Jump to content
Sign in to follow this  
Guest Guest_Joe_*

New optimize has malware?

Recommended Posts

Guest Guest_Joe_*

I went to download the most recent Optimize and my Prevx1 program allerted me to not download this and put it in it's jail, saying it had known malware in it.

 

Here's the report description:

 

 

 

OPTIMIZE-SETUP-0003[1].EXE

Determination: Bad

OPTIMIZE-SETUP-0003[1].EXE

AUTOMATED MALWARE PROFILE, ANALYSIS, REMOVAL AND SIGNATURE INFORMATION:

DEFINITION OF: OPTIMIZE-SETUP-0003[1].EXE

 

* Safety Rating: Known Adware, do not run

* Adware Family: Part of Adware group - Adware IstBar

* Determination: Automatically determined using Prevx1 centralized heuristics

* Malware Form: EXPLOIT

* Protection: Prevx1 is a very powerful PC security product, it will protect, disinfect, cleanup and remove OPTIMIZE-SETUP-0003[1].EXE and safeguard your PC against viruses, trojans, worms, spyware, rootkits and adware

* New Users: You can download the full Prevx1 product and use it to cleanup and remove OPTIMIZE-SETUP-0003[1].EXE and other infections free of charge, then leave it to monitor your PC for other infections

* First seen: Oct 30 2006 (GMT)

* Last seen: Today (GMT)

* File Size: 893,224 bytes

 

MALWARE ASSESSMENT: PREVX 4 AXES OF EVIL METHODOLOGY

1. COVERT ANALYSIS OF: OPTIMIZE-SETUP-0003[1].EXE

 

* File Names Used: 3

* Paths Used: 2

* Common File Name: OPTIMIZE-SETUP-0003[1].EXE

* Common Path: %CACHE%\CONTENT.IE5\????????\

* Vendor Information: PC Pitstop LLC

* OPTIMIZE-SETUP-0003[1].EXE may use 3 or more path and file names, these are the most common:

* 1 :%CACHE%\CONTENT.IE5\????????\OPTIMIZE-1_5_10_0[1].EXE

* 2 :%temp%\pcp\OPTSETUP0.EXE

* File Name Structure: Common

* File and Path Structure: Normal

 

2. RELATIONSHIP ANALYSIS OF: OPTIMIZE-SETUP-0003[1].EXE

 

* No relationship details available for this object

 

3. ACTIVITY ANALYSIS OF: OPTIMIZE-SETUP-0003[1].EXE

 

* No activity has yet been observed for this object

 

4. PROPAGATION ANALYSIS OF: OPTIMIZE-SETUP-0003[1].EXE

 

* Malware Group Propagation Rate: Epidemic levels

* Malware Group: Adware IstBar

* Copyright Prevx Limited 2005, 2006

 

 

So what's up with that??

 

Thanks

Share this post


Link to post
Share on other sites

:wp:

 

I'm calling in the developer on this one, but it looks like a case of mistaken identity.

 

Where are you getting the file OPTIMIZE-SETUP-0003[1].EXE?

 

I cannot find a link to that file on our website. All I can find is optimize-setup.exe.

 

Our setup file does not contain Malware Group: Adware IstBar. Doesn't make a lot of sense to me.

 

Are you actually downloading a file with the same name as the Prevx file, or are they doing a partial match?

 

Thank you for bringing this to our attention and for any additonal information you can share.

Share this post


Link to post
Share on other sites
Guest Guest

I have Optimize and I clicked the check for latest version. It dowloaded and just before it loaded Prevx1 came up with the warning Malware has been detected in this known program. I clicked the Details button and under Description was the previous cut and paste I did.

 

Under Files and Paths tab was this:

 

This entity has been seen with these Vendor identities:-

Vendor PCsSeen FirstSeen LastSeen

PC Pitstop LLC 1 Oct 30 20:47:56 Oct 30 20:47:56

These are the names by which this program has been known:-

File PCs Seen

OPTSETUP2.EXE 1

OPTIMIZE-1_5_10_0[1].EXE 1

OPTIMIZE-SETUP-0003[1].EXE 1

OPTSETUP1.EXE 1

OPTSETUP0.EXE 1

This program has been seen in the following folders:-

Path

%CACHE%\CONTENT.IE5\????????\

%temp%\pcp\

 

Copyright Prevx Ltd

Page Generated on Oct 30, 2006 23:33

 

 

 

 

And under Statistics it says this:

 

Statistics about this program:-

Determination: Bad

 

Group Name: Adware.IstBar Group Info: JE 8/9/2005

File Size: 893224 bytes

First Seen: Oct 30 20:47:56 Last Seen: Oct 30 20:47:56

Seen as Actor: 1 Seen as Victim: 1

PCs Seen: 1

 

 

This is all I got guys sorry.

 

Thanks for the quick help though!!

Share this post


Link to post
Share on other sites

Thank you for the additional information. We will certainly check out the link for the "Check for latest version" button.

 

It sure looks like there are a lot of file names very similar to our optimize-setup.exe!

 

I'm wondering if this is a result of their heuristics seeing a particular pattern and recognizing it as something else.

Share this post


Link to post
Share on other sites

It probably doesn't like the naming convention, which is funny because that's what Windows/IE does when there are duplicate file names in the the "Temp" folder. It will append [1], [2], [3] to the end of the file. I will try to contact the company to let them know all is good, but I can make no guarantees.

 

I can assure you, we have no malware or spyware in our products.

Share this post


Link to post
Share on other sites
Guest Guest

I agree Neo, they probably wouldn't, but if I didn't point it out someone else was. At least now they can try to resolve the issue right?

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×
×
  • Create New...