244
    Location:
    Voorheesville, NY, USA
    The current license is a one time payment, updates and future upgrades within the 4 version series are included.

    http://www.nsclean.com/boeula.html
     
Thread Status:
Not open for further replies.