INTERACT FORUM

Please login or register.

Login with username, password and session length
Advanced search  
Pages: [1]   Go Down

Author Topic: Virus checker and false positives in MediaCenter130112.exe  (Read 4313 times)

xen-uno

  • Regular Member
  • Citizen of the Universe
  • *****
  • Posts: 2489
  • Checking your hard disk for errors...
Virus checker and false positives in MediaCenter130112.exe
« on: January 24, 2009, 01:12:04 pm »

I'm getting a virus warning with Kaspersky (virus.win32.KME) in PackageInstaller.exe

[Edit by JimH -- From this build: ftp://ftp.jriver.com/pub/downloads/MC13/MediaCenter130112.exe ]

Vivarin

  • Regular Member
  • Recent member
  • *
  • Posts: 17
Re: Virus checker and false positives
« Reply #1 on: January 24, 2009, 01:18:04 pm »

I'm getting a virus warning also in PackageInstaller.exe.

Virus.Win32.KME
Logged

JimH

  • Administrator
  • Citizen of the Universe
  • *****
  • Posts: 72438
  • Where did I put my teeth?
Re: Virus checker and false positives
« Reply #2 on: January 24, 2009, 01:57:40 pm »

Please report that to Kaspersky.  It's a false positive.
Logged

New Vermaje

  • World Citizen
  • ***
  • Posts: 131
Re: Virus checker and false positives
« Reply #3 on: January 24, 2009, 02:44:37 pm »

My antivirus detected in the last mc13 version "Virus.Win32.KME"

What is it ?

Please analyse and fix ...

Thanks
Logged

JimH

  • Administrator
  • Citizen of the Universe
  • *****
  • Posts: 72438
  • Where did I put my teeth?
Re: Virus checker and false positives
« Reply #4 on: January 24, 2009, 03:01:11 pm »

What virus checker are you using?  Kaspersky?  ZoneAlarm?

Here's an example of a false positive:
http://linkscanner.softwaresecuritysolutions.com/knowledgeBase/kaspersky-false-positive.html
and another:
http://www.explabs.com/kb/display.asp?id=132
Logged

Alex B

  • MC Beta Team
  • Citizen of the Universe
  • *****
  • Posts: 10121
  • The Cosmic Bird
Re: Virus checker and false positives
« Reply #5 on: January 24, 2009, 04:14:52 pm »

I sent the "PackageInstaller.exe" file to Virustotal. It tests the received files with 39 antivirus programs.

The result was 2/39. Only F-Secure and Kaspersky detected "Virus.Win32.KME".

Win32.KME is an old virus. It was found 5 years ago. Here is a description: http://www.f-secure.com/v-descs/bagif.shtml (like all viruses it has several names)

EDIT

Jim, you could report the issue to F-Secure. They have an online service for reporting false positives:
http://www.f-secure.com/samples/index.html

Perhaps Kaspersky has a similar service.

Logged
The Cosmic Bird - a triple merger of galaxies: http://eso.org/public/news/eso0755

xen-uno

  • Regular Member
  • Citizen of the Universe
  • *****
  • Posts: 2489
  • Checking your hard disk for errors...
Re: Virus checker and false positives
« Reply #6 on: January 24, 2009, 04:34:48 pm »

10-4 ... paused Kaz before install this time ... smooth sailing.

rick.ca

  • Citizen of the Universe
  • *****
  • Posts: 3729
Re: Virus checker and false positives
« Reply #7 on: January 24, 2009, 05:30:39 pm »

Quote
Jim, you could report the issue to F-Secure. They have an online service for reporting false positives:
http://www.f-secure.com/samples/index.html

It appears this service is for use by F-Secure user, not the virus creator (sorry, Jim ;) ). So I've reported it. I haven't done this before, so I don't know what to expect. I'll report whatever response I get.
Logged

sirshambling

  • Regular Member
  • Galactic Citizen
  • ****
  • Posts: 379
  • real soul lives on....
Re: Virus checker and false positives
« Reply #8 on: January 25, 2009, 04:41:23 am »

