Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

aswMBR a virus?


  • Please log in to reply
18 replies to this topic

#1 keyes528

keyes528

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:12:41 AM

Posted 04 July 2014 - 04:31 PM

I downloaded aswmbr from bleeping computer. When I ran it, Kaspersky blocked it.

I installed norton to scan it, and when I did, Norton removed it saying it was Malware.

Is this a false positive? The download came from public.avast.com. im worried that when I ran it, it could have done something bad.

Can someone confirm it was a false positive?

BC AdBot (Login to Remove)

 


#2 wpgwpg

wpgwpg

  • Members
  • 1,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US of A
  • Local time:08:41 PM

Posted 04 July 2014 - 04:36 PM

 See the BC writeup about it here.  http://www.bleepingcomputer.com/download/aswmbr/ .  


Everyone with a computer should back his system up to an external hard drive regularly.  :thumbsup:

#3 keyes528

keyes528
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:12:41 AM

Posted 04 July 2014 - 04:41 PM

See the BC writeup about it here.  http://www.bleepingcomputer.com/download/aswmbr/ .

Yes I downloaded it from there, and when I ran it kaspersky blocked it. When I Installed norton it rwmoved it.

Is this false? Im worried now.

#4 wpgwpg

wpgwpg

  • Members
  • 1,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US of A
  • Local time:08:41 PM

Posted 04 July 2014 - 04:44 PM

 This is the age old problem when you have two antivirus type programs.  Each sees the other as a virus.  If you really believe you have a rootkit on your computer, you'll need to disable your antivirus while installing and running this program.  I recommend you disconnect your computer from the Internet while doing that.


Everyone with a computer should back his system up to an external hard drive regularly.  :thumbsup:

#5 keyes528

keyes528
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:12:41 AM

Posted 04 July 2014 - 04:47 PM

This is the age old problem when you have two antivirus type programs.  Each sees the other as a virus.  If you really believe you have a rootkit on your computer, you'll need to disable your antivirus while installing and running this program.  I recommend you disconnect your computer from the Internet while doing that.


But is it a legitimate program? Im worried that when I tried to run it that something bad happened...

Can you confirm its authentic?

#6 wpgwpg

wpgwpg

  • Members
  • 1,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US of A
  • Local time:08:41 PM

Posted 04 July 2014 - 04:54 PM

 I have no reason to suspect anything downloaded from BC.  I've downloaded a number of programs here, and I haven't seen the first indication that anybody has had any problems with anything they download here.  That's a rarity these days I know.  You can wait and see if anybody can add to the subject, but that's my perspective. 


Everyone with a computer should back his system up to an external hard drive regularly.  :thumbsup:

#7 keyes528

keyes528
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:12:41 AM

Posted 04 July 2014 - 05:00 PM

I have no reason to suspect anything downloaded from BC.  I've downloaded a number of programs here, and I haven't seen the first indication that anybody has had any problems with anything they download here.  That's a rarity these days I know.  You can wait and see if anybody can add to the subject, but that's my perspective.

Could you check with the same products or whatever you have?

Or if anyone else can check please. I would be very greatful.

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,897 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:41 PM

Posted 04 July 2014 - 05:02 PM

aswMBR is legitimate. False detections by anti-virus programs for specialized fix tools are not uncommon.

Certain embedded files that are part of legitimate programs or specialized fix tools, may at times be detected by some anti-virus and anti-malware scanners as suspicious, a Risk Tool, Hacking Tool, Potentially Unwanted Program, a possible threat or even Malware (virus/trojan) when that is not the case. This occurs for a variety of reasons to include the tool's compiler, the files it uses, whether files are compressed or packed, what behavior (routines, scripts, etc) it performs, any registry strings it may contain and the type of security engine that was used during the scan. Other legitimate files which may be obfuscated, encrypted or password protected in order to conceal itself so they do not allow access for scanning but often trigger alerts by anti-virus software.

