Announcement

Collapse
No announcement yet.

Antivir Virus found in Daemon Tools Pro

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #16
    Hmmm...

    I think you guys should just come clean and say that that file is where the adware is; because according to the latest beta of ESS ( Eset Smart Security), dtprohlp.dll is a variant of Win32/Adware.WhenU.SaveNow and heres a picture to prove it,

    Comment


    • #17
      Latest from Avira :-
      File ID Filename Size (Byte) Result
      1098649 dtprohlp.dll 367.95 KB FALSE POSITIVE


      Please find a detailed report concerning each individual sample below:
      Filename Result
      dtprohlp.dll FALSE POSITIVE

      The file 'dtprohlp.dll' has been determined to be 'FALSE POSITIVE'. In particular this means that this file is not malicious but a false alarm. Detection will be removed from our virus definition file (VDF) with one of the next updates.

      Comment


      • #18
        Originally Posted by blackkanto View Post
        I think you guys should just come clean and say that that file is where the adware is; because according to the latest beta of ESS ( Eset Smart Security), dtprohlp.dll is a variant of Win32/Adware.WhenU.SaveNow and heres a picture to prove it,
        Is it maybe because you are using an adware version of DT?

        Comment


        • #19
          Originally Posted by blackkanto View Post
          I think you guys should just come clean and say that that file is where the adware is; because according to the latest beta of ESS ( Eset Smart Security), dtprohlp.dll is a variant of Win32/Adware.WhenU.SaveNow and heres a picture to prove it,
          The DTools team has always been upfront about the adware included in the standard and the ad-supported versions, so why would they try to hide it now?

          Comment


          • #20
            Originally Posted by LocutusofBorg View Post
            please WHAT??
            Damn, that guys at Avira soon drives us nuts!
            We even have a customer who is in beta-team there.
            Maybe we now have to announce to not use Avira anymore
            but something else when you plan to use DT Pro. It is obvious
            they are not capable to handle complex process to identify
            real spyware/adware and a LICENSEkeyfile which has ABSOLUTLEY
            NO adware NOR spyware in it.
            My goodness
            its because of this post.... and its kinda fishy putting the adware in a .dll that appears to be related to help for DT Pro, they could have made it plain in sight the name of the adware or something along those lines, why go through all the trouble to make it in to something else?

            Comment


            • #21
              Originally Posted by Sir Camehan View Post
              Knowing the DT team, its more than wrapped with UPX, since UPX is incredibly easy to unwrap
              Well, the DLL seems to be in fact packed with UPX. When unpacked you find these strings inside :

              WHENU.COM INC VeriSign Class 3 Code Signing 2004 CADAEM Partner InstallTime SOFTWARE\WhenUSave\Partners Save.exe none wusa
              ve wubar wusv
              br whse.exe

              So probaby it's why the AV is reporting it.
              Last edited by lmgava; 11.07.2007, 00:07.

              Comment


              • #22
                Maybe, since thats for the adware version, thats what its also wrapped with. With the retail however, its wrapped in something a lot stronger......in addition to UPX.

                Comment


                • #23
                  Originally Posted by Sir Camehan View Post
                  Maybe, since thats for the adware version, thats what its also wrapped with. With the retail however, its wrapped in something a lot stronger......in addition to UPX.
                  Sorry, I was talking about the dll I have on my pc, and I have the DT PRO retail. I never installed the adware version.

                  Reading this thread and since I saw the strings I mentioned, I supposed it's the same dll in both cases. Maybe I'm wrong, I never saw the adware version as I said.

                  Addendum: just tried with virustotal too. I got the same results reported here previously, so I really believe the dll it's the same. Maybe it's inactive in the retail version. I don't know. Maybe it's not really adware either, again I don't know. I can see why the content can seem suspicious anyway.
                  Last edited by lmgava; 11.07.2007, 11:00.

                  Comment


                  • #24
                    Maybe it's not really adware either, again I don't know. I can see why the content can seem suspicious anyway.
                    Could be due to extra encryption, but the adware is definately not physically in the library.

                    Comment


                    • #25
                      In Antivir's options you can exclude files from scans and the resident guard. I have done that since I was also getting the warning and only with Antivir. Avira needs to update their definitions and detection algorithms to exclude this file.
                      http://www.y0himba.net

                      Comment


                      • #26
                        Since the file is encrypted anti-vir just cant say whats in it
                        and thats why it sounds the alarm. Add it to encryption.

                        This has been known since release ...and has been posted
                        multiple times.
                        Guys vote for the threads you read to give
                        the rating system a place to live ^^

                        Comment


                        • #27
                          Avira freaks out a bit while installing daemon tools :P and while downloading the key file. What i did was add daemon-tools folder and folder where i download key to exclude list.

                          Actually avira has a lot of false positives, anything that is encrypted usually gets a warning.

                          Comment


                          • #28
                            Originally Posted by Ozulus View Post
                            Avira freaks out a bit while installing daemon tools :P and while downloading the key file. What i did was add daemon-tools folder and folder where i download key to exclude list.
                            Actually avira has a lot of false positives, anything that is encrypted usually gets a warning.
                            That's why I use Kaspersky Internet Security 7.

                            Comment


                            • #29
                              And why I use NOD32. There's a lot of good ones out there. Unfortunately, there's even more that are either worthless or cause more trouble than they're worth.

                              Comment


                              • #30
                                Gotta agree with Jito463 there.
                                I'm a big Nod32 fan and readily recommend it to anyone and everyone.
                                Goodnight Brave Warrior, Goodnight Monster-land..

                                Comment

                                Working...
                                X