Virus found during installaition BirdiSync

If BirdieSync 1.x constantly replaces your girlfriend's phone number with your mother's one, this forum is for you...
Post Reply
sstvmaster
Posts: 4
Joined: Tue Apr 10, 2007 8:36 pm

Virus found during installaition BirdiSync

Post by sstvmaster » Tue Apr 10, 2007 9:07 pm

Hello,

at first, sorry for my bad english.

I have download BirdieSync 1.5.1.2, at installprocess my AntiVirus Program
AntiVir Premium -> http://www.avira.de shows me this message:

Image

Code: Select all

AntiVir erkannte in der Datei C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\nsd4B.tmp\nsProcess.dll verdächtigen Code mit der Bezeichnung 'SPR/Tool.PSKill'!
It is a false positiv?

AntiVir Premium 7:
- Virusdefinitionfile: V6.38.00.200 - 10.04.2007
- Searchengine: V7.03.01.50 - 10.04.2007

OS:
Windows XP Prof. SP2

please help me!

Maik

sstvmaster
Posts: 4
Joined: Tue Apr 10, 2007 8:36 pm

UPDATE

Post by sstvmaster » Tue Apr 10, 2007 9:30 pm

I have found this on Avira Forum:
I just heard from aVira today:

"We want to inform you, that the file you have sent us will be
detected in future as SPR/Tool.PsKill.2

It is not a false positive. Please note, that SecurityPrivacyRisk
(SPR) labels possible malicious software. That means, that the file
doesn't need to be a virus, but has the possibility to perform
malicious actions."
Original message:
http://forum.antivir.de/thread.php?pos ... post145029

Birdy
Site Admin
Posts: 3015
Joined: Tue Apr 18, 2006 11:43 am
Contact:

Post by Birdy » Tue Apr 10, 2007 9:50 pm

I don't think there is a virus problem with nsProcess.dll. This is a plug-in library which is commonly used in installer to stop processes for instance. On the net, other users had a similar problems with other anti-virus which detected this library as malicious, leading to a false positive.
If you run this library through http://www.virustotal.com, most of the major anti-virus don't consider it as a virus.
Birdy

kingpin
Posts: 2
Joined: Sun Apr 15, 2007 12:22 pm

Post by kingpin » Sun Apr 15, 2007 12:26 pm

kaspersky report this:

File C:\Programmi\BirdieSync\Uninstall.exe/data0005: detected riskware not-a-virus:RiskTool.Win32.PsKill.q


File C:\BirdieSyncSetup.exe/data0020: detected riskware not-a-virus:RiskTool.Win32.PsKill.q


Is it a false positive?

Birdy
Site Admin
Posts: 3015
Joined: Tue Apr 18, 2006 11:43 am
Contact:

Post by Birdy » Sun Apr 15, 2007 12:39 pm

As you may see, Kaspersky doesn't consider it as a virus: "not-a-virus". This alert comes from the use of a library in the installer which allows to stop a process during installation. And some sensible anti-virus raise an alert considering it could be a problem... But you can install this version without problem.
Birdy

kingpin
Posts: 2
Joined: Sun Apr 15, 2007 12:22 pm

Post by kingpin » Sun Apr 15, 2007 1:48 pm

very well, merci :)

Post Reply

Who is online

Users browsing this forum: No registered users and 5 guests