When flagged by an anti-virus or security scanner, it's because the program includes features, behavior or files that appear suspicious or which can potentially be used for malicious purposes. Compressed and packed files in particular are often flagged as suspicious by security software because they have difficulty reading what is inside them. These detections do not necessarily mean the file is malicious or a bad program. It means it has the potential for being misused by others or that it was simply detected as suspicious or a threat due to the security program's heuristic analysis engine which provides the ability to detect possible new variants of malware. Anti-virus scanners cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert you or even automatically remove them. In these cases the detection is a "false positive" and can be ignored.

Most of the well known specialized tools we use as malware fighters are written by known experts at various security forums like Bleeping Computer, TechSupport, GeeksToGo, SypwareInfo and other similar sites so they can be trusted...this includes any program hosted by BC for download. Unfortunately, many of these tools are repeatedly falsely detected by various anti-virus programs from time to time.

The problem is really with the anti-virus vendors who keep targeting these embedded files and NOT with the tools themselves. We can inform the developers but they have encountered this issue many times before and in most cases there isn't much they can do about it. Once the detection is reported to the anti-virus vendor, they are usually quick to fix it by releasing an updated definition database.

If you're attempting to download the file, either have your anti-virus ignore the detection or temporarily disable it until you download and run the tool.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 keyes528

keyes528
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:12:41 AM

Posted 04 July 2014 - 05:08 PM

Also, I saw in the norton logs it had removed a cache file at the same time as chrome was downloading it, in the appdata chrome folder. Was this a temp file caused by downloading it? It was created at the same time as downloading it, and removed and labled as the same thing as norton removed it when I had it in my downloass folder.

#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,897 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:41 PM

Posted 04 July 2014 - 05:11 PM

Was this a temp file caused by downloading it?

Yes...again you can ignore the detection.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 keyes528

keyes528
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:12:41 AM

Posted 04 July 2014 - 05:20 PM

Was this a temp file caused by downloading it?

Yes...again you can ignore the detection.
It wasnt the temp in the downloads but rather in chrome appdata folder.. is that okay aswell?

It was a file from
C:\Users\%username%\AppData\Local\Google\Chrome\User Data\Default\Cache

#12 keyes528

keyes528
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:12:41 AM

Posted 04 July 2014 - 05:50 PM

So is that all okay looking?

#13 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,897 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:41 PM

Posted 04 July 2014 - 06:52 PM

Browser cache folders are used for the temporary storage (caching) of files created during your activity on the net. You can ignore the detection.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#14 keyes528

keyes528
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:12:41 AM

Posted 04 July 2014 - 06:55 PM

Yeah I found it in the cache folder as I downloaded it another time to test, and Norton now decides a trojan.gen2, both the .exe and cache file.

#15 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,897 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:41 PM

Posted 04 July 2014 - 07:00 PM

Generic detections are usually a heuristics engine detection of possible new variants of malware before the vendor can get samples and update the program's definitions for detection. Heuristics uses non-specific detection methods to find new or unknown malware which allows the anti-virus to detect and stop if before doing any harm to your system. Heuristic scanning methods vary depending on the vendor. Some claim to allow emulation of the file's activities in a virtual sandbox. Others scan the file more intensively, searching line by line inspecting the code in a file to see if it contains virus-like characteristics. If the number of these characteristics/instructions exceeds a pre-defined threshold, the file is flagged as a possible virus. Generic detections are generally seen having numerous variants, ending with different alpha/numerical characters representing additional information - see Microsoft Malware Protection Center Naming Standards.

* Eset: Heuristic AnalysisDetecting Unknown Viruses
* Kaspersky: What is heuristic analysis

The disadvantage to using heuristics is that it is not as reliable as signature-based detection (blacklisting) and can potentially increase the chances that a non-malicious program is flagged as malicious. With heuristics, there is always a potential risk for a "false positive" when the heuristic analysis flags a file as suspicious or infected that contains no malware.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users