J
Jones16
Defender recently caught the following: Program:Win32/PowerRegScheduler.
Is this something to be concerned about?
Thanks.
Steven Wintonick
Is this something to be concerned about?
Thanks.
Steven Wintonick
T
Tim Clark
Hi Steve.
First, please try to limit your self to one post per problem/topic/subject.
It's kinda hard to help if your post are all over the place on the same
thing, thanks.
I also got the same detection you got after I ran a full scan after Monday's
definition update. It is in a file that has been on my system for years,
even longer than defender. It was detected in a file which I think is a
"phone home" type program when you register an application. In my case it was
found in Myst III/Exile. Do you have that or another Myst/Ubisoft/Cyan game ?
I believe that this is a false positive and have reported it to MS [actually
twice, because I don't think the first one went through]. I do not know if I
submitted it early enough to make tomorrows expected definition update
[assuming that it is a false positive]. It was rated as medium by WD, and
even if they don't think it's a false positive I think, in my case it's
harmless. Remember, what constitutes Spyware/Adware is up to some
interpretation. To some folks, ANY software that phones home is malware. I
don't think it always is, but that is just me.
So, since you and I both got the detection after Monday's update, and never
had it before that, and in my case the file has been on my machine for years,
and None of my other security programs has Ever had a problem with it either,
I am inclined to think false positive and wait it out to see if it is still
seen after tomorrow's or next Monday's update. But that's just me, your
mileage may vary.
What is the name of the file that the detection was found in, in my case it
was in a file called UBI1.exe, which, as I said, came with my Myst III game,
years ago?
By the way, if this is a FP, it is the first one I have ever received from
WD, not bad really.
Tim
First, please try to limit your self to one post per problem/topic/subject.
It's kinda hard to help if your post are all over the place on the same
thing, thanks.
I also got the same detection you got after I ran a full scan after Monday's
definition update. It is in a file that has been on my system for years,
even longer than defender. It was detected in a file which I think is a
"phone home" type program when you register an application. In my case it was
found in Myst III/Exile. Do you have that or another Myst/Ubisoft/Cyan game ?
I believe that this is a false positive and have reported it to MS [actually
twice, because I don't think the first one went through]. I do not know if I
submitted it early enough to make tomorrows expected definition update
[assuming that it is a false positive]. It was rated as medium by WD, and
even if they don't think it's a false positive I think, in my case it's
harmless. Remember, what constitutes Spyware/Adware is up to some
interpretation. To some folks, ANY software that phones home is malware. I
don't think it always is, but that is just me.
So, since you and I both got the detection after Monday's update, and never
had it before that, and in my case the file has been on my machine for years,
and None of my other security programs has Ever had a problem with it either,
I am inclined to think false positive and wait it out to see if it is still
seen after tomorrow's or next Monday's update. But that's just me, your
mileage may vary.
What is the name of the file that the detection was found in, in my case it
was in a file called UBI1.exe, which, as I said, came with my Myst III game,
years ago?
By the way, if this is a FP, it is the first one I have ever received from
WD, not bad really.
Tim
J
Jones16
Sorry for the multiple posts.
Thanks for the info.
Steven Wintonick
Thanks for the info.
Steven Wintonick
Tim Clark said:
T
Tim Clark
Well,
It appears that MS WD and I will have to agree to disagree.
According to the automated email reply I got to my FP submission it appears
that WD will continue to flag the file in question.
http://pastebin.com/7pYGK1CM
And I have just run today's update of WD and the detection is still there.
For those who may be also suddenly getting this detection its description
from MS is as follows:
=======
Summary
PowerRegScheduler is a product registration system used by some legitimate
software programs. It collects demographic data for vendors who use
PowerRegScheduler as a product registration reminder. PowerRegScheduler
collects data such as your name, address, e-mail, place of purchase, product
serial number, etc. This data is transmitted to PowerRegScheduler servers and
is then made available to the manufacturer of the purchased product.
....
PowerRegScheduler may remain on the computer after the product registration
task has been completed.
=======
As I know what the file is, and why it is there, and it is not autorunning I
intend to leave it.
Others should follow their own good judgment.
