UBCD4Win Forums: Eraser_SFX.exe - Antivir declared that as a virus - UBCD4Win Forums

Jump to content

Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

Eraser_SFX.exe - Antivir declared that as a virus

#1 User is offline   calgonite Icon

  • Newbie
  • Pip
    • Group: Members
    • Posts: 1
    • Joined: 04-December 07

    Post icon  Posted 04 December 2007 - 03:14 PM

    Hi,

    used my original Windows CD to create the UBCD.

    Eraser_SFX.exe was found from Antivir. Declared this as a virus. :closedeyes:

    And this is from the downloaded package.

    Any info on that file? :unsure:

    Thanks,

    Christian
    0

    #2 User is offline   LittlBUGer Icon

    • Main Mirror/Here Since Beginning
    • PipPipPipPipPipPipPip
      • Group: Members
      • Posts: 4,698
      • Joined: 27-May 04
      • Location:MT, USA
      • Interests:Computers and stuff...<br /><br />:-)

      Post icon  Posted 04 December 2007 - 03:37 PM

      As the FAQ ( http://www.ubcd4win.com/faq.htm#false ) states, it's a false positive.



      "Only two things are infinite, the universe and human stupidity, and I'm not sure about the former." - Albert Einstein
      "Computers are really strange - first everything works fine, then something goes terribly wrong and nothing works, and then - like a thunderbolt from a clear sky, everything is back to normal again. It's like nothing ever happened. Like the computer were female." - Unknown
      "Some people say that I must be a terrible person, but it's not true. I have the heart of a young boy. In a jar on my desk." - Stephen King
      "If there is anything the nonconformist hates worse than a conformist, it's another nonconformist who doesn't conform to the prevailing standard of nonconformity." - Bill Vaughan
      "Microsoft Windows [n.]: A thirty-two bit extension and GUI shell to a sixteen bit patch to an eight bit operating system originally coded for a four bit microprocessor and sold by a two-bit company that can't stand one bit of competition." - Unknown
      "When a newly married couple smiles, everyone knows why. When a ten-year married couple smiles, everyone wonders why." - Unknown
      0

      #3 User is offline   rdsok Icon

      • rdsok
      • PipPipPipPipPipPipPipPip
        • Group: Admin
        • Posts: 6,037
        • Joined: 02-October 05
        • Gender:Male
        • Location:Norman, Ok. USA

        Posted 04 December 2007 - 03:50 PM

        As usual, this is a false positive being made by your antivirus program. This often happens with many antivirus programs and the main cause is from the fact that the malware authors are also using the very same compilers and file libraries of code that normal programs use so when a new malware detection is added to the antivirus definition files... it can have enough common code with normal programs that the normal program gets misdetected as a malware threat.

        There is little that we can do about these detections except try and educate the users a bit and provide a bit of info to help support our statements.

        I'll start by using a third party confirmation for what we state that UBCD4Win has been tested by Softpedia and was awarded a 100% Clean Award as can be verified on their website here http://www.softpedia...lean-76994.html

        Since each time this happens its with a different program or detected as different threats we've can only address them in general. So we also got some info about these in the FAQ's here http://www.ubcd4win.com/faq.htm#false

        Before you do anything else... update your antivirus or other protection program and test the file again. Most of the companies will update their definitions often and may have already corrected the issue... so always test with the latest updates before you do anything else.

        We can also tell you how to double check all of the above by doing additional testing. Before you even run anything in the project... disable your On Access scanner for your protection program and then test the file or files in question at either http://virusscan.jotti.org/ or at http://www.virustotal.com . If you don't disable your protection you won't be able to upload the file because your protection software will block access to it.

        Once you have tested and proven to yourself that it truely is a false positive... report the detection to your antivirus program's company so they can correct the issue. Don't get mad at them and switch for this type of reason alone... you would only switch one set of false detections for another that another program would have... so work with the company directly to get the issue resolved and you will help all users of the antivirus program.

        If they want you to email them a copy of the file being detected... remember to archive the file ( arc, cab, tar, zip etc ) using a password and then send the archive file, tell them the password and tell them what it is being reported as along with any other info they may request.
        Plan A is always more effective when the device you are working on understands that Plan B involves either a large hammer or screwdriver....
        0

        #4 User is offline   mtz1 Icon

        • Newbie
        • Pip
          • Group: Members
          • Posts: 1
          • Joined: 13-December 07

          Posted 13 December 2007 - 02:19 PM

          Calgonite,

          Avast also flagged that file.

          LittlBUGer and rdsok,

          I am responding to this because I believe this would be the best place to let the author and other users that read the forums about some possible false negatives.
          If there isn't a complete list of Known False Positives, couldn't we at least have a short list?

          From the FAQ's here
          http://www.ubcd4win....q.htm#downvirus
          It mentions letting the author know so he can also communicate with the AV companies to have the file adjusted by the AV companies.

          Yes, I will try to send the file to Avast so they can update their files.

          Thanks for your help.

          Marc
          0

          #5 User is offline   rdsok Icon

          • rdsok
          • PipPipPipPipPipPipPipPip
            • Group: Admin
            • Posts: 6,037
            • Joined: 02-October 05
            • Gender:Male
            • Location:Norman, Ok. USA

            Posted 13 December 2007 - 04:24 PM

            mtz1

            Some points about your post

            First... we aren't the authors of the software that you are talking about... we develop plugins made from other authors software/utils to be used with the boot CD that you can create with the UBCD4Win project.

            Second, with false positives the list changes daily as the virus programs update their definitions... So today it may detect something in program A... the virus definitions get corrected and then it doesn't get detected. So no list is possible since its always changing.

            Third... you need to report the false to the Antivirus or protection software company ( like you mentioned )... they are the ones that need to make the corrections.

            Forth, and this is somewhat related to the third one and is an exception to it... sometimes the antivirus ( or other protection software ) is not reporting a malware... they are reporting a riskware or hacktool ( depending on what that company calls it )... in that case it isn't a false... its just a notice to you the user of the issue. So pay attention to what your protection software is really telling you, it may not be saying its a malware.


            So in short... can't do a list... then the only good that reporting that AV or AS software X is calling utility Y a malware is so other users of the project will be aware of it... but as mentioned there is nothing we can do directly other than to clear up the issue for some.
            Plan A is always more effective when the device you are working on understands that Plan B involves either a large hammer or screwdriver....
            0

            #6 User is offline   bengt Icon

            • Skeptic
            • PipPipPipPipPipPip
              • Group: Donator/Beta Tester
              • Posts: 1,261
              • Joined: 16-December 05
              • Gender:Male
              • Location:Bork, bork, bork

              Posted 13 December 2007 - 05:48 PM

              Tourettes, Tourettes, Tourettes, Tourettes, Tourettes
              0

              Page 1 of 1
              • You cannot start a new topic
              • You cannot reply to this topic

              1 User(s) are reading this topic
              0 members, 1 guests, 0 anonymous users