I think that Prevx has too many FPs.

Can you send me a link to these files?

 

I just created again a new exe file, uncompressed, no code at all added, just an empty delphi 2007 project,compiled as exe.

bir.exe - get flagged as adware
abc.exe - binary identical, just another filename, not flagged.

abc.exe is bir.exe, just renamed...

http://www.delphifreeware.com/downloads/avtest.zip

 

We've corrected this FP - could you try making another program and see if that is still detected?

 

I did create some more exe, and they are not detected anymore.
I also created some exe with Delphi 2009, also not detected.
I then molebox them, and it also is fine now.

What was the cause why it was always detected? I am quiet interested to know from the programmers perspective.

But now, Borland C++ 2009 exe are detected...

Here is an empty, compiled c++ project:

http://www.delphifreeware.com/downloads/testc.zip

 

We had a very old rule still in place from the Prevx1 days which was a bit too touchy The Borland issue should now be fixed as well

 

A little update.
Seems like Prevx does not like Internet Download Manager. Seconds ago, it's "threat detection" window opened and tagged ALL of the files inside Internet Download Manager folder as medium risk malware.
I became paranoid and scanned my whole system with a2squared, SAS and MBAM. Fresh and updated installs. Nothing.
Really weird..

Also, sent the updated log file.

 

It might be doing something strange with the files, could you send me another scan log with these files?

 

Great, thanks a lot. Will check tomorrow. Its almost 1am here.

 

The issue with Internet Download Manager should be fixed now also

 

Prevx says "combofix.exe" and "killbox.exe" in Hiren's bootable cd are malwares.

Is she right?

 

No, but Combofix is detected by many other applications, because it contains some malware related files.

 

Exactly - many apps like this are sadly abused by malware frequently. Can you send me a scan log? I'll see if I can get them whitelisted but it is a delicate situation to try and handle.

There are many applications like this which are legitimate but misused: mIRC, ServU, a number of programs by SysInternals, radmin, WindowHider, etc. the list is extensive

 

It's just those two files in an original hiren's bootable cd in my usb drive.

B] k:\hbcd\wintools\combofix.exe [PX5: 0ECE4AA2C82DA010C2BB2C456E748D00006C4640] Malware Group: Medium Risk Malware
[BP] k:\hbcd\wintools\killbox.exe [PX5: CACA42C0006886C56AC901BFA1672E005A17DA21] Malware Group: Medium Risk Malware

IMHO,for a user there are simply two sides. Malicious or Not. So I think you need to whitelist those two?

 

I have marked them good, however, there isn't always a 100% "good or bad" for many programs but these are farther on the good side than the bad side

 

Not quite some companies use PUA or PUP (pot. unwanted app/program) designation for software in the grey area. This category would include for example mIRC, process killers, pw sniffers, port scanners etc. that can be used either for good or bad.

This is used to alert users to presence of such apps. Good or bad would depend on if the user actually downloaded/launched such app himself.
Unfortunately IMHO this classification is needed. Fortunately those regular users rarely use stuff that'd trigger such alerts. We who use irc clients etc. should be able to understand the situation.

 

I ran the PrevX Business on a laptop. I had install software that I know has two files in it. But I had thought PrevX would detect the files as it monitors the files on the system. I even ran the file and nothing from PrevX. I had to do a full scan with PrevX before it detected one has a medium Worm and the other was Cloaked-Malware. Both were easy to spot in the W\system32 folder.. PrevX Business did clean them differently this time around. Removed the cloaked one first then rebooted the system. The second one was gone also. I ran GMER and SmithFraudfix to see afterward to see if anything is still there. None!