Bitdefender Av 10 Fp--spywareblaster.exe?

JTMBDF
JTMBDF
in False positive reporting

PC been off for couple days, booted up last and with the latest BitDefender AV 10 updates, BD's Real-Time Protection removing spywareblaster.exe (v4.1):


spywareblaster.exe infected with Trojan.Agent.AIZM

Comments

  • alexcrist
    alexcrist

    Please attach the suspected files, or a link to the installation kit. (if you post a link, please write it in a TXT file, and attach that file. Please DON't write the link directly into your post).


    Cris.

  • JTMBDF
    JTMBDF
    Please attach the suspected files, or a link to the installation kit. (if you post a link, please write it in a TXT file, and attach that file. Please DON't write the link directly into your post).


    Cris.


    Ahh ... that brings up another point I forgot to include in my first post.


    Cannot send the file since BD will delete the file from my system (does not put in Quarantine) without asking. I'm using the Default AV Shield settings (none set to "Delete file"):


    Action to take when an infected file is found


    First Action: Disinfect File


    Second action: Deny access and continue


    Action to take when an suspect file is found


    First Action: Deny access and continue


    Second action: Deny access and continue


    However before posting, I tried a fresh download of SpywareBlaster 4.1 from download.com at:


    'http://www.download.com/SpywareBlaster/3000-8022_4-10196637.html


    Disabled Real-Time Protection and Antispyware to install. Shortly after enabling Real-Time Protection and Antispyware, will get BD pop-up saying "spywareblaster.exe infected with Trojan.Agent.AIZM" and BD will delete the file from system. When I go to "Events" and there's a "Critical", "Infected file detected" entry, double-click on the entry provides the same info as the pop-up but does not note anything about deleting the file.


    Why is BD deleting the file from system without asking?


    I also checked all the settings for the different System Scans and none them have the "Delete file" setting. They're either "Deny access and continue" or "Move to Quarantine"


    Thanks,


    Jon

  • 3dziggy
    3dziggy

    Hi, I'm having similar problems with spywareblaster ,on this pc bitdefender comes up with the same message about trojan.agent.AIMZ


    disinfection failed, spywareBlaster moved


    I'll post the logfile with it..


    maybe best to uninstall and get rid of spywareblaster, and use another?


    any ideas?


    Ziggy


    /applications/core/interface/file/attachment.php?id=2329" data-fileid="2329" rel="">BD_208_06_29_001__1214694002.log

  • JTMBDF
    JTMBDF
    ... maybe best to uninstall and get rid of spywareblaster, and use another?


    any ideas? ...


    Not SpywareBlaster's fault its just another FP by BD. <_<


    Not aware of any other utility exactly like SpywareBlaster -- there are other programs (e.g., Spybot S&D) that provide similar features of SpywareBlaster.

  • Diazruanova
    Diazruanova

    Same problem here, it is definitely a FP, please fix it since spywareblaster is a very recognized and safe program with very good reputation. <_<

  • hiroalbertson@yahoo.co.jp
    hiroalbertson@yahoo.co.jp
    PC been off for couple days, booted up last and with the latest BitDefender AV 10 updates, BD's Real-Time Protection removing spywareblaster.exe (v4.1):


    spywareblaster.exe infected with Trojan.Agent.AIZM


    Right, I have been using spywareblaster for many years and know it is fully reliable apps. I have submitted this issue to Contact US. As Microsoft also recognized it that Windows Defender detected it as trojan and they immediately updated its signature file so WD users have no more issue. Please revise BD definition file to move it whitelist asap.


    thanks

  • kerolbitdefender
    kerolbitdefender

    Hi,


    Definitely same problem here.


    I tried download spywareblaster from many source. All the same alarm - infected by Trojan.


    So, I suppose the upcoming update will rectify this problem?


    Spywareblaster is a very good program. I feel something missing not having it installed.

  • Paddy
    Paddy

    I woke up this morning to find that BitDefender had deleted the main exe of this program during a scheduled, claiming that it was a trojan. The details:


    File Detected/Deleted: C:\Program Files\SpywareBlaster\spywareblaster.exe


    Detection Name: Trojan.Agent.AIZM


    You can download the program and check it out for yourselves:


    http://www.javacoolsoftware.com/sbdownload.html


    It's most definitely a False Positive.

