james 0 Posted March 1, 2014 Share Posted March 1, 2014 (edited) We had reported the false detection of our legitimate software to eset before 3 weeks via samples@eset.com Send a followup also.Never got a reply not even an automated one Can someone here help us resolve the issue.Other anti-virus vendors are much faster and prompt in clearing such issues. The case of eset very disappointing Edited March 1, 2014 by james Link to comment Share on other sites More sharing options...
Administrators Marcos 5,404 Posted March 1, 2014 Administrators Share Posted March 1, 2014 Unfortunately, you didn't mention the name of the application nor the detection name under which it was detected by ESET. I rather suspect that the application is classified as a potentially unwanted or unsafe application; in that case it's highly unlikely it would be FP. Link to comment Share on other sites More sharing options...
SweX 871 Posted March 1, 2014 Share Posted March 1, 2014 I rather suspect that the application is classified as a potentially unwanted or unsafe application; in that case it's highly unlikely it would be FP. I bet $10 that this is the case. Link to comment Share on other sites More sharing options...
Arakasi 549 Posted March 1, 2014 Share Posted March 1, 2014 I'll take your 10 & raise you $100 Link to comment Share on other sites More sharing options...
james 0 Posted March 2, 2014 Author Share Posted March 2, 2014 (edited) I had other issues to lookinto,so missed posting the file details. The software product is named Mass Watermark,you may check it out at masswatermark(dot)com.The product is not a PUP and is not a malware Please note that the current version is not flagged by eset as false positive its the new version that we have in the release queue that is flagged by eset.You can download the files from Dropbox https:// dl.dropboxusercontent.com/u/128438096/setup.exe https:// dl.dropboxusercont ent.com/u/128438096/mw.exe (Included in Setup) We encounter such issues in new releases. I really would really appreciate if someone here could lend a helping hand Edited March 2, 2014 by Marcos Link to comment Share on other sites More sharing options...
Arakasi 549 Posted March 2, 2014 Share Posted March 2, 2014 (edited) Hello Win32/riskware.dyamar.A OR "Mass watermark.exe" in "your" file. This is a Trojan horse program, it is not self-replicating, but can alter system files and perform actions without the users consent. It is borderline, potentially unwanted. Your program or file is known by several different vendors, Emsisoft, McAfee, as well as ESET. You can find a more detailed breakdown of the threat , removal instructions when infected, etc at the following link: hxxp://home.mcafee.com/virusinfo/virusprofile.aspx?key=611820 It may even altar the master boot record. In Order for ESET to release detection of the threat from their database, you need to remove Mass watermark.exe or completely clean up your compilation using this file. Edited March 2, 2014 by Arakasi Link to comment Share on other sites More sharing options...
Arakasi 549 Posted March 2, 2014 Share Posted March 2, 2014 (edited) Hello Moderators, Can we get the Trojan URL's removed from the following link Here Edited March 2, 2014 by Arakasi Link to comment Share on other sites More sharing options...
james 0 Posted March 2, 2014 Author Share Posted March 2, 2014 (edited) Hello Win32/riskware.dyamar.A OR "Mass watermark.exe" in "your" file. This is a Trojan horse program, it is not self-replicating, but can alter system files and perform actions without the users consent. It is borderline, potentially unwanted. Your program or file is known by several different vendors, Emsisoft, McAfee, as well as ESET. You can find a more detailed breakdown of the threat , removal instructions when infected, etc at the following link: hxxp://home.mcafee.com/virusinfo/virusprofile.aspx?key=611820 It may even altar the master boot record. In Order for ESET to release detection of the threat from their database, you need to remove Mass watermark.exe completely and clean up your compilation. My dear friend, We are the makers of the software called Mass Watermark and we are reporting a wrong detection by eset. We are not looking for tech support I just posted here because the eset false positive resolution team seems slow in fixing these wrong detection. I suggest you read the thread fully before making a post. Plus you mad mentioned about mcafee and emsisoft,I have used many multiengine antivirus scanners,yes Mcafee is also having some issues.We have contacted them,but Emsisoft does not have any issues. I think you are using Virustotal,they seem to have problems now,Reporting wrong detections. check with other multi engine scanners like www.metascan-online.com or virscan.org/ they dont report the detection.If you are not satisfied with that download the program itself eg:emsisoft and check yourself My point is the files are not trojans and stop treating the files in that manner. Done. Edited March 2, 2014 by james Link to comment Share on other sites More sharing options...
