Question about Prevx

Discussion in 'Prevx Releases' started by weezer17, Nov 20, 2010.

Thread Status:
Not open for further replies.
  1. weezer17

    weezer17 Registered Member

    Joined:
    Nov 20, 2010
    Posts:
    5
    Hello all,

    Recently I decided to give Prevx a try as a malware / spyware scanner. It says that it found 7 infections in my system. However, I have tried Windows Security Essentials, Norton Internet Security, and Malwarebytes and those don't find anything. I have seen reviews of Prevx online and many people say its a great program, but does not automatically remove malware, that its a manual process. Is this true? Also, I have seen posts that state that Prevx "creates" malware during it's free scan, to encourage the user to pay for the product. Is this true also?

    I found the files that Prevx found with its scan, by looking in hidden folders. I then scanned them with the above scanners, and only Prevx found these to be medium risk malware. Is it probable that these are not bad files?

    I'm afraid that if Prevx fixes these files that it will render my computer unusable, as I have heard that as well.

    Thank you for your time.
     
  2. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Have you tried uploading to www.virustotal.com and see what comes up?

    This is what I get from www.prevx.com/freescan.asp

    So, if it's the paid version, then I'd say it will clean. If it's the trial, then only detection.

    I've never seen it happening, in clean virtual machines.

    Check with www.virustotal.com and see what it reports. It may as well be false positives.

    This may depend what files you're talking about, and whether or not it is capable of efficiently remove the infections without damaging anything else. Collateral damage is always in the horizon with cleaning tools.
     
  3. weezer17

    weezer17 Registered Member

    Joined:
    Nov 20, 2010
    Posts:
    5
    Thank you for the response. I uploaded a couple of files to the above site, and I am not sure what the results mean. For example, I uploaded the following file

    rYefLrJG2fZY.exe

    and this was the result

    Prevx 3.0 2010.11.04 High Risk Fraudulent Security Program
     
  4. guest

    guest Guest

    You know you could check those allegedly 'bad' files with services like virustotal, jotti, virscan etc. and get a 2nd, 3rd etc. opinion to decide if these are real or maybe just false positives, right?

    And from my experience of using Prevx for many years I can assure you: yes, it unfortunately has much more false positives than it should have if it wants to be a reliable product. Of course that fact is always denied by Prevx staff. :thumbd: - But to tell you the truth: Prevx is for me often much more scareware than anti-malware. :rolleyes: I really hope this gets much better with v4. :p
     
  5. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    You can always upload the sample/file to the other vendors that develop the security products that you mentioned, and see if they tell you whether or not it's in fact malicious.

    It may as well be, and Prevx be the only one capable of detecting it so far.
     
  6. weezer17

    weezer17 Registered Member

    Joined:
    Nov 20, 2010
    Posts:
    5
    Thanks again to you both for the responses. One question about virustotal.com. Does that site just check with other scanners if a file has been reported as a false postive? The one i gave as an example was listed as 2/43, im guessing that means only 2 out of 43 scans picked it up as a potential bad file.

    One last thing, most of these files are found in

    User>AppData>Roaming

    or

    User>AppData>Local>Temp

    Do you think it would be save to set a restore point with windows 7 and just manaully delete these files myself?

    Thanks again, I really appreciate the help.
     
  7. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,014
    Location:
    Ontario, Canada
    Can you please Send a Prevx scan log as stated in this post with the link to this thread to see if they are true infections or not: https://www.wilderssecurity.com/showthread.php?t=245129 Let me know if you need further help with sending a scan log and PrevxHelp will look at your log and let you know what to do!

    HTH,

    TH
     
    Last edited: Nov 20, 2010
  8. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    That filename certainly looks quite suspicious (I don't know of any products that would choose such a name intentionally :D) but we can certainly take a closer look if you send the file or a scan log to report@prevxresearch.com as Triple Helix has posted!

    Thank you! :)
     
  9. STV0726

    STV0726 Registered Member

    Joined:
    Jul 29, 2010
    Posts:
    900
    Prevx is scareware? Prevx has lots of false positives? You've got to be joking!

    My dad has his heuristics settings all up on maximum and he installs plenty of complex, obscure video production freeware that's written so poorly DEP terminates it, and he gets about 1 Prevx false positive every three months and they fix the detection in like 1 hour after reporting it.

    Where else you gonna get service like that? You complainers stink, seriously...QQ.

    I may harp on Prevx for their start up issues, but I will NEVER, -EVER- complain about their false positives...or lack there of.

    :)
     
  10. weezer17

    weezer17 Registered Member

    Joined:
    Nov 20, 2010
    Posts:
    5
    Thank you, I have submitted my scanlog. Thanks again!
     
  11. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Hello,
    All of the files marked as Bad in your scan log are indeed definitely malicious. I am a bit surprised at the low VT scores as Prevx is the only one to find most of them and we've found them for more than two months.
     
  12. guest

    guest Guest

    Well .. I don't know a better name for a so called anti-malware software that 'detects' what it thinks is malware but is ALWAYS false positive?

    Do you have any idea how annoying it is to have to report by email false positive after false positive? - They don't want fp reports here in this forum for obvious reasons, but to show you that I am not the one talking bs, here the newest fp Prevx found on my system:

    (ACTIVE) c:\windows\system32\cleanmem.exe [PX5: 181027A70024BB08E0F300B8913AF600C3851111] Malware Group: High Risk Cloaked Malware

    VT says 1/43 - Prevx is alone (as very often in my experience) thinking it's malware. (Can't post link here due to forum policy). - It's CleanMem 1.6 from PCWinTech, great software by the way. ;)

    Well, I wouldn't use any other setting than default as this is getting me already a fp every week I would say. And I am installing only very few new programs on my system. It's always the same, Prevx is running a scan and all of a sudden some file now is 'malware', even if it has been there for days/weeks/months and clearly is NOT malware. Last time it was some part of avira. :rolleyes:

    This is no argument at all! FP's as often as I experience them shouldn't be there in the first place! - If they wouldn't fix them the service would be horrible.

