Radio Sure gets 6 positives at Virustotal

Discussion in 'malware problems & news' started by john2005, Feb 11, 2011.

Thread Status:
Not open for further replies.
  1. john2005

    john2005 Registered Member

    Joined:
    Dec 18, 2005
    Posts:
    36
    Hi everyone,

    The freeware program "radio sure" got great reviews at snapfiles so I downloaded the program from there today. I uploaded the program to www.virustotal.com and 6 scanners said the file was infected.

    Here is the link to the virustotal report

    ~ VirusTotal Results URL Removed per Policy ~

    What do you guys think, is this anything to worry about or are the positives just due to the way the program works ?

    I would appreciate any feedback or opinions. I would love to use the program if I can trust it.

    Thanks
    John
     
    Last edited by a moderator: Feb 11, 2011
  2. karad

    karad Registered Member

    Joined:
    Sep 10, 2008
    Posts:
    237
    I've been using Radio Sure for one or two years and I remember I was a bit suspicious at first, but the setup file or any other file from RadioSure never showed malware.
    I did all checks-including with VirusTotal- plus Avira,Comodo,MBAM,PrevX and Superantispyware and it came out perfectly clean all the time.

    I still use it as I am very satisfied with it.

    Perhaps you downloaded the file from a third site and not from

    http://www.radiosure.com/

    which is the original one?
     
  3. katio

    katio Guest

    this file?
    md5: 83aceed77b9aa6e859efa2d3f522343c
    I get a different detection ratio and it's heuristics, most definitely a fp.
     
  4. john2005

    john2005 Registered Member

    Joined:
    Dec 18, 2005
    Posts:
    36
    The positives were reported from the file I downloaded from www.snapfiles.com yesterday. I contacted snapfiles but have not heard back.

    I will download the file direct from www.radiosure.com and recheck and then report back.

    Here is the MD5 and identification details for the file I got from snapfiles...

    MD5 : 09e9ef83bed21f4bd986a8db5b53cd54
    SHA1 : d354c08593a64a944bfa64d7f66061f8448543b4
    SHA256: 5280714908d4629c48392d7419c0678b15e10ab82e3f98e0a76b2698c9173d3d
    ssdeep: 98304:8vHnVW+9JkLM/apUlyqoynHyMQiOAj+Cl3g8oC9618IB4tMK:WnVl//apyysSM7+CaK94
    J4+K
    File size : 4322217 bytes
    First seen: 2011-01-30 16:52:41
    Last seen : 2011-02-12 09:15:14
    Magic: PE32 executable for MS Windows (GUI) Intel 80386 32-bit
     
  5. john2005

    john2005 Registered Member

    Joined:
    Dec 18, 2005
    Posts:
    36
    I just downloaded the file direct from radio sure. Presently, the file at snapfiles is version 2.2.1000.0 and the file at www.radiosure.com is version 2.2.1004.0 which accounts for the different MD5 numbers and different results.

    With the file I downloaded direct from radiosure, virustotal found 3 positives. I downloaded the file again from snapfiles and tested it just now, and it again received 6 positives.

    Normally, one or two positives indicates a false positive although it could very well mean that one or two scanners caught something the others didn't.

    The new radiosure version is going in the right direction since it has half the positives of the older version at snapfiles. I would still like to see a 100% clean rating.

    Everyone seems to love the software and I really want to try it, but the 6 positives on the version from snapfiles has just spooked me a little.

    So what do you guys think, just a false alarm ?

    Here is the file ID information on the file I downloaded from www.radiosure.com

    MD5 : 83aceed77b9aa6e859efa2d3f522343c
    SHA1 : 6346fee706ce2f686f966cc6feaeeb561536cf59
    SHA256: 1bc59405c221730b421ae3661207a7d74a9608ea7385e9706114d8714ce862e2
    ssdeep: 98304:g8hcgbR7JKgkq9pWvhynHyxyWjKNtNdDsT8oC9618IB4tNw:NcXgkqDbSxyWjKNt3YK94
    J4Xw
    File size : 4345795 bytes
    First seen: 2011-02-09 04:37:55
    Last seen : 2011-02-13 01:09:20

    sigcheck:
    publisher....: TheBestWare Studio
    copyright....: (c) TheBestWare Studio
    product......: RadioSure
    description..: The Best Radio Player.
    original name: n/a
    internal name: n/a
    file version.: 2.2.1004.0
    comments.....: n/a
    signers......: -
    signing date.: -
    verified.....: Unsigned
     
  6. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    I'm currently using this (great find btw). I ran Avast 5, MBAM, and HitMan Pro against it and found zilch. I don't trust VirusTotal at all, never have. That's neither here nor there, though.
     
  7. katio

    katio Guest

    you don't "trust" VT?
    Do you suggest it's forging results or something?

    You know how VT works, right. I get it if you say you don't trust some AVs or AVs in general.

    OP, already told you. These are heuristics detections. If you search their name you'll find info such as:
    "... exhibits characteristics commonly, but not exclusively, found in malware"
     
  8. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    No, I'm not suggesting nor believe it forges anything at all. I know how it works, I just find it to be much too sensitive, much too often. That's simply my opinion though, based on my own experiences with it.
     
  9. stackz

    stackz Registered Member

    Joined:
    Dec 27, 2007
    Posts:
    621
    Location:
    Sydney Australia
    Just a heuristic detection based on the packer used. It looks like Asdpack, which works in a very similar manner to some malware.
    (RadioSure v2.2.1000.0)
     
  10. karad

    karad Registered Member

    Joined:
    Sep 10, 2008
    Posts:
    237
    I run v.2.1969.0 ,and up to this version they were all clean.
     
  11. Adric

    Adric Registered Member

    Joined:
    Feb 1, 2006
    Posts:
    795
    If you have Prevx 3.0 installed and scan the file it comes up clean, but the Prevx on VT is still flagging it.

    Al
     
Loading...
Thread Status:
Not open for further replies.