false positive

Actual Filename: ucp.exe

Archive password: infected

Developer Name: Endi

Application Name: Ultra Core Protector

Application Version: 6.1.0.0

Website: xxtp://ucp-anticheat.org/

Direct Download: xxtp://ucp-anticheat.org/download/ucpsetup.exe

Application Purpose: Multiplayer Anti-cheat Software

Virus Name: vmprotect.aaa Trojan

Also Detected by: Symantec [Packed.Vmpbad!gen1], Kaspersky [HEUR:Trojan.Win32.Generic]
It is a false positive that this Anti-Cheat Software is a virus. It’s just a secure/packed file from not being altered, injected or modified by Cheats/Hacks/Scripts during multiplayer games like Counter-Strike.

Please take some necessary steps to make this file clear from your virus list or blacklist, its urgent. I have also submitted the request on Symantec/Kaspersky website and recently they had removed this file from their virus list / blacklist.

Waiting for your response.

Thanks


PS. Reason to post here is that i was unable to send zip/rar in email to samples[at]eset.com

 

Here is the exe file: xxtp://rapidshare.com/files/401774261/ucp.zip.html

 

Hello,

Just to confirm, the software was reported as "vmprotect.aaa Trojan" and not "vmprotect.aaa Potentially Unsafe Application"?

Regards,

Aryeh Goretsky

 

They are using an illegal version of the protector which was confirmed in a reaction to a complaint from the vendor of VMProtect at the UPC-Anticheat Russian forum. If you want to use the application though, add it to the exclusion list.

 

"23.06.10 VMProtect Software Company kindly provided an exclusive version VMProtect Professional for anticheat protection. I express my special thanks to the company at a really high quality product, unmatched in the market."
Website: xxtp://ucp-anticheat.org/

Now please clear this file from your virus database.

 

You must protect the executable with a legit version of VMProtect and replace the installer on the web. This will make the exe undetected.

 

Is this going to be corrected? Its clearly a false positive and one of the reasons I went with nod32 is the fact they seem to not have nearly the false positives of other software.

 

See my reply above. Files packed with legit versions of packers are not detected whatsoever. Simply use a legit version of the packer to protect the file and replace it on the web.

 

Im surprised that while other AV companies have removed this false positive ESET wont, it always seemed to be the other way around. Guess I might go back to Kaspersky when my sub is up.

 

So is the final word that ESET will not remove it from detection even though it is not a virus?

 

If the statement "VMProtect Software Company kindly provided an exclusive version VMProtect Professional for anticheat protection." is true, use the legit version of the packer to protect your files and replace them on the web so that the application is not detected.
Since everything has been said and explained, we'll draw this thread to a close.