Win32/VMalum.CIDD infection in sbautoupdate.exe?

Hi,

Yes - the false positive has been resolved in the following anti-virus programs as of the 2008.03.31 update:

• CA / eTrust anti-virus
• Norman

If you have those anti-virus programs installed (or one of the suites), please update your virus definitions. You should then be able to reinstall SpywareBlaster and use it without any further conflict. (In this situation we recommend reinstalling "over-the-top" - i.e. to the same folder as before, and without first uninstalling.)

We're working with the others to get this completely resolved as quickly as possible.

Best regards,

-Javacool

 

Great

 

I have a reply from Spyblaster:

Hi,

This detection was a false-positive. Your anti-virus program(s) mistakenly identified the AutoUpdate module as malicious - this is not the case, and we're working with the anti-virus company that made this mistake to correct their definitions. Unfortunately, these problems seem to crop up every once in a while, especially after a new release.

Please contact your anti-virus companies and alert them to the false positive (we have notified them but consumer voices often help speed this up).

Unfortunately, given the fact that many of these anti-virus programs do not have good exclusion list features, it will be difficult to reinstall SpywareBlaster until the bug in the anti-virus program is fixed.

In a few days, your antivirus company should resolve the problem and release an update. At that time you can try reinstalling SpywareBlaster. You can download the SpywareBlaster 4.0 installer from here:
http://www.javacoolsoftware.com/sbdownload.html


Best Regards,

-Javacool Software Support
http://www.javacoolsoftware.com/support

I also submitted this to Secunia and eEye security mainly because it is a CIDD file and it is being used in auto updates. In the mean time just disable auto updates and only use manual updates. Doing manual updates will not use this file anyway. Btw, security wise one should not allow any program to auto update.

Cheers, Have a Great Day

 

Hi,

As mentioned above, this is a false positive detection that has since been resolved by most of the affected anti-virus companies.

The file is not malicious in any way - it is legitimate and clean. The error was on the side of a few anti-virus companies, and it has since been resolved by most.

Best regards,

-Javacool

 

Also detected Win32/VMalum in wextract.exe (XP-SP3-RC1 version) by CA AV version 5744.
Replacing the file with the XP-SP3-RC2 version stopped the detection.
I also got the "virtue" response that the file was malware - I'll be pursuing CA.
In a wry twist, CA-AV updates were failing due to lack of the file it had quarantined!