Dr. Web indicates SuperAntiSpyware dll is a Trojan

Discussion in 'malware problems & news' started by Bunkhouse Buck, Aug 23, 2008.

Thread Status:
Not open for further replies.
  1. Bunkhouse Buck

    Bunkhouse Buck Registered Member

    Joined:
    May 29, 2007
    Posts:
    1,056
    Location:
    Las Vegas
    I have been getting this pop-up from my Dr. Web the last few days:

    File: C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    Status: infected with Trojan.Fakealert.1239
    Action: Quarantined
    Time: Sat, 23 Aug 2008 11:31:09 GMT
    Machine: MICHAEL1

    Likely a false positive?
     
  2. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
    im very sure its a false possitive
     
  3. Bunkhouse Buck

    Bunkhouse Buck Registered Member

    Joined:
    May 29, 2007
    Posts:
    1,056
    Location:
    Las Vegas
    Thanks- I am fairly sure it is too.
     
  4. Arup

    Arup Guest

    One of Avira's signature did the same a few weeks back.
     
  5. Bunkhouse Buck

    Bunkhouse Buck Registered Member

    Joined:
    May 29, 2007
    Posts:
    1,056
    Location:
    Las Vegas
    Both programs obviously do not like something they find.
     
  6. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
    tbh both programs seem to generate quite a few fp's
     
    Last edited: Aug 23, 2008
  7. egghead

    egghead Registered Member

    Joined:
    Aug 27, 2005
    Posts:
    443
    Location:
    The Netherlands
    Same here. I have send the file to Dr.Web yesterday.

    Verly likely a false positive :eek:
     
  8. SUPERAntiSpy

    SUPERAntiSpy Developer

    Joined:
    Mar 21, 2006
    Posts:
    1,088
    It's a false positive.
     
  9. fcukdat

    fcukdat Registered Member

    Joined:
    Feb 20, 2005
    Posts:
    569
    Location:
    England,UK
    Definetly a false/positive but strange this pattern that is forming from DW labs....it was'nt that long ago that they were flagging MBAM inaccurately.

    Ironically when pushed on that detection DW labs blamed poor code in MBAM for generating the F/P which is a complete cop out IMO.

    Anyway just spitballing but it was'nt that many days ago Nick S had interesting exchange with a foreign software engineer on a SAS thread here at Wilders.https://www.wilderssecurity.com/showthread.php?t=218125 (Post#21 onwards).

    It is safe bet to say the new arrival at Wilders had ripped the guts(reversed) SAS code inorder to present such data:;)

    Maybe just a pure conicidence but then hypothetically surely it would be purely coincidencidental again if the next generation of AV from a certain lab was to use *Raw disk read* in its scanning engine or any of the nifty tricks SAS/MBAM use to kill the real gnarly malcode:shifty:

    Anyway they say imitation is the sincerest form of flattery but to me theft is theft !

    But maybe sas should create new nonsence detection(like DW labs have) but this time suggested flagging as Win32.behaves likes.Virii.ctulhu.Stole me
     
  10. SystemJunkie

    SystemJunkie Resident Conspiracy Theorist

    Joined:
    Mar 3, 2006
    Posts:
    1,500
    Location:
    Germany
    :D :D Dr.Web will never lose the title of creating most false alerts in history of avs. :D :D Personally I think this poor heuristic could be fixed easily but there seems to be a kind of lazyness or should i say insensibleness.

    Avira is a paradigm how to handle false alerts very fast.
     
  11. Long View

    Long View Registered Member

    Joined:
    Apr 30, 2004
    Posts:
    2,295
    Location:
    Cromwell Country
    Perhaps we should look at things differently ? without false positives most users would never get any alerts.
     
  12. fredra

    fredra Registered Member

    Joined:
    Jul 25, 2004
    Posts:
    366
    This FP seems to have been fixed by Dr. Web, with the latest database update, dated August 25, 2008.
    Cheers :)
     
  13. egghead

    egghead Registered Member

    Joined:
    Aug 27, 2005
    Posts:
    443
    Location:
    The Netherlands
    Yes, I just have received an email: false positive acknowledged.

    Fast response by Dr.Web:cool:
     
Loading...
Thread Status:
Not open for further replies.