Shoutbox

I just downloaded this new Script called: WLM-Safe-4.0.plsc

There is not much info about and what it does when checking on their website with the name: wlm-safe.uptodown.com

One of the names on this site is "uptodown". To me is it similar to "downdup" that is a very wellknown Trojan.

I just checked the .plsc file on VirusTotal (http://www.virustotal.com/analisis/6c600ae61efd52212f865dbbb19aa287)

And it found this:

a-squared    4.0.0.93    2009.02.09    -
AhnLab-V3    5.0.0.2    2009.02.09    -
AntiVir    7.9.0.76    2009.02.09    -
Authentium    5.1.0.4    2009.02.08    -
Avast    4.8.1335.0    2009.02.09    -
AVG    8.0.0.229    2009.02.09    -
BitDefender    7.2    2009.02.09    -
CAT-QuickHeal    10.00    2009.02.09    -
ClamAV    0.94.1    2009.02.09    -
Comodo    972    2009.02.09    -
DrWeb    4.44.0.09170    2009.02.09    Tool.Prockill
eSafe    7.0.17.0    2009.02.09    Win32.Banker
eTrust-Vet    31.6.6347    2009.02.09    -
F-Prot    4.4.4.56    2009.02.09    -
F-Secure    8.0.14470.0    2009.02.09    -
Fortinet    3.117.0.0    2009.02.09    -
GData    19    2009.02.09    -
Ikarus    T3.1.1.45.0    2009.02.09    -
K7AntiVirus    7.10.624    2009.02.09    -
Kaspersky    7.0.0.125    2009.02.09    -
McAfee    5520    2009.02.08    potentially unwanted program PrcViewer
McAfee+Artemis    5521    2009.02.09    potentially unwanted program PrcViewer
Microsoft    1.4306    2009.02.09    -
NOD32    3839    2009.02.09    Win32/PrcView
Norman    6.00.02    2009.02.09    -
nProtect    2009.1.8.0    2009.02.09    -
Panda    9.5.1.2    2009.02.09    -
PCTools    4.4.2.0    2009.02.09    -
Prevx1    V2    2009.02.09    -
Rising    21.15.50.00    2009.02.07    -
SecureWeb-Gateway    6.7.6    2009.02.09    -
Sophos    4.38.0    2009.02.09    -
Sunbelt    3.2.1847.2    2009.02.07    -
Symantec    10    2009.02.09    -
TheHacker    6.3.1.5.250    2009.02.09    Aplicacion/Processor.20
TrendMicro    8.700.0.1004    2009.02.09    PAK_Generic.001
VBA32    3.12.8.12    2009.02.08    -
ViRobot    2009.2.9.1596    2009.02.09    -
VirusBuster    4.5.11.0    2009.02.09    -


Also! I my world this Script sounds to good to be true!
I just made a quick check what is does. And according to the content in this Scripts .reg file and .bat file it is really doing a lot of strange thing!

Perhaps I am way out here so please correct if I am totally wrong.

But. Perhaps a word of warning is in place here!

quote:

---

Originally posted by Moh Zayadi
There is nothing wrong about that script as it's in the scripts database. http://www.msgpluslive.net/scripts/view/505-WLM-Safe/

---

MenthiX is human though, he let a virus accidentally pass through before ;p

Not saying this one is a virus though, as I have not tested or even heard of this script for that matter

Interesting, thank you very much for letting us know.

NOD32 didn't notify me while checking. I've taken the script offline while I check it out.

Version 4.0 was added just a little over an hour ago, never received any complain about the older version. "Potentially unwanted" doesn't sound too harmful.

http://vil.nai.com/vil/content/v_137331.htm

Just sounds like process control, ability to run and terminate running programs. Has legit uses.

Hello guys,

I'm Vincenzo (Webbolo), the author of WLM Safe.

I've just read MenthiX's mail and i'm here to try understading why my script has been removed from scripts' database.

It took me lot of weeks to realize the new version of my script and nobody ever criticized my scripts.

WLM Safe's code can be viewed by everybody, it is not encrypted in any way. The script only contains:

Path.exe - a program used to determine computer's Paths like the name of main hard drive, the %temp% folder and other folders where malwares can hide.

