Jump to content
Sign in to follow this  
ng95901

False positive?

Recommended Posts

Here are the results of my latest scan AFTER updating to the 1/13/11 definitions update:

SUPERAntiSpyware Scan Log

https://www.superantispyware.com

Generated 01/14/2011 at 07:29 AM

Application Version : 4.47.1000

Core Rules Database Version : 6199

Trace Rules Database Version: 4011

Scan type : Complete Scan

Total Scan Time : 00:44:38

Memory items scanned : 384

Memory threats detected : 0

Registry items scanned : 9285

Registry threats detected : 0

File items scanned : 39158

File threats detected : 2

Trojan.Agent/Gen-FraudPack

C:\PROGRAM FILES\CAFESCRIBE\MYSCRIBE\UNINSTALL.EXE

C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\MYSCRIBE\UNINSTALL.LNK

As you can see, the scan is now stating that the uninstall files for my Myscribe reader are now a trojan. Prior to the definitions update of 1/13, this did not occur. It should also be noted that I also scanned with Norton 360, Malwarebytes and CounterSpy and none of them indicated a positive on either of these files. The files do not appear to have been modified and still have the date pertaining to their install date which was back in early December. They were moved into my quarantine by the software and I am waiting to hear from someone official before I move them back. I have reported this issue as well nearly 12 hours ago using the software reporting feature...

Share this post


Link to post
Share on other sites

Now to test if this was indeed a false positive, I went to a completely different computer and ran a scan PRIOR to updating to the latest definition file. No threats were found. I then installed a clean installation of Myscribe and then ran the update to the latest definitions file for SuperAntiSpyware and then ran the scan. Again it is picking up the same exact files as it did on my computer:

SUPERAntiSpyware Scan Log

https://www.superantispyware.com

Generated 01/14/2011 at 11:04 AM

Application Version : 4.45.1000

Core Rules Database Version : 6203

Trace Rules Database Version: 4015

Scan type : Complete Scan

Total Scan Time : 00:03:55

Memory items scanned : 488

Memory threats detected : 0

Registry items scanned : 4899

Registry threats detected : 0

File items scanned : 2073

File threats detected : 2

Trojan.Agent/Gen-FraudPack

C:\PROGRAM FILES\CAFESCRIBE\MYSCRIBE\UNINSTALL.EXE

C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\MYSCRIBE\UNINSTALL.LNK

No replies thus far from customer service....

Share this post


Link to post
Share on other sites

Now to test if this was indeed a false positive, I went to a completely different computer and ran a scan PRIOR to updating to the latest definition file. No threats were found. I then installed a clean installation of Myscribe and then ran the update to the latest definitions file for SuperAntiSpyware and then ran the scan. Again it is picking up the same exact files as it did on my computer:

SUPERAntiSpyware Scan Log

https://www.superantispyware.com

Generated 01/14/2011 at 11:04 AM

Application Version : 4.45.1000

Core Rules Database Version : 6203

Trace Rules Database Version: 4015

Scan type : Complete Scan

Total Scan Time : 00:03:55

Memory items scanned : 488

Memory threats detected : 0

Registry items scanned : 4899

Registry threats detected : 0

File items scanned : 2073

File threats detected : 2

Trojan.Agent/Gen-FraudPack

C:\PROGRAM FILES\CAFESCRIBE\MYSCRIBE\UNINSTALL.EXE

C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\MYSCRIBE\UNINSTALL.LNK

No replies thus far from customer service....

You should update to the last 4.48.1000 product, FYI. Did you provide an e-mail when you did the false positive report?