    Well, I smell fanboy here. :rolleyes: - All those fp's over the last years I experienced (and often reported since doing 'detection override' often doesn't get it fixed) did not happen in my fantasy you know!?

    Never ever? Really? Even if you experience what I experience again and again? (Prevx being scareware!). This behaviour is stupid and as I said, you are clearly a Prevx fanboy, nothing else! :rolleyes:
     
  13. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Then, why don't you stop using this scareware app? Makes any sense to use some app that you consider to be scareware?

    I have a few relatives using it, and they never saw a false detection happening, and heuristics in maximum settings.

    So far, a long side Prevx, Microsoft Security Essentials is the one I've never seen giving false detections as well. All other security vendors have them. Some more, some less.

    It's something that will always happen, specially if you're making use of aggressive heuristics settings. Either live with it, or ditch it. Now, calling something scareware and make use of it, makes no sense to me, at all.
     
  14. vojta

    vojta Registered Member

    Joined:
    Feb 26, 2010
    Posts:
    830
    I have Heuristics set to maximum and zero false positives. Does it make me a fan boy?. Frankly speaking, if you don't believe us when we say that we don't experience FPs, why should we belive you we you say you have a lot?.

    Someone doesn't agree with you, you cal him "fanboy". What's the word for this?.
     
  15. shadek

    shadek Registered Member

    Joined:
    Feb 26, 2008
    Posts:
    2,363
    Location:
    Sweden
    If you encounter a possible false positive, when detected, right click the file in Prevx GUI and 'report as false positive'. After that you'll have no further problems as Prevx will exclude it from scanning and also have the file sent to Prevx-cloud for further analysis.

    Furthermore guys, please stay on topic and stop having a flame war.
     
  16. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,014
    Location:
    Ontario, Canada
    Great suggestion shadek! Also it has been confirmed the OP files were indeed infected and Prevx would be happy to correct any possible FP's one might have! https://www.wilderssecurity.com/showthread.php?t=245129 ;)

    TH
     
    Last edited: Nov 23, 2010
  17. vojta

    vojta Registered Member

    Joined:
    Feb 26, 2010
    Posts:
    830
    On topic?. Let's see.........

    The topic is a libel.
     
  18. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    Thanks for pointing out that quote - I didn't see that part of the first message. Obviously Prevx, a legitimate company, does not create malware... anyone who thinks that is being severely mislead o_O
     
  19. Ring0

    Ring0 Registered Member

    Joined:
    Aug 9, 2010
    Posts:
    66
    Last edited: Nov 24, 2010
  20. Rivalen

    Rivalen Registered Member

    Joined:
    Oct 18, 2005
    Posts:
    413
    Exactly where did you hear all these rumours - if you read it - pls point us in the right direction so that we can read it too.
     
  21. TonyW

    TonyW Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    2,635
    Location:
    UK
    I've just tested this, and even on Maximum settings, I get no scan alerts on the file deposited in that directory or the executable in the Program files directory. The scan result shows:
    Admittedly, the version is 1.4.2, and not 1.6. That being the case, perhaps PrevxHelp can check whether the later version can indeed be marked clean since the earlier version is.

    On the subject of FPs, I've found that it is usually the lesser known programs that may give off such an alert, especially at higher settings. This doesn't just apply to Prevx; it occurs with other vendors too, some to a lesser degree than others. If the executable is indeed a FP, report it, reduce your protection settings to a lower level or add a detection override. It is also worth noting sometimes newer versions of the same file may trigger such alerts; a correction just needs to be made at the backend to fix this. Heuristics do need to be tweaked in much the same way standard signatures are.

    I rarely come across FPs, but then I'm not downloading sundry files from the internet; looking at some of the FPs reported by other anti-malware products listed by testing organisations such as AV-C, many of those software packages I haven't even heard of, let alone have them installed on my system*, and that is likely one reason why I, and many others, don't encounter such FPs on a regular basis.

    *The FPs reported by those vendors are fixed by the time the reports are published.
     
    Last edited: Nov 25, 2010
  22. weezer17

    weezer17 Registered Member

    Joined:
    Nov 20, 2010
    Posts:
    5
    Here you go, this is what I had read. I'm not saying its true, but you gotta be careful when trying out programs like this :)

    http://download.cnet.com/Prevx/3000-2239_4-10914524.html
     
  23. Rivalen

    Rivalen Registered Member

    Joined:
    Oct 18, 2005
    Posts:
    413
    Thanks, giving Prevx the possibility to comment.

    To refuse people their money back is almost always poor politics since one single badwill report on ie Cnet cost so incredibly much more. Long term goodwill is always better than shortterm money even if the buyer is not fair to you.

    To give a negative review because you have to pay to get the work done - its noy fair in my book, but we can see the editors reaction, so maybe a fully functioning 30 day trial is a better option marketingwise. Many people look at Cnet reviews.

    Best Regards
     
  24. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    My son is killing me. Got hit by a fake AV that blew past MSE Version 2. It diabled my ability to scan with MSE or Hitman Pro. Putting Prevx back on as it seems to be the only program that can deal with this stuff.
     
  25. pegas

    pegas Registered Member

    Joined:
    May 22, 2008
    Posts:
    2,016
    You surely know that you need a cleanup license to get rid of that malware. Maybe you will need to use a randomize installation file to obfuscate the infection. Wishing you a success. Please revert with result.
     
Thread Status:
Not open for further replies.