Author Topic: File in the latest two PL releases flagged as malware by Avira Anti Virus  (Read 13951 times)

Offline cdysthe

  • New
  • *
  • Posts: 4
A file in the latest two Process Lasso releases are being flagged as malware by Avira Anti Virus. The file in question is: "srvstub.exe". I have submitted it as false positive to Avira, but would like to know why it may be flagged and removed making PL unusable right now. There's also a possibility this file doesn't belong to PL and really is a virus, but I do not think so.

Update: Two AVs has this file as malware when checking it at VirusTotal. This is what Avira says:

AntiVir   7.8.1.34   2008.09.23   ADSPY/AdSpy.Gen

//C
« Last Edit: September 23, 2008, 09:50:25 AM by cdysthe »

Offline Jeremy Collake

  • Administrator
  • Member#
  • *****
  • Posts: 5414
  • Gender: Male
  • The Lasso
    • Bitsum
Re: File in the latest two PL releases flagged as malware by Avira Anti Virus
« Reply #1 on: September 23, 2008, 12:42:55 PM »
I've already reported and resolved this issue to them last week. It was supposed to have been resolved, do you have the latest signature update and are still seeing it?

srvstub.exe is a non-critical part of Process Lasso. It is what is used to allow ProcessGovernor.exe to run as a system service, when configured to run as one. It is actually part of my MakeService utility.

I suppose I could remove srvstub.exe, or notify uses that it a false alarm will occur. These problems are a real mess. srvstub.exe isn't compressed or anything, so there's no good reason they should be false alarming on it.
Software Engineer. Bitsum LLC.

Offline cdysthe

  • New
  • *
  • Posts: 4
Re: File in the latest two PL releases flagged as malware by Avira Anti Virus
« Reply #2 on: September 23, 2008, 03:40:52 PM »
I've already reported and resolved this issue to them last week. It was supposed to have been resolved, do you have the latest signature update and are still seeing it?

srvstub.exe is a non-critical part of Process Lasso. It is what is used to allow ProcessGovernor.exe to run as a system service, when configured to run as one. It is actually part of my MakeService utility.

I suppose I could remove srvstub.exe, or notify uses that it a false alarm will occur. These problems are a real mess. srvstub.exe isn't compressed or anything, so there's no good reason they should be false alarming on it.


Update: It's sorted out in today's update from Avira.
« Last Edit: September 24, 2008, 07:25:24 AM by cdysthe »

Offline Jill

  • Basic
  • **
  • Posts: 14
Re: File in the latest two PL releases flagged as malware by Avira Anti Virus
« Reply #3 on: September 24, 2008, 06:46:37 PM »
Yep, they removed the detection when I sent it them, but then suddenly creeped back in.

I contacted them on 23 September and they now have finally removed them AGAIN. ;D

http://analysis.avira.com/samples/details.php?uniqueid=Z7tfNWOmxrxQskXR2G4vn8TY3bWzp1I1&incidentid=206302

Offline Jeremy Collake

  • Administrator
  • Member#
  • *****
  • Posts: 5414
  • Gender: Male
  • The Lasso
    • Bitsum
Re: File in the latest two PL releases flagged as malware by Avira Anti Virus
« Reply #4 on: September 25, 2008, 09:00:42 AM »
Sigh. I've ranted enough about the false alarm problems of the anti-malware industry, so I'll spare everyone another rant.

In the meantime, I removed service support from the free build. It is a seldom used feature, and one that I don't recommend for most people. The ones that do need to run the core engine as a service probably should donate $1 to get the Pro version ;). This move may backfire.. I kind of made the change stand-out in the install, when the user picks the startup type. I may have some angry people ranting in comments and such on download sites....

Software Engineer. Bitsum LLC.

Offline mgoodwin

  • New
  • *
  • Posts: 1
Hi,

I'm running Process Lasso 3.10.3 and have just updated Avira Antivirus and srvstub.exe is still/again being detected as ADSPY/AdSpy.Gen  :'(. I guess this issue is here to stay…

Thanks for the great program!

Offline Hotrod

  • Member++
  • ****
  • Posts: 265
  • Gender: Male
On 1 of my 6 pc's, Spybot Search & Destroy flagged PL as Zango and deleted the main exe. The other 5 never saw this. I re-downloaded PL and re-installed and have had no further issues. This was about 2 or 3 days ago. Go figure.  ???

Offline Jeremy Collake

  • Administrator
  • Member#
  • *****
  • Posts: 5414
  • Gender: Male
  • The Lasso
    • Bitsum
On 1 of my 6 pc's, Spybot Search & Destroy flagged PL as Zango and deleted the main exe. The other 5 never saw this. I re-downloaded PL and re-installed and have had no further issues. This was about 2 or 3 days ago. Go figure.  ???

They probably had some really large problem with their signature update and Process Lasso wasn't the only victim. That would explain why they apparently fixed it quickly.

I don't even know what to say about these false alarms anymore. Process Lasso is kept uncompressed, unprotected, and as 'vanilla' as a program can get in an effort to avoid false alarms. Many programs aren't as lucky as Process Lasso.

So many software vendors are paying the price for the negligence of the anti-malware industry. The anti-malware industry as a whole simply does not try hard enough to avoid false alarms.

I wish someone would bring this continuing industry problem to the attention of everyone with a major media article. Every time I try I just seem self-serving because of my executable compressor, PECompact.
Software Engineer. Bitsum LLC.