What happened to the Messenger Plus! forums on msghelp.net?
Shoutbox » MsgHelp Archive » Messenger Plus! for Live Messenger » WLM Plus! Help » eset nod32 blocked messenger plus 4.85

Pages: (3): « First « 1 [ 2 ] 3 » Last »
eset nod32 blocked messenger plus 4.85
Author: Message:
Menthix
forum admin
*******

Avatar

Posts: 5537
Reputation: 102
40 / Male / Flag
Joined: Mar 2002
RE: eset nod32 blocked messenger plus 4.85
quote:
Originally posted by Lou
Perhaps they're testing this by installing over a previous installation that already had the CiD sponsor? In that case they would obviously get a false positive because it's not even from the same installer
Would sound unlikely. I would assume they do automated testing on clean VMs.

It is definitely an CiD uninstaller though. Installed the old 4.60. When you install that version with the CiD sponsor it creates an uninstall.exe in C:\Program Files\Circle Development\. That file looks a lot like what Eset claims they are seeing:
4.60 CiD uninstaller: http://www.virustotal.com/analisis/d9fd774108d289...5be03e1-1280921456
Eset's mysterious find: http://www.virustotal.com/analisis/79bf7f8085018d...d57936d-1280301607


But even if you would...
  • Delete the uninstall.exe file from the old version (while keeping CiD installed)
  • Download and install the latest plus! version
  • Try to remove CiD through Plus' uninstaller
...that won't cause the current Plus! version to download the CiD uninstaller either. It just makes Plus! say "CiD is installed but the uninstaller is corrupted. Install the CiD again to fix".


So what would explain the detection?
  • Eset is ignorant and is classifying everything they recognize as Messenger Plus! as being bundled with CiD, based on an old version. Even though newer versions don't bundle with CiD.
  • Eset's testing methods are  malfunctioning like Lou suggested.
  • Or some code in the current Messenger Plus! version could still download/contain the uninstall.exe Eset refers to even though it is unused. After all, some of the other CiD uninstall functionality is still there too. Perhaps there's something which ticks Eset's stuff off even in the latest version.
    [Image: circle-development-remove-sponsor.png]


The annoying thing is Eset isn't clear in telling exactly what they're basing their detection on :(. Perhaps someone else can try to get some sense out of them: How to submit virus or potential false positive samples to ESET's labs. As long as Eset doesn't tell what their problem is Yuna can't exactly fix it either. Damn annoying, because I'm using NOD32 myself too and using Plus! installers all the time :(.
Tip: when sending them MsgPlusLive-485.exe, rename it to something like MsgPlusLive-485.bak before zipping and (optionally) password protecting it. GMail won't allow you to send a zipped .exe, even if you password protect the .zip.
Finish the problem
Menthix.net | Contact Me
08-04-2010 12:32 PM
Profile E-Mail PM Web Find Quote Report
matty
Scripting Guru
*****


Posts: 8336
Reputation: 109
39 / Male / Flag
Joined: Dec 2002
Status: Away
RE: eset nod32 blocked messenger plus 4.85
Do I smell another petition in the works?
08-04-2010 12:58 PM
Profile E-Mail PM Find Quote Report
Menthix
forum admin
*******

Avatar

Posts: 5537
Reputation: 102
40 / Male / Flag
Joined: Mar 2002
RE: eset nod32 blocked messenger plus 4.85
quote:
Originally posted by Eset's reply on a request for more detailed information
Dear Johan Brune,

I think your questions was already answered.
The recent version was tested. Testing the MsgPlusLive-485.exe resulted in Swizzor infection on previously clean system. It was confirmed by the independent tester too (non ESET employee). Reverse engineering confirmed the recent executable has references to Sponsor (CiD).
The vendor's website contains misleading informations. It states Messenger Plus! is freeware and 100% free. Freeware implies no optional malware and no third party sponsor components.
Sure the vendor can get more informations, unfortunately we were not contacted by him yet.

Regards,

Daniel Novomeský
Virus Researcher
ESET spol. s r.o.
* Menthix summons Yuna/Patchou. Them contacting Eset directly may lead to something useful.

