in

eEye Digital Security

The endpoint to vulnerability starts here.

 
eEye Digital Security » Blink Forums » Archives » Blink 4.0 Feedback » for the non-savvy

for the non-savvy

Last post 03-30-2008 7:03 PM by Brent. 4 replies.
Page 1 of 1 (5 items)
Sort Posts: Previous Next

  • 03-30-2008 6:25 AM

    • Free
    • Top 25 Contributor
    • Joined on 03-30-2008
    • Posts 25

    for the non-savvy

    Reply Contact

    Is it possible to get a list of which of these programs (like wininit.exe) I should allow, along with how often? And I also wonder is the md5 checked against the md5 somewhere else? Like on the eeye servers?

     Other than that, I do have a malware scan result that seemed odd -

    Event ID: BLINK-MAL-205
     Severity: High
     Description: Blink has found a malware application
     Virus found: W32/Suspicious_T.gen
     Item found: C:\Program Files\Common Files\AVSMedia\AVS DVDMenu Editor\AVSDVDMenuEditor.exe
     Action: Repair
     Alert: Yes
     Name: W32/Suspicious_T.gen
     Second Action: Quarantine
     Category:

    Security risk

    Yes, I do multimedia work ...

  • 03-30-2008 11:51 AM In reply to

    Re: for the non-savvy

    Reply Contact

    Hmmm interesting, well I checked the process with this website just for the heck of it:  http://www.processlibrary.com/directory/


    Nothing from that website on it, but then again this is a application's executable not system process ...

     

    Just to make sure that it is a false-positive I would do the following.

    1.  Go to the location on your hard drive  (C:\Program Files\Common Files\AVSMedia\AVS DVDMenu Editor\AVSDVDMenuEditor.exe)

    2.  Copy the AVSDVDMenuEditor.exe fle and put it in a zipped file password protected with "infected".

    3.  Attach it to an email and send it to malware@eeye.com.  Be sure to include the above alert you posted and refer to this post you made so they can post a response here if they want to with the results.

    - I would also CC:  lnicula@eeye.com on your email.  He is the Blink Team Lead and answers a lot of the posts in here concerning such items...he is very helpful. 

         Once someone is able to look at it, someone should be able to confirm that is a false-positive or not and be able to make sure it is excluded in future Norman AV signatures from Blink. 

         If you honestly know this is a ligitament program then go into Blink's AV quarantine log, right click on the item that it Quarantined and you should be able to "trust" or exclude it from future scans for the time being until you get a definite answer.  Hope this helps you.

     

     

     

     

     

  • 03-30-2008 1:11 PM In reply to

    • Free
    • Top 25 Contributor
    • Joined on 03-30-2008
    • Posts 25

    Re: for the non-savvy

    Reply Contact

    I know the program is legitimate, I downloaded, installed, and paid for this program suite. I did email the tech support for the program and asked them to check and see if the installer was infected, and to make sure this was not 'intentional" - oh and can I just send the quarantined item or do I have to reinstall the application?

    Thanks for this information and the tips you posted in reply to my request at your post!

  • 03-30-2008 1:17 PM In reply to

    Re: for the non-savvy

    Reply Contact

    It probably just needs eEye to send off a notice then to Norman so the AV components can be updated properly then to not flag it. 

  • 03-30-2008 7:03 PM In reply to

    Re: for the non-savvy

    Reply Contact

    I will agree its probably a false positive - Probably some wierd hook the program uses deep into the system that BLINK does not like - becase BLINK really not not like things messing with the system at all.....

     But I guess thats what real security is all about.....

    BLINK - its like titanium underpants ...

     

     
Page 1 of 1 (5 items)
© 1995 - 2009 eEye Incorporated