Share this post


Link to post
Share on other sites

updated to the newest build and rescanned. No change-it still gets to the same file and calls it the same exact thing. I aborted the scan before it got to the second file. Here are the results:

And yes, I did include my email address with the report I sent

SUPERAntiSpyware Scan Log

https://www.superantispyware.com

Generated 01/14/2011 at 12:14 PM

Application Version : 4.48.1000

Core Rules Database Version : 6204

Trace Rules Database Version: 4016

Scan type : Complete Scan

Total Scan Time : 00:06:43

Memory items scanned : 716

Memory threats detected : 0

Registry items scanned : 10092

Registry threats detected : 0

File items scanned : 2289

File threats detected : 1

Trojan.Agent/Gen-FraudPack

C:\PROGRAM FILES\CAFESCRIBE\MYSCRIBE\UNINSTALL.EXE

Share this post


Link to post
Share on other sites

Well, it has been almost two days since I posted this and there is no resolution as of yet. Given the data that I have provided, it should have been very easy to make a determination on this. The 1/14/11 definitions update did not appear to resolve this issue and looking around at some of the other false positive posts on this forum , one can perhaps easily conclude that definition Trojan.Agent/Gen-FraudPack has an issue. I have received no emails from customer service although I suspect they are chasing their tales over multiple reports. I have recommended this software application to many I encounter, but I am starting to wonder if my evaluation of this product is accurate given the current circumstances...

Share this post


Link to post
Share on other sites

I would really like to hear some official word on this. It has been five days since I first reported this and I have not received either an email or an response here. It is difficult to recommend a product when you submit reports and receive absolutely no feedback...

Share this post


Link to post
Share on other sites

ok So I receive an email response stating that this has been rectified. I restore the previous files and then update to the latest definitions file and begin to scan. Guess what? It is still not rectified at this point. Here are the scan results and my subsequent reply to SAS customer service:

This has not been corrected. I have just done a scan with the very latest definitions update and it is STILL detecting the uninstall.exe for CafeScribe's Myscribe as a Trojan even though I just reinstalled it from my university. Prior to the 1/13 definitions update I never had this issue. Here are the results of the latest scan. Please get this rectified!

SUPERAntiSpyware Scan Log

https://www.superantispyware.com

Generated 01/17/2011 at 01:14 PM

Application Version : 4.48.1000

Core Rules Database Version : 6219

Trace Rules Database Version: 4031

Scan type : Complete Scan

Total Scan Time : 00:11:21

Memory items scanned : 446

Memory threats detected : 0

Registry items scanned : 9250

Registry threats detected : 0

File items scanned : 2005

File threats detected : 3

Adware.Tracking Cookie

C:\Users\Roy G\AppData\Roaming\Microsoft\Windows\Cookies\roy_g@doubleclick[1].txt

C:\Users\Roy G\AppData\Roaming\Microsoft\Windows\Cookies\roy_g@pro-market[1].txt

Trojan.Agent/Gen-FraudPack

C:\PROGRAM FILES\CAFESCRIBE\MYSCRIBE\UNINSTALL.EXE

Share this post


Link to post
Share on other sites

ok So I receive an email response stating that this has been rectified. I restore the previous files and then update to the latest definitions file and begin to scan. Guess what? It is still not rectified at this point. Here are the scan results and my subsequent reply to SAS customer service:

This has not been corrected. I have just done a scan with the very latest definitions update and it is STILL detecting the uninstall.exe for CafeScribe's Myscribe as a Trojan even though I just reinstalled it from my university. Prior to the 1/13 definitions update I never had this issue. Here are the results of the latest scan. Please get this rectified!

SUPERAntiSpyware Scan Log

https://www.superantispyware.com

Generated 01/17/2011 at 01:14 PM

Application Version : 4.48.1000

Core Rules Database Version : 6219

Trace Rules Database Version: 4031

Scan type : Complete Scan

Total Scan Time : 00:11:21

Memory items scanned : 446

Memory threats detected : 0

Registry items scanned : 9250

Registry threats detected : 0

File items scanned : 2005

File threats detected : 3

Adware.Tracking Cookie

C:\Users\Roy G\AppData\Roaming\Microsoft\Windows\Cookies\roy_g@doubleclick[1].txt

C:\Users\Roy G\AppData\Roaming\Microsoft\Windows\Cookies\roy_g@pro-market[1].txt

Trojan.Agent/Gen-FraudPack

C:\PROGRAM FILES\CAFESCRIBE\MYSCRIBE\UNINSTALL.EXE

All files mentioned have been reviewed and taken care of! Thank you for your patience

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

×