Latest updates give medium warning for unins000.exe

[JRosenfeld]

I have Runalyzer, Regalyzer and Filealyzer from Safer Networking (home of
Spybot) on my PC.

With the lates update 1.14.1841.7 the quick scan flagged all three of their
unins000.exe (uninstall) files together with the corresponding reg keys in
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall.

C:\Program Files\Safer Networking\FileAlyzer\unins000.exe
C:\Program Files\Safer Networking\RegAlyzer\unins000.exe
C:\Program Files\Safer Networking\RunAlyzer\unins000.exe

"potentially unwanted software, Medium Alert!!

What's not to like about those uninstall exe files????

I've told it to always allow.

 

[Bill Sanderson MVP]

Thanks for posting this in good detail. This looks like a false
positive--such things can happen--possibly a malware author used the same
installer package that the safer networking folks did... At any rate, I'd
expect it to be taken care of quickly

 

[Guest]

I have Runalyzer, Regalyzer and Filealyzer from Safer Networking (home of
Spybot) on my PC.

With the lates update 1.14.1841.7 the quick scan flagged all three of their
unins000.exe (uninstall) files together with the corresponding reg keys in
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall.

C:\Program Files\Safer Networking\FileAlyzer\unins000.exe
C:\Program Files\Safer Networking\RegAlyzer\unins000.exe
C:\Program Files\Safer Networking\RunAlyzer\unins000.exe

"potentially unwanted software, Medium Alert!!

What's not to like about those uninstall exe files????

I've told it to always allow.

 

[Guest]

Thanks for posting this in good detail. This looks like a false
positive--such things can happen--possibly a malware author used the same
installer package that the safer networking folks did... At any rate, I'd
expect it to be taken care of quickly

--




My is showing the following as winsoftware.winantispyware:

C:\Program Files\ProcessGuard\unins000.exe

uninstall:
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\DiamondCS
ProcessGuard_is1

regkey:
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\DiamondCS
ProcessGuard_is1

 

[Guest]

getting the same thing with X-Lite 3.0

c:\program files\counterpath\x-lite\unins000.exe

Thanks

Neil

 

[Guest]

I get the same reults with the uninstaller for 2BrightSparks DeleteOnClick.

 

[Guest]

Hello clou,

I got the same results with Port Explorer version 2.110 using 1.14.1837.5
definition file. I reported this as a FP.

Resources:
process:
pid:2164

process:
pid:3632

file:
C:\Program Files\Port Explorer\unins000.exe

file:
C:\Documents and Settings\\Local Settings\Temp\_iu14D2N.tmp

I uninstalled the the Port Explorer version 2.110 and upgraded to Port
Explorer version 2.150 in my XP Pro system and using the latest 1.14.1841.7
definition file and I didn't get any FP flags.

However if you are running Vista and have Port Explorer version 2.150
installed when you run IE 7 in Vista, IE7 will not connect on any website.

If you uninstalled Port Explorer 2.150, the problem on IE7 to connect to any
website is solved.

This FP flag has also has been reported.

Regards,
Hardhead

 

[Guest]

I stand to be corrected as Defender just ran a scan and it flaged the same as
before.

Resources:
regkey:
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\DiamondCS Port
Explorer_is1

uninstall:
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\DiamondCS Port
Explorer_is1

file:
C:\Program Files\Port Explorer\unins000.exe

 

[Donna Buenaventura MVP]

It is sure false positive and let's hope for new definitions soon to fix
this

Donna

 

[Guest]

Port Explorer is not showing up now because there has been a new definiton
and engine update. :~)

Windows Defender Version: 1.1.1593.0
Engine Version: 1.1.1804.0
Definition Version: 1.14.1843.4

 

[Bill Sanderson MVP]

Thanks, everyone: I've had something clarified for me:

http://www.microsoft.com/athome/security/spyware/software/isv/fpform.aspx

EVERYONE is encouraged to use the false positive report form at the above
URL--it isn't just for vendors. Additionally, I see that it has been
enhanced since last I looked at it to enable submission of files, which is
useful.


--

 

[Bill Sanderson MVP]

I see that Engel has posted a new definition update--can those in this
thread confirm whether this update has changed the detection?

--

 

[Guest]

I see that Engel has posted a new definition update--can those in this
thread confirm whether this update has changed the detection?

--



I just downloaded the latest signatures 1.14.1843.4 and ran a full scan. My scan was 100% clean. My FP appears to have been fixed by this latest release.
clou

 

[Bill Sanderson MVP]

Thanks!