Maxa Cookie Manager a trojan?

Discussion in 'ESET NOD32 Antivirus' started by lagerstedt, Jan 22, 2011.

Thread Status:
Not open for further replies.
  1. lagerstedt

    lagerstedt Registered Member

    Joined:
    May 31, 2004
    Posts:
    33
    NOD32 creates havoc when I try to update Maxa Cookie Manager Pro(MCM) from version 4.2 to 5. NOD32 stops the installation and reports that the update file "probably is a variant of Win32/Genetik trojan". Not only that, it destroys version 4.2 of MCM. The key file cookie.exe is gone (changed to a tmp file). I had to uninstall ver 4.2 and then reinstall it. So I submitted the file to ESET for analysis. No answer so far.

    I have contacted the MCM people and they told me that this should be taken care of by ESET. But that is not so. The last two days I sent the MCM file to virustotal.com and only ESET (1 of 43!)found it to be a trojan. I scanned it with Malwarebytes and Trojan Hunter. They found nothing. It is obviously a false positive.

    How long is this to going to last? NOD32 is now very close to being removed and replaced.

    I use Windows 7 HP/64.
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    The program must resemble certain malware in some points which triggered the heuristic detection. That happens with every heuristic analyzis no matter what AV program is used. The heuristics can detect suspicious code but cannot tell if it's part of a legit or malicious application.
    As for the alleged FP in question, I've tracked down all samples submitted from within the gui as well as those emailed per the instructions here but couldn't find any report with cookie.exe in attachment. Please submit it to ESET so that the file can be analyzed and whitelisted if it turns out to be actually FP.
    In the mean time, you can restore the file from quarantine via the Restore and exclude from scanning option in the right-click menu.
     
  3. JeremyWW

    JeremyWW Registered Member

    Joined:
    Apr 13, 2005
    Posts:
    237
    Don't overreact. Every AV / Anti-Malware product finds FP's from time to time. Malwarebytes does so on a fairly frequent basis and that doesn't make it a bad product that should be removed. Report things in the right way as Marcos recommends and they'll be looked at.
     
  4. lagerstedt

    lagerstedt Registered Member

    Joined:
    May 31, 2004
    Posts:
    33
    I did submit the file in question, but not named cookie.exe because NOD32 did not allow me to use it. I submitted the temp file that NOD32 changed it to. I retried the installation several times and each time cookie.exe changed to a temp file. Now they are gone from my computer. It is still remarkable that only NOD32 found this code but the other 42 in virustotal.com did not.
    I will try to submit the installation file. It is not in this computer, though.
     
  5. lagerstedt

    lagerstedt Registered Member

    Joined:
    May 31, 2004
    Posts:
    33
    Now, I have more info after contacting Maxa Tools. It appears that ESET only analysed the regular version of Maxa Cookie Manager. I have the Pro version. The told me that many customers have the same complaints. They will contact ESET again. Sigh!

    I did, though, submit the full installation file for version 5 of the Pro version to ESET a few minutes ago. So, may we hope for a solution?
     
  6. danieln

    danieln Eset Staff

    Joined:
    Jan 7, 2009
    Posts:
    112
    MAXA Cookie Manager from MAXA Research Int'l Inc. has the identical code as Ultimate Cookie Manager from Treasure Island Software.
    It is very unlikely for 2 distinct developers to produce the identical code. Please ask the company if they are the authors/developers of the program and if they could tell us something about the twins.
     
  7. lagerstedt

    lagerstedt Registered Member

    Joined:
    May 31, 2004
    Posts:
    33
    How would I know? I have no special relation with them, only a few e-mails. I am just a customer concerned about NOD32's blocking of an upgrade. So why do you not ask that question instead? That would be more appropiate.

    Are we dealing with a false positive or not. That is my concern. I do have a license for Maxa Cookie Manager and I like to continue using the programme.
     
Thread Status:
Not open for further replies.