Though I am surprised that this has Suddenly happened when I have had the
file on my machine since 2005 and run a Full System Scan with WD Every time
it updates.
Yet the record for this detection states:
Program:Win32/PowerRegScheduler
Antimalware protection details
Microsoft recommends that you download the latest definitions to get
protected.
Detection last updated: Definition: 1.69.152.0 Released: Oct 26, 2009
Detection initially created: Definition: 1.45.287.0 Released: Oct 07, 2008
Oh well, one FP [in my opinion not theirs] in all this time is not bad at all.
Long live WD
Tim
It appears that MS WD and I will have to agree to disagree.
According to the automated email reply I got to my FP submission it appears
that WD will continue to flag the file in question.
http://pastebin.com/7pYGK1CM
And I have just run today's update of WD and the detection is still there.
For those who may be also suddenly getting this detection its description
from MS is as follows:
=======
Summary
PowerRegScheduler is a product registration system used by some legitimate
software programs. It collects demographic data for vendors who use
PowerRegScheduler as a product registration reminder. PowerRegScheduler
collects data such as your name, address, e-mail, place of purchase, product
serial number, etc. This data is transmitted to PowerRegScheduler servers and
is then made available to the manufacturer of the purchased product.
....
PowerRegScheduler may remain on the computer after the product registration
task has been completed.
=======
As I know what the file is, and why it is there, and it is not autorunning I
intend to leave it.
Others should follow their own good judgment.
Though I am surprised that this has Suddenly happened when I have had the
file on my machine since 2005 and run a Full System Scan with WD Every time
it updates.
Yet the record for this detection states:
Program:Win32/PowerRegScheduler
Antimalware protection details
Microsoft recommends that you download the latest definitions to get
protected.
Detection last updated: Definition: 1.69.152.0 Released: Oct 26, 2009
Detection initially created: Definition: 1.45.287.0 Released: Oct 07, 2008
Oh well, one FP [in my opinion not theirs] in all this time is not bad at all.
Long live WD
Tim
T
Tom Emmelot
Hello Tim,
Love Myst, got them all!
Kind regards,
Op 4-3-2010 4:08, Tim Clark schreef:
Love Myst, got them all!
Kind regards,
Op 4-3-2010 4:08, Tim Clark schreef:
B
Bill Sanderson
Perhaps they updated the detection to cover new versions--thus catching
yours?
I agree with your sentiments about leaving the program alone. This is
basically an effort to encourage the vendors involved to adhere to
appropriate standards--users with questions should complain to the vendors
of the games or whatever, and maybe they'll improve the situation.
I've never tried submitting spyware apps to virustotal--it might be
interesting to see what other vendors have to say about this
file--www.virustotal.com
yours?
I agree with your sentiments about leaving the program alone. This is
basically an effort to encourage the vendors involved to adhere to
appropriate standards--users with questions should complain to the vendors
of the games or whatever, and maybe they'll improve the situation.
I've never tried submitting spyware apps to virustotal--it might be
interesting to see what other vendors have to say about this
file--www.virustotal.com
Tim Clark said:
J
Jerry Martin
Hello:
If you're interested in using the services of Virus Total, they offer a free
utility called VirusTotal Uploader that adds the ability to directly send
files from your system using the context menu. See:
http://www.virustotal.com/metodos.html .
Cheers,
Jerry
If you're interested in using the services of Virus Total, they offer a free
utility called VirusTotal Uploader that adds the ability to directly send
files from your system using the context menu. See:
http://www.virustotal.com/metodos.html .
Cheers,
Jerry
B
Bill Sanderson
Thanks - in the course of a week, I usually dig a little deeper into maybe
half-a-dozen or so spam emails that I see. If they are live Phishes, I
report them using IE8's safescreen filter. If they involve viral
attachments or hosted files, I check the files with MSE, and, if not caught,
via Virustotal, and then submit the results and the file to Microsoft via
the security Portal.
So--this uploader will get some use.
half-a-dozen or so spam emails that I see. If they are live Phishes, I
report them using IE8's safescreen filter. If they involve viral
attachments or hosted files, I check the files with MSE, and, if not caught,
via Virustotal, and then submit the results and the file to Microsoft via
the security Portal.
So--this uploader will get some use.