I see from your link Jim that Kaspersky acknowledges that the "denial" I am getting with the launch of this build is a false positive. Even gladder to see they're working on a solution as I've just spent 30 minutes trying to get the wretched program to allow the installation without success. Does anybody know how to sort this out?? TIA. John.
Logged

gappie

  • MC Beta Team
  • Citizen of the Universe
  • *****
  • Posts: 4580
Re: Virus checker and false positives
« Reply #9 on: January 25, 2009, 06:06:47 am »

I see from your link Jim that Kaspersky acknowledges that the "denial" I am getting with the launch of this build is a false positive. Even gladder to see they're working on a solution as I've just spent 30 minutes trying to get the wretched program to allow the installation without success. Does anybody know how to sort this out?? TIA. John.
what i did when it first came up in 109.
in kasperski you can add an exe to the trusted zone. see the attachment. it did look up the event in the reports from kaspersky. its on the frontpagefrom kasperky>reports>events. now rightclick the event where mcs packageinstaller is involved and say: add to trusted zone. you get the whole the path to the packageinstaller in some temp folder. i took that part away. the result i attached to this post. it seems to have done it, no problems with downloading and installing this build.

 :)
gab
Logged

benn600

  • Citizen of the Universe
  • *****
  • Posts: 3849
  • Living: Santa Monica CA Hometown: Cedar Rapids IA
Re: Virus checker and false positives
« Reply #10 on: January 25, 2009, 10:31:18 am »

It is times like these I laugh.  I have literally almost never ran an anti-virus since starting seriously with computers 10 years ago.  I tried AVG just so I could say I've got one.  It never found anything when I ran it.  Nor do online scanners.  I don't understand where people always get these viruses.
Logged

gappie

  • MC Beta Team
  • Citizen of the Universe
  • *****
  • Posts: 4580
Re: Virus checker and false positives
« Reply #11 on: January 25, 2009, 10:51:59 am »

It is times like these I laugh.  I have literally almost never ran an anti-virus since starting seriously with computers 10 years ago.  I tried AVG just so I could say I've got one.  It never found anything when I ran it.  Nor do online scanners.  I don't understand where people always get these viruses.
nice... young and fearless.

it is the day that one hits and all 13 machines and the server are infected that you will see the light.  ;)

the question is how long it will take before you will even know that this trojan, for instance, is bombing the world with spam or watching how you just used your creditcard..

btw. its not only porn sites that are a risk. have desinfected to much computers of people who used virusscanners and were only surfing 'sience' sites.

 :)
gab
Logged

rick.ca

  • Citizen of the Universe
  • *****
  • Posts: 3729
Re: Virus checker and false positives
« Reply #12 on: January 25, 2009, 12:29:59 pm »

Quote
I have literally almost never ran an anti-virus...

Why scan when you can nuke and pave? ;D
Logged

sirshambling

  • Regular Member
  • Galactic Citizen
  • ****
  • Posts: 379
  • real soul lives on....
Re: Virus checker and false positives
« Reply #13 on: January 25, 2009, 03:16:27 pm »

Thanks gappie - most helpful.
Logged

rick.ca

  • Citizen of the Universe
  • *****
  • Posts: 3729
Re: Virus checker and false positives
« Reply #14 on: January 25, 2009, 04:42:14 pm »

Quote
I'll report whatever response I get.

Here is the F-Secure response:

Quote
The file you submitted is indeed clean. A database update will be released to resolve this issue. For the meantime, you may exclude this file from Real-time Scanning. Instructions for exclusions can be found through this link.
Logged

JimH

  • Administrator
  • Citizen of the Universe
  • *****
  • Posts: 72438
  • Where did I put my teeth?
Re: Virus checker and false positives
« Reply #15 on: January 25, 2009, 04:46:02 pm »

Thanks for sumbitting it, and for the report.
Logged

Vivarin

  • Regular Member
  • Recent member
  • *
  • Posts: 17
Re: Virus checker and false positives
« Reply #16 on: January 25, 2009, 09:52:57 pm »

For Kaspersky I had to "pause" protection to install Media Center.  Then Kaspersky flagged PackageIntaller.exe and put it in "untrusted".  To get past that I had to manually move it "trusted" and then tell Kaspersky to "add exception" for the false virus.