  • Greatbigmouth
    Greatbigmouth
    edited June 2008

    Hi there,


    Yesterday BitDefender picked up the file "SpywareBlaster.exe" as a Trojan.Agent.AIZM in C:\Program Files\SpywareBlaster\Spywareblaster.exe


    SpywareBlaster is a legitimate security program. After the initial detection, I was unable to even access it and had to uninstall completely. Why did BitDefender pick this file up as a trojan?

  • dfn123
    dfn123

    >>> spywareblaster.exe infected with Trojan.Agent.AIZM


    hmmm... BD never detected it before!?!


    Who do we contact to report this as a problem?

  • alexcrist
    alexcrist

    Hello everyone,


    The problem is already reported and the fix should be released in one of the next updates.


    Cris.

  • alexcrist
    alexcrist

    Detection was removed. Thanks to everyone for reporting it. :)


    Cris.

  • Diazruanova
    Diazruanova
    Detection was removed. Thanks to everyone for reporting it. :)


    Cris.


    Thanks to you Chris ;)

  • JTMBDF
    JTMBDF
    Hello everyone,


    The problem is already reported and the fix should be released in one of the next updates.


    Cris.


    Was the "fix" just to the "Detection was removed"?


    What about DB deleting the file from the system even though none of the Real-time or System Scan settings are set to "Delete file" when a infection is detected/suspected?


    I do not want BD (or any AV) to be deleting files from my system without asking first.


    If there's no settings available to prevent DB deleting files from my system without asking first, I be deleting BD from my system and switching to another AV ASAP.

  • matabufalez
    matabufalez
    Was the "fix" just to the "Detection was removed"?


    What about DB deleting the file from the system even though none of the Real-time or System Scan settings are set to "Delete file" when a infection is detected/suspected?


    I do not want BD (or any AV) to be deleting files from my system without asking first.


    If there's no settings available to prevent DB deleting files from my system without asking first, I be deleting BD from my system and switching to another AV ASAP.


    YOu are wrong.


    You can change the settings of BD for move to quarantine the infected or suspicious files.


    When BD detects any threat,alert you by a popup and you have the option of delete or restore the suspicious file.


    Goodbye

  • alexcrist
    alexcrist
    edited June 2008

    Hello Jon_T,


    Before I explain what happened to you, I have to explain a few things about how things are done.


    When you set BD to Delete a found threat, BD will delete only the found file (it will just apply a simple delete command on it).


    On the other hand, when you set BD to Disinfect an infection, it will call a disinfection routine specific for the found infection (which includes, if needed, deleting auxiliary files, cleaning registry keys, undo-ing changes to the system and other things like that). Most times, the cleaning routine involves deletion of the found file, and the only exception from this is when a FILE INFECTOR infected a file (and that infection can, sometimes, be cleaned without actually deleting the host-file). In other words, Disinfect doesn't mean that it disinfects the file, it means it disinfects the system (and that means also deleting the threats).


    Because the FP was included in the Trojan category, the disinfection routine involves deletion and that's why the file was deleted from your computer without prompt.


    If you want to prevent this behavior, the solution is simple: instead of Disinfect you can set BitDefender to:


    - either Move to quarantine


    - or Deny access and continue, which will leave the file where it is, but block all access to it, allowing you to make a manual scan over it and take the necessary action.


    Also, I suggest you to change the actions for the OnDemand scans as suggested above.


    Cris.

  • JTMBDF
    JTMBDF
    YOu are wrong.


    You can change the settings of BD for move to quarantine the infected or suspicious files.


    When BD detects any threat,alert you by a popup and you have the option of delete or restore the suspicious file.


    Goodbye


    If you read my previous post you've know I've verified that NONE of the Real-time or the System Scan settings are set to "Delete file" when a infection is detected/suspected. <_< ... settings are to "Deny access and continue" or "Move to file to quarantine" if unable to "Disinfect". (i.e., default settings)

  • JTMBDF
    JTMBDF
    edited June 2008
    Hello Jon_T,


    Before I explain what happened to you, I have to explain a few things about how things are done. ...


    Chris,


    They need to provide the info you did on how "Disinfect file" works in the Help file which does not note it will delete files. Help only has "Disinfects the infected file".


    Hence, based info in Help file and the settings outline structure (and using other AVs) is if DB unable to Disinfect file then the "Second action" will take place.


    Based on your description on how "Disinfect file" works, the "Second action" will most likely will not be a second action.


    Thanks,


    Jon


    Edit:


    BTW does BD 2008 work the same way? Still using BD 10 because really do not care for BD 2008's dumb down GUI.

All Time Leaders

Categories

Defenders of the month