Process.exe - a program used to to kill - suspend - resume process, and it's used in "remove.bat" file, (as you can see in source code) to kill infected processes or temporary suspend explorer.exe and msnmsgr.exe (which are re-started at the end of the scan) for a better virus remove. Author of this program:
http://www.beyondlogic.org

regist.reg - a .reg file that removes infected registry keys.

I scanned both .exe files with my Kaspersky and they are not infected.
If you want, i could try to change part of my script, but personally i think it's not right to remove a script that i made with an hard work for a long time.

Please, give me more information on what i sould change, but i encourage you to check source code if you want. A sentence like "In my world this Script sounds to good to be true!" doesn't offend me. It makes me think that you're envious and makes me proud of my hard work, insted.

Little Note:
wlm-safe.uptodown.com is NOT my website!
My websites are: www.wlmsafe.com and www.webbolo.net

Thank you all.

I can confirm it's not a virus,only a great script ...Moreover the scan only say that there is a prcviewer(if an av says a program it's virus it doesn't mean it's really a virus)

Hi guys!
I'm one of the beta tester of this great script!

I've tried this many times, I've analyzed the code(whit the debugging window of live plus)and I know how does it works!
I'm sure, wlm safe is not a virus..constantly(now it has been downloaded by 2100 users) I HAVEN'T HEARD ANY CRITICAL!

It works greatly..it's not a virus!
Kaspersky doesn't say nothing
Avira antivir too
Avg too
Bitdefender too..
It's not a virus, it's a new tool to BLOCK definitely spam and virus links that spread upon windows live messenger!!

Sorry for my English...
but I've tryed the site posted above.
That site http://www.virustotal.com it's an excellent site, but we have to pay attention.
If we go to http://www.virustotal.com/estadisticas.html we discover an important thing.
In the last 24 hours the site received 74188 files and the 30% was NOT infected, that we can understand from this picture(taked from the site)

( the site says:
"This image shows the number of files that have been detected as infected (red) among the total number of files received within the last 24 hours (clean ones marked in blue).")

Now, if we scroll down the page we arrive to an important new image that reveals us an important consideration:

the site describes the image with:
Red: Infected files which one or more antivirus engines failed to detect as a threat.
Blue: Infected files detected by all antivirus engines.

Now we have to think.
With this graphic we discover that every file that is UPLOADED to the site is ALWAYS, i repeat ALWAYS,(the 99%) signed as a treath.
This comes from: the users over internet upload file to the site for a free scan, but every file uploaded(except the 1%) was an "Infected files which one or more antivirus engines failed to detect as a threat."!
Now or every file that was uploaded was a virus and all the antivirus software didn't dedect it or there is always one or more antivirus software that detects the file as a treath!
But with the first image that I posted we discover the truth:
There are always(on that site) FALSE POSITVE,there are ALWAYS file that are REPORTED AS VIRUS from ONE OF the software!

I hope you understood me, I only say that the report posted in this thread is not so valid IMO.
Thanks BlackStar for the reporting, but I think that we have to understand better what the report says.
IMO WLM SAFE is not a Virus, anyway...if you read the code you simply discover that it doesn't do anything illegal!!!!
FREE WLM SAFE!

Well Menthix knows what he does.To prevent the community from being infected He has removed the script while he is checking if it's really dangerous.The script is clean,the exes attacched to the script are not modified and so are clean too but Menthix has to verify that by himself.Just Wait and we will see the script again on the db very soon.Greetings

@wincy

Thank You very much for Your very relevant answer to some questions about Your script.
Perhaps I am a little paranoid when it comes to and show up some new software that you can't find out what is really does.

Many Antivirus program also gives some false positive, most of us know that, but not all...

But I think it is better to be safe then sorry...

Thanks to Your answer here on this forum we all can now trust Your script and it will probably be a success because if it really works as supposed to, this is something most people will have benefit from.

I am sorry if I gave You problems, but on the other hand...
You gave us all the explanation we needed.


Keep UP The Good Work.

P.S.

Also thank You "Jigen90" and "TheGuruSupremacy" for Your work.
It is good to see that there are people who care!
D.S.