Guest Posted March 13, 2013 Hi,Yesturday I updated my RealPlayer and I did a full system scan with Avast!8 Free Edition and Malwarebytes Antimalware Free Edition it didn't show up any detection. I then did a full system scan with SuperAntiSpyware Free Edition and it detected this file called RealCleaner and the detection name is Trojan.Agent/Gen-FraudScan[Prod]. Location of this file is on C:\Program Files(x86)\Real\RealPlayer\RealCleaner.EXE.Is this a legit detection or a false warning? I did some research yesturday but couldn't come up with any concrete evidence if this is true or false? Please advice. That file is now deleted and in quarantine.Did anyone of you here have experienced this? Please advice and help? Log file during that time is as follows: Application version: 5.6.1014 Core Rules Database Version: 10121 Trace Rules Database Version: 7933 The detection name and location is: Trojan.Agent/Gen-FraudScan[Prod]. Location of this file is on C:\Program Files(x86)\Real\RealPlayer\RealCleaner.EXE. I don't know if this is a false positive or not? Please help and advice? The file is deleted and in quarantine. Share this post Link to post Share on other sites
GuiltySpark Posted March 13, 2013 Hi staticguy, RealCleaner is a fake antimalware get rid of it ASAP Share this post Link to post Share on other sites
Guest Posted March 13, 2013 Thanks for your reply! Why would RealPlayer incorporate RealCleaner in the new update? Been using it for many years on and off? Seems like they incorporate random programs into their own products. DAEMON Tools installing a random toolbar i forgot the name of it and etc. Hate this when this happens? Now i am safe because it has been deleted and quarantined. Thanks. Why did SuperAntiSpyware able to catch this but not Avast! 8, AVG, Norton, MalwareBytes Antimalware, and etc? Share this post Link to post Share on other sites
GuiltySpark Posted March 13, 2013 MBAM should've caught it as it always used to. Share this post Link to post Share on other sites
Guest Posted March 13, 2013 Trojan.Agent/Gen-FraudScan[Prod] What does [Prod] means? Share this post Link to post Share on other sites
GuiltySpark Posted March 13, 2013 Possibly Productivity but am unsure exactly. Why Productivity ? Because of the way it works maybe ???? Share this post Link to post Share on other sites
Guest Posted March 13, 2013 Oh okay fair enough... don't really want to know about it because you told me it's a fake antimalware! Ummm... interesting since MBAM didn't detect this threat found this from MBAM forum about RealCleaner http://forums.malwarebytes.org/index.php?showtopic=97240 Share this post Link to post Share on other sites
Guest Posted March 13, 2013 Continuing from my above message.I even didn't double click the RealCleaner icon from the RealPlayer folder. i just did a full system scan from SuperAntiSpyware and it detected that. I also didn't get any pop up dialog box or notification from RealCleaner. Share this post Link to post Share on other sites
GuiltySpark Posted March 13, 2013 It may have deactivated MBAMs detection, give your computer a good going over including starting in safe mode to see if MBAM is working fine. Share this post Link to post Share on other sites
Guest Posted March 13, 2013 SuperAntiSpyware already deleted this threat and quarantined it? Should i update MBAM again and run in safe mode? Share this post Link to post Share on other sites
GuiltySpark Posted March 13, 2013 Might be worth it as it never hurts to double check just to make sure everythings working as it should be Incidently, if you want a decent media player thats not as much of a resource hog and plays just about any type of vid files : http://www.filehippo.com/download_vlc_32/ Share this post Link to post Share on other sites
Guest Posted March 13, 2013 Yeap will do it right now and will report back I already have VLC installed Share this post Link to post Share on other sites
Guest Posted March 14, 2013 No malicious stuff found running MBAM in safe mode. that link that i gave you http://forums.malwarebytes.org/index.php?showtopic=97240 it's 3 years ago? Probably it was being detected back then. Back then I didn't have RealPlayer installed? Probably it came back again. Share this post Link to post Share on other sites
Guest Posted March 14, 2013 Uhh.... I got some new developments regarding RealCleaner. One of the staff from MBAM forum wrote this to me: I was able to retrieve the file you uploaded to virustotal from the link in the avast forum. This is a false positive detection on Superantispywares part. Notice on virustotal they are the only one to detect it out of 40+ av companies? This is a legit component of realplayer. If you right click the file and hit properties it has a valid signature signed by realnetworks.There is a realcleaner rogue but its not in this location ever.This is where the realcleaner rogue is located:C:\Program Files\realcleaner\realcleaner.exeThis is where the legit realcleaner is located:C:\Program Files(x86)\Real\RealPlayer\RealCleaner.EXE.Sigcheckpublisher................: RealNetworks, Inc.product..................: RealCleanerinternal name............: RealCleanercopyright................: Copyright © RealNetworks, Inc. 1995-2012original name............: RealCleaner.exesigning date.............: 9:03 PM 3/6/2013signers..................: RealNetworks, Inc.; Thawte Code Signing CA - G2; thawte Primary Root CAfile version.............: 16.0.1.18description..............: RealCleaner Can the SuperAntiSpyware team verify this please? Share this post Link to post Share on other sites
GuiltySpark Posted March 14, 2013 Hi staticguy, Thanks for reporting back. In order for the SAS malware team to update the next batch of definitions, when SAS picks it up again can you use the built in FP reporter, the file will then be sent to the team for further analysis and update. Thanks Share this post Link to post Share on other sites
Guest Posted March 14, 2013 How and where can i use the FP reporter. I am new at this . I am using the Free version of SuperAntiSpyware. Share this post Link to post Share on other sites
GuiltySpark Posted March 14, 2013 https://forums.superantispyware.com/index.php?/topic/6825-how-to-submit-false-positives/ Share this post Link to post Share on other sites
Guest Posted March 14, 2013 the button "report false positive" is greyed out Share this post Link to post Share on other sites
GuiltySpark Posted March 14, 2013 Did you highlight the detection first ? Share this post Link to post Share on other sites
Guest Posted March 14, 2013 oh lol my bad. forgot to highlight it. Thanks. Share this post Link to post Share on other sites
GuiltySpark Posted March 14, 2013 No worries The malware team should have things sorted in the next update or two Thanks again for reporting your findings. Share this post Link to post Share on other sites
Guest Posted March 14, 2013 Done. Just now I reported it. It will take some time. Thanks for all of your help and assistance And your welcome for reporting this Share this post Link to post Share on other sites
geoff Posted March 14, 2013 Hi, This should be fixed as of SUPERAntiSpyware Core 10132 or greater. Can you let us know if it's not resolved for you? Thanks, Geoff Share this post Link to post Share on other sites
Guest Posted March 15, 2013 Yeap it has been resolved. Share this post Link to post Share on other sites