Goddammit - It's Kaspersky again...
Friday, May 23. 2008
Kaspersky does again believe to find the virus 'Trojan-PSW.Win32.WOW.bai' in the latest MobMapUpdater.exe :( And it's again the only scanner engine that finds it (the other ones, like the G-Data scanner or F-Secure, use the Kaspersky engine, so they suffer from the same false alarms).
Seems that history is repeating, just with the new version of the MobMapUpdater. I've already sent the new version to Kaspersky for manual analysis.
Seems that I have to do this for every single update of the MobMapUpdater now, just so Kaspersky can assure themselves that I don't put viruses into my software...
[update] There we got it - at least they do respond quite fast:
I just hope they'll update their definitions soon, it makes me mad to know that potentially thousands of users might get upset by this false alarm again.
[update 2] Okay, the web-based scanner from Kaspersky does not detect the "virus" anymore, so it seems that they've updated their definition files. But now AntiVir thinks that there's a virus...man, I'm starting to really hate this anti-virus shit...
[update 3] The request to AntiVir for a manual check and a fix is out, I hope they're as quick as Kaspersky with checking and responding.
[update 4] AntiVir unfortunately hasn't answered yet, but Fortinet has sent this:
So well, one less on my list :)
[update 5] AntiVir seems to need quite some time to respond to my inquiry, the file I uploaded is still being marked as "in progress" in their tracking system. That's especially bad because many users use the free AntiVir Personal Classic Edition, so I get quite some amount of mails regarding this whole subject.
But at least Fortinet and all Kaspersky-based virus scanners have rolled out their new definitions which do not classify my updater as malware anymore. There's still a scanner from a company called "Quick Heal" which raises false alarm, but they've been contacted already yesterday, so that will hopefully be fixed soon, too. And then there's the Webwasher Gateway, which doesn't seem to have an own virus lab, but uses several anti-virus detection engines from other companies, so I suspect this scanner uses either the Quick Heal engine or the AntiVir engine, which means this problem will be solved as soon as those scanners get updated definition files. And then there's Prevx, for which I haven't found an address to send stuff for manual verification yet.
Seems that history is repeating, just with the new version of the MobMapUpdater. I've already sent the new version to Kaspersky for manual analysis.
Seems that I have to do this for every single update of the MobMapUpdater now, just so Kaspersky can assure themselves that I don't put viruses into my software...
[update] There we got it - at least they do respond quite fast:
Hello,
MobMapUpdater.exe
We are sorry, it is false alarm. It will be fixed as soon as possible. Thank you for your help.
Please quote all when answering.
--
Best regards, Andrey Ladikov
Virus analyst, Kaspersky Lab.
e-mail: newvirus@kaspersky.com
http://www.kaspersky.com/
I just hope they'll update their definitions soon, it makes me mad to know that potentially thousands of users might get upset by this false alarm again.
[update 2] Okay, the web-based scanner from Kaspersky does not detect the "virus" anymore, so it seems that they've updated their definition files. But now AntiVir thinks that there's a virus...man, I'm starting to really hate this anti-virus shit...
[update 3] The request to AntiVir for a manual check and a fix is out, I hope they're as quick as Kaspersky with checking and responding.
[update 4] AntiVir unfortunately hasn't answered yet, but Fortinet has sent this:
Dear Rene Schneider,
Detection to your submission "MobMapUpdater.exe" will be removed in our next AV update.
Best Regards,
AV Lab - Bernard
So well, one less on my list :)
[update 5] AntiVir seems to need quite some time to respond to my inquiry, the file I uploaded is still being marked as "in progress" in their tracking system. That's especially bad because many users use the free AntiVir Personal Classic Edition, so I get quite some amount of mails regarding this whole subject.
But at least Fortinet and all Kaspersky-based virus scanners have rolled out their new definitions which do not classify my updater as malware anymore. There's still a scanner from a company called "Quick Heal" which raises false alarm, but they've been contacted already yesterday, so that will hopefully be fixed soon, too. And then there's the Webwasher Gateway, which doesn't seem to have an own virus lab, but uses several anti-virus detection engines from other companies, so I suspect this scanner uses either the Quick Heal engine or the AntiVir engine, which means this problem will be solved as soon as those scanners get updated definition files. And then there's Prevx, for which I haven't found an address to send stuff for manual verification yet.
