Id like to ask 2 questions please

Discussion in 'Prevx Releases' started by The Nodder, Jul 25, 2009.

Thread Status:
Not open for further replies.
  1. The Nodder

    The Nodder Registered Member

    Joined:
    Sep 6, 2006
    Posts:
    296
    Location:
    UK
    Hi all,
    I got Prevx 2 days ago and so I'm trying to get to grips with it, I was having a gander (look) around the website when I spotted the link to this forum.

    So, what is Cloud that I've seen mentioned in some posts, no, not the clouds in the sky ;) .

    And, what are the best settings to start off with in Prevx.
    I had them set at those recommended, then I read some posts in this forum so I'm wondering if I should put the Heuristics up a notch or two and others if recommended.

    I am using W7 x64 RC 7100, with ESS 4.0.437, Malwarebytes and Trojan Hunter.
    When W7 is officially released SuperAntiSpyware will be compatible with W7 so I'll be using it to monitor my system and Malwarebytes for scanning my system only.

    BTW, the first time Prevx scanned my system I got his,
    jv16 PowerTools 2008

    PTResident.exe was flagged as being an intruder, not the word used by Prevx but its the only word I can think of just now.
    I renamed the file, but later I discovered I could have Prevx disregard the file so I did just that.

    So far I am very happy with Prevx, all I'd like to do is get it well setup.

    Many thanks in advance.
     
  2. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Hello,
    Glad to see you've found us in our corner of the Wilders universe :) The "cloud" is a centralized database - essentially, instead of a normal antivirus program where all signatures are downloaded by each of the clients, our model inverts the process and scans with locally generated signatures with the always-up-to-date central database.

    You can uptick the heuristics if wanted, but the defaults are strong anyway so that is often not needed. If you'd like, you can send us a scan log to report@prevxresearch.com by clicking Tools > Save Scan Results and we'll optimize the scan results and prevent any false detections from occurring in the future.

    Let me know if you have any other questions! :)
     
  3. MaxEntropy

    MaxEntropy Registered Member

    Joined:
    May 21, 2009
    Posts:
    101
    Location:
    UK
    On my system, the exe file for jv16 PowerTools is jv16PT.exe. Unless you are absolutely sure that PTResident.exe is not malicious, it might be unwise to override Prevx's warning.

    You can also have the file scanned online at VirusTotal www.virustotal.com .
     
  4. The Nodder

    The Nodder Registered Member

    Joined:
    Sep 6, 2006
    Posts:
    296
    Location:
    UK
    Thanks, I have been and gone and done it.

    This is the report, I dont know what the result means, that is if the file is OK or not.

    File PTResident.exe received on 2009.06.13 19:28:33 (UTC)
    Current status: finished
    Result: 4/40 (10.00%)

    File has already been analysed:
    MD5: 4702d72b051329beadb80ccc219e05c8
    First received: 2008.04.23 21:51:24 UTC
    Date: 2009.06.13 19:28:33 UTC [>42D]
    Results: 4/40
    Permalink: analisis/3198d57f62bee0657cd0b6a8a0f7153925b94d44216b936e8fc421793d4bcb14-1244921313
     
    Last edited: Jul 26, 2009
  5. MaxEntropy

    MaxEntropy Registered Member

    Joined:
    May 21, 2009
    Posts:
    101
    Location:
    UK
    I'm using the 2009 version of jv16pt from www.macecraft.com , but I've checked that the 2008 version does not install a file called ptresident.exe. The only reference I can find to that file is at http://www.prevx.com/filenames/48296498691557222-X1/PTRESIDENT.EXE.html .

    PrevxHelp can advise you better then me, but you should run another Prevx scan on your system to check if this file is categorised as bad. It may not be a false positive.
     
  6. The Nodder

    The Nodder Registered Member

    Joined:
    Sep 6, 2006
    Posts:
    296
    Location:
    UK
    Max, thanks for your reply.
    I forgot to say that I'm using the jv16PowerTools x64 version.

    I've just done 2 things, I uninstalled the 2008 version and checked that all its files were removed and they were.
    Then I re-installed it but I did not run it, I didn't even restart the computer and the file is in the installation.

    I've sent it in to Macecraft for their thoughts and I'll upload it to Prevx in a moment.
    I've also removed it from the jv16 installation folder.

    Again, thanks lots.
     
    Last edited: Jul 26, 2009
  7. MaxEntropy

    MaxEntropy Registered Member

    Joined:
    May 21, 2009
    Posts:
    101
    Location:
    UK
    Hi, My comments were based on installing jv16pt on 32-bit WinXP. I may have caused you a false alarm, as it appears that ptresident.exe is actually installed on a 64-bit OS. See http://www.macecraft.com/phpBB3/viewtopic.php?f=15&t=3205&p=14890&hilit=ptresident#p14890 .

    If you've downloaded the installation file directly from Macecraft, then you shouldn't need to worry. In that case, Prevx (and some of the other antiviruses at VirusTotal) may have given a false positive. That does sometimes happen.

    Anyway, sorry for adding to the confusion.
     
  8. The Nodder

    The Nodder Registered Member

    Joined:
    Sep 6, 2006
    Posts:
    296
    Location:
    UK
    No worries Max, you could have been correct and I really appreciate what you have done, the way I look at things, its better to be glad than sorry.

    I uninstalled Prevx, made sure all files were removed, I restarted the computer,
    I ran jv16 Powertools 2008 (V2009 has given quite a few problems) to see if there were any Prevx leftovers and there were none so I re-installed it, set it up, restarted and let it do a scan, nothing was found and the file in question was in the relevant folder.

    Thanks all.
     
  9. The Nodder

    The Nodder Registered Member

    Joined:
    Sep 6, 2006
    Posts:
    296
    Location:
    UK
    I uninstalled Prevx and installed it in Randomize mode, I did a scan etc with nofiles detected.

    Following the info in the help html I re-installed again after I carried out a scan and nothing was found.

    The installation carried out a scan etc and found nothing. I slightly changed the settings, I selected what partitions to monitor.
    Everything was OK and then I did a scan and it threw uo the offending file again but this time I saved the log and I'm about to send it to Prevx.
     
  10. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    I've analyzed it and the file is legitimate. eSafe/Sophos/QuickHeal also have FPs on the file but I've corrected our determination so if you run another scan it should now come up clean.

    Thanks for the report!
     
Thread Status:
Not open for further replies.