SweX 871 Posted March 2, 2014 Share Posted March 2, 2014 13/50. https://www.virustotal.com/sv/file/b2354d0c4f80e425cf611987e30ad60cc9ae6ccec5ac2c967272d8477d1b35dc/analysis/ Link to comment Share on other sites More sharing options...
james 0 Posted March 2, 2014 Author Share Posted March 2, 2014 13/50. https://www.virustotal.com/sv/file/b2354d0c4f80e425cf611987e30ad60cc9ae6ccec5ac2c967272d8477d1b35dc/analysis/ Read the previous post,use other scanners VT is having issues Link to comment Share on other sites More sharing options...
SweX 871 Posted March 2, 2014 Share Posted March 2, 2014 (edited) 13/50. https://www.virustotal.com/sv/file/b2354d0c4f80e425cf611987e30ad60cc9ae6ccec5ac2c967272d8477d1b35dc/analysis/ Read the previous post,use other scanners VT is having issues VT having Issues? What sort of issues? Edited March 2, 2014 by SweX Link to comment Share on other sites More sharing options...
SweX 871 Posted March 2, 2014 Share Posted March 2, 2014 (edited) My dear friend, I think you are using Virustotal,they seem to have problems now,Reporting wrong detections. check with other multi engine scanners like www.metascan-online.com or virscan.org/ they dont report the detection. Yes I am familiar with those services. 4/40 https://www.metascan-online.com/en/scanresult/file/ad6a40c5089545da830c661a1ffea69e Just FYI Edited March 15, 2014 by SweX Link to comment Share on other sites More sharing options...
Arakasi 549 Posted March 2, 2014 Share Posted March 2, 2014 I was able to download Mass Watermark from your website, and from the alternative link Softpedia, with no detections, and no errors from ESET. So the question is, what has changed between current version and your new release ? Because your executable is being flagged in your links. Link to comment Share on other sites More sharing options...
Arakasi 549 Posted March 2, 2014 Share Posted March 2, 2014 (edited) The fastest and best way to get this resolved if there is some sort of problems between hashes or new files added to your setup/installer, is to follow the instructions in the provided link : hxxp://kb.eset.com/esetkb/index?page=content&id=SOLN141 I understand you want this expedited, but these things sometimes take time based on the vendor's internal workload. A moderator here in the forums might be able to check on your case and make sure it went to the proper channels, but that in my opinion is the most we can do here, provide guidance and direction. ESET NA is closed until Monday morning, the main HQ in Bratislava might have a similar schedule. Edited March 2, 2014 by Arakasi Link to comment Share on other sites More sharing options...
Administrators Marcos 5,404 Posted March 2, 2014 Administrators Share Posted March 2, 2014 This detection is correct as it's a highly suspicious packer allowing for evading detection by av software and thus often being exploited by malware authors. I've relayed your query to the Malware research lab to find out if we could whitelist this particular file. Link to comment Share on other sites More sharing options...
Arakasi 549 Posted March 2, 2014 Share Posted March 2, 2014 It appears Marcos is coming to the rescue. Good luck to you and your team James. Link to comment Share on other sites More sharing options...
SweX 871 Posted March 2, 2014 Share Posted March 2, 2014 It appears Marcos is coming to the rescue. Good luck to you and your team James. So what about the Trojan in the file? Link to comment Share on other sites More sharing options...
Arakasi 549 Posted March 2, 2014 Share Posted March 2, 2014 (edited) It might not have a Trojan, but the compiler that is being used to group all the projects files together has the same characteristics as previously used Trojans, or is vulnerable to the same Trojan, thus it is being flagged, and the closest comparison to the packer is what we are catching as win32 riskware dyamar. Of course without running it in Sandboxie or letting ESET research the files in question, we probably won't know. Edited March 2, 2014 by Arakasi Link to comment Share on other sites More sharing options...
SweX 871 Posted March 2, 2014 Share Posted March 2, 2014 It might not have a Trojan, but the compiler that is being used to group all the projects files together has the same characteristics as previously used Trojans, or is vulnerable to the same Trojan, thus it is being flagged, and the closest comparison to the packer is what we are catching as win32 riskware dyamar. Of course without running it in Sandboxie or letting ESET research the files in question, we probably won't know. Ahhh...I thought you downloaded the file and found a Trojan in it. Yes let's ESET check it out and share the final verdict. Link to comment Share on other sites More sharing options...
Recommended Posts