Jump to content
Sign in to follow this  
Guest

RealCleaner - RealPlayer

Recommended Posts

Guest

Hi,

Yesturday I updated my RealPlayer and I did a full system scan with Avast!8 Free Edition and Malwarebytes Antimalware Free Edition it didn't show up any detection. I then did a full system scan with SuperAntiSpyware Free Edition and it detected this file called RealCleaner and the detection name is Trojan.Agent/Gen-FraudScan[Prod]. Location of this file is on C:\Program Files(x86)\Real\RealPlayer\RealCleaner.EXE.

Is this a legit detection or a false warning? I did some research yesturday but couldn't come up with any concrete evidence if this is true or false? Please advice. That file is now deleted and in quarantine.

Did anyone of you here have experienced this? Please advice and help?

 

Log file during that time is as follows:

Application version: 5.6.1014

Core Rules Database Version: 10121

Trace Rules Database Version: 7933

 

The detection name and location is: Trojan.Agent/Gen-FraudScan[Prod]. Location of this file is on C:\Program Files(x86)\Real\RealPlayer\RealCleaner.EXE.

 

I don't know if this is a false positive or not? Please help and advice? The file is deleted and in quarantine.

Share this post


Link to post
Share on other sites
Guest

Thanks for your reply! Why would RealPlayer incorporate RealCleaner in the new update? Been using it for many years on and off? Seems like they incorporate random programs into their own products.

 

DAEMON Tools installing a random toolbar i forgot the name of it and etc. Hate this when this happens? Now i am safe because it has been deleted and quarantined. Thanks.

 

Why did SuperAntiSpyware able to catch this but not Avast! 8, AVG, Norton, MalwareBytes Antimalware, and etc?

Share this post


Link to post
Share on other sites
Guest

Continuing from my above message.

I even didn't double click the RealCleaner icon from the RealPlayer folder. i just did a full system scan from SuperAntiSpyware and it detected that. I also didn't get any pop up dialog box or notification from RealCleaner.

Share this post


Link to post
Share on other sites

It may have deactivated MBAMs detection, give your computer a good going over including starting in safe mode to see if MBAM is working fine.

Share this post


Link to post
Share on other sites
Guest

SuperAntiSpyware already deleted this threat and quarantined it? Should i update MBAM again and run in safe mode?

Share this post


Link to post
Share on other sites
Guest

Uhh.... I got some new developments regarding RealCleaner. One of the staff from MBAM forum wrote this to me:

 

I was able to retrieve the file you uploaded to virustotal from the link in the avast forum. This is a false positive detection on Superantispywares part. Notice on virustotal they are the only one to detect it out of 40+ av companies? This is a legit component of realplayer. If you right click the file and hit properties it has a valid signature signed by realnetworks.

There is a realcleaner rogue but its not in this location ever.

This is where the realcleaner rogue is located:

C:\Program Files\realcleaner\realcleaner.exe

This is where the legit realcleaner is located:

C:\Program Files(x86)\Real\RealPlayer\RealCleaner.EXE.

Sigcheck

publisher................: RealNetworks, Inc.
product..................: RealCleaner
internal name............: RealCleaner
copyright................: Copyright © RealNetworks, Inc. 1995-2012
original name............: RealCleaner.exe
signing date.............: 9:03 PM 3/6/2013
signers..................: RealNetworks, Inc.; Thawte Code Signing CA - G2; thawte Primary Root CA
file version.............: 16.0.1.18
description..............: RealCleaner

 

Can the SuperAntiSpyware team verify this please?

Share this post


Link to post
Share on other sites

Hi staticguy,

Thanks for reporting back.

In order for the SAS malware team to update the next batch of definitions, when SAS picks it up again can you use the built in FP reporter, the file will then be sent to the team for further analysis and update.

Thanks :)

Share this post


Link to post
Share on other sites
Guest

How and where can i use the FP reporter. I am new at this :-P . I am using the Free version of SuperAntiSpyware.

Share this post


Link to post
Share on other sites
Guest

Done. Just now I reported it. It will take some time. Thanks for all of your help and assistance 8)

 

And your welcome for reporting this 8)

Share this post


Link to post
Share on other sites

Hi,


This should be fixed as of SUPERAntiSpyware Core 10132 or greater.  Can you let us know if it's not resolved for you?

 

Thanks,

 

Geoff

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

×