I'm using it right now and it's working fine with those settings.
Logged

Alex B

  • MC Beta Team
  • Citizen of the Universe
  • *****
  • Posts: 10121
  • The Cosmic Bird
Re: Virus checker and false positives
« Reply #17 on: January 26, 2009, 02:24:35 pm »

I resent the file to Virustotal. Unfortunately more programs detect it as a virus now. The result is 7/39:
http://www.virustotal.com/analisis/6eb5632515020b13f26b5dd84351445a  (I am not sure if my result link works on other PCs, but you can always resent the file.)

Maybe the other program developers are licensing Kaspersky's and F-Secure's technology or maybe they are just copying the latest changes. ZoneAlarm (which is not separately included in Virustotal) uses Kaspersky's engine, but I don't know about others.
Logged
The Cosmic Bird - a triple merger of galaxies: http://eso.org/public/news/eso0755

DarkPenguin

  • Citizen of the Universe
  • *****
  • Posts: 1921
Re: Virus checker and false positives
« Reply #18 on: January 26, 2009, 02:47:48 pm »

I resent the file to Virustotal. Unfortunately more programs detect it as a virus now. The result is 7/39:
http://www.virustotal.com/analisis/6eb5632515020b13f26b5dd84351445a  (I am not sure if my result link works on other PCs, but you can always resent the file.)

Maybe the other program developers are licensing Kaspersky's and F-Secure's technology or maybe they are just copying the latest changes. ZoneAlarm (which is not separately included in Virustotal) uses Kaspersky's engine, but I don't know about others.
I believe both are licensed by quite a number of AV vendors.
Logged

JimH

  • Administrator
  • Citizen of the Universe
  • *****
  • Posts: 72438
  • Where did I put my teeth?
Re: Virus checker and false positives
« Reply #19 on: January 26, 2009, 02:58:01 pm »

Here's a quote from the Wikipedia article on Kaspersky Lab:
Quote
Kaspersky Anti-Virus engine also powers products or solutions by other security vendors, such as Check Point, Bluecoat, Juniper Networks, Sybari (now acquired by Microsoft), Netintelligence, GFI Software, F-Secure, Borderware, FrontBridge, G-Data, Netasq, and others. Altogether, more than 120 companies are licensing technology from Kaspersky, which makes it one of the most widely used antivirus engines in the industry.
Logged

Alex B

  • MC Beta Team
  • Citizen of the Universe
  • *****
  • Posts: 10121
  • The Cosmic Bird
Re: Virus checker and false positives
« Reply #20 on: January 26, 2009, 03:01:58 pm »

I wonder if anyone has actually reported the false positive to Kaspersky.

They provide instructions here: http://forum.kaspersky.com/index.php?showtopic=13881&st=0&p=655042&#entry655042

I think someone from JRiver could post a report. It would actually be quite odd if the program developers could not do that when their program is falsely detected.
Logged
The Cosmic Bird - a triple merger of galaxies: http://eso.org/public/news/eso0755

lalittle

  • MC Beta Team
  • Citizen of the Universe
  • *****
  • Posts: 3964
Re: Virus checker and false positives in MediaCenter130112.exe
« Reply #21 on: January 26, 2009, 04:53:55 pm »

Just to add to this, ZoneAlarm Security Suite (version 7.x), which uses the Kaspersky engine, finds Virus.Win32.KME in the "packageinstaller.exe" file as well.  I reported the issue to ZoneAlarm.

Larry
Logged

benn600

  • Citizen of the Universe
  • *****
  • Posts: 3849
  • Living: Santa Monica CA Hometown: Cedar Rapids IA
Re: Virus checker and false positives in MediaCenter130112.exe
« Reply #22 on: January 26, 2009, 05:29:52 pm »

Viruses don't seem to find a way onto my computer while using Firefox.  Especially if downloaded apps are limited and carefully examined before used.
Logged

morten vorgod

  • Guest
Re: Virus checker and false positives
« Reply #23 on: January 27, 2009, 03:06:51 am »

Here is the F-Secure response:



Thank you! that issue was getting really annoying  :)
Logged
Pages: [1]   Go Up