Eset has an interesting definition of freeware btw:
http://www.merriam-webster.com/dictionary/freeware
http://en.wikipedia.org/wiki/Freeware
http://definr.com/freeware


This post was edited on 08-04-2010 at 02:57 PM by Menthix.
Finish the problem
Menthix.net | Contact Me
08-04-2010 02:56 PM
Profile E-Mail PM Web Find Quote Report
Chrono
forum admin
*******

Avatar
;o

Posts: 6023
Reputation: 116
39 / Male / Flag
Joined: Apr 2002
Status: Away
RE: eset nod32 blocked messenger plus 4.85
well, isnt it obvious that patchou/yuna shoul be contacting them? i thought they'd have done that right after Menthix noted all the issues :P

* Chrono slaps patchou/yuna around a bit with a large trout.
[Image: wdz_discrate.png]
08-04-2010 11:17 PM
Profile PM Web Find Quote Report
Hank
Banned


Posts: 3129
Reputation: 5
– / – / Flag
Joined: Nov 2003
Status: Away
RE: eset nod32 blocked messenger plus 4.85
quote:
Originally posted by Chrono

* Chrono slaps patchou/yuna around a bit with a large trout.
and you wonder why Patch wont use your name for his Kid :p

quote:
Originally posted by Chrono
well, isnt it obvious that patchou/yuna shoul be contacting them? i thought they'd have done that right after Menthix noted all the issues :P
i dunno but i would think Patch/Yuna would be better off to contact NOD32
08-05-2010 12:06 AM
Profile PM Find Quote Report
Menthix
forum admin
*******

Avatar

Posts: 5537
Reputation: 102
40 / Male / Flag
Joined: Mar 2002
RE: eset nod32 blocked messenger plus 4.85
Also see the discussion on the MalwareBytes forum (MalwareBytes is apparently blocking the Plus! site):
http://forums.malwarebytes.org/index.php?showtopic=57081

At least MalwareBytes is willing to show people what they see. I think we may have an explanation now:
http://forums.malwarebytes.org/index.php?showtopi...=findpost&p=295857
Finish the problem
Menthix.net | Contact Me
08-05-2010 09:13 AM
Profile E-Mail PM Web Find Quote Report
Hank
Banned


Posts: 3129
Reputation: 5
– / – / Flag
Joined: Nov 2003
Status: Away
RE: eset nod32 blocked messenger plus 4.85
quote:
Originally posted by Menthix
Also see the discussion on the MalwareBytes forum (MalwareBytes is apparently blocking the Plus! site):
http://forums.malwarebytes.org/index.php?showtopic=57081
i clicked on malwarebytes forum by accident an thouhgt DZ upgraded the forum to a new Forum board :p
08-05-2010 09:36 AM
Profile PM Find Quote Report
vaccination
Veteran Member
*****

Avatar

Posts: 2513
Reputation: 43
32 / Male / –
Joined: Apr 2005
RE: eset nod32 blocked messenger plus 4.85
quote:
Originally posted by Menthix
At least MalwareBytes is willing to show people what they see. I think we may have an explanation now:
http://forums.malwarebytes.org/index.php?showtopi...=findpost&p=295857
The guy in that thread is acting like an arsehole though. Glad I don't use their software.
[Image: jumbled.png]
08-05-2010 01:03 PM
Profile PM Find Quote Report
Chris4
Elite Member
*****

Avatar

Posts: 4461
Reputation: 84
33 / Male / Flag
Joined: Dec 2004
RE: eset nod32 blocked messenger plus 4.85
I got the video working by installing this codec (not worth installing, unless you really want to).

MenthiX was right - he's downloading Messenger Plus! Live 4.85, but because he doesn't have Windows Live Messenger 8 or 9 on his test machine, the installer then detects he only has Windows Messenger 4 (which comes with XP) and it then downloads the old Plus! 3.63 version with the adware.

[Image: dLyNf.png]

[Image: Lxktr.png]

[Image: y2ASt.png]
Twitter: @ChrisLozeau
08-06-2010 02:43 AM
Profile PM Find Quote Report
Hank
Banned


Posts: 3129
Reputation: 5
– / – / Flag
Joined: Nov 2003
Status: Away
RE: eset nod32 blocked messenger plus 4.85
my rule is "never argue with an idiot otherwise bystanders cant tell the difference".. an it seems he is an idiot.

OT: talking bout idiots, where's Discrate :p

This post was edited on 08-06-2010 at 02:56 AM by Hank.
08-06-2010 02:55 AM
Profile PM Find Quote Report
Pages: (3): « First « 1 [ 2 ] 3 » Last »
« Next Oldest Return to Top Next Newest »


Threaded Mode | Linear Mode
View a Printable Version
Send this Thread to a Friend
Subscribe | Add to Favorites
Rate This Thread:

Forum Jump:

Forum Rules:
You cannot post new threads
You cannot post replies
You cannot post attachments
You can edit your posts
HTML is Off
myCode is On
Smilies are On
[img] Code is On