Page 1 of 1

Virus found during installaition BirdiSync

Posted: Tue Apr 10, 2007 9:07 pm
by sstvmaster
Hello,

at first, sorry for my bad english.

I have download BirdieSync 1.5.1.2, at installprocess my AntiVirus Program
AntiVir Premium -> http://www.avira.de shows me this message:

Image

Code: Select all

AntiVir erkannte in der Datei C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Temp\nsd4B.tmp\nsProcess.dll verdächtigen Code mit der Bezeichnung 'SPR/Tool.PSKill'!
It is a false positiv?

AntiVir Premium 7:
- Virusdefinitionfile: V6.38.00.200 - 10.04.2007
- Searchengine: V7.03.01.50 - 10.04.2007

OS:
Windows XP Prof. SP2

please help me!

Maik

UPDATE

Posted: Tue Apr 10, 2007 9:30 pm
by sstvmaster
I have found this on Avira Forum:
I just heard from aVira today:

"We want to inform you, that the file you have sent us will be
detected in future as SPR/Tool.PsKill.2

It is not a false positive. Please note, that SecurityPrivacyRisk
(SPR) labels possible malicious software. That means, that the file
doesn't need to be a virus, but has the possibility to perform
malicious actions."
Original message:
http://forum.antivir.de/thread.php?pos ... post145029

Posted: Tue Apr 10, 2007 9:50 pm
by Birdy
I don't think there is a virus problem with nsProcess.dll. This is a plug-in library which is commonly used in installer to stop processes for instance. On the net, other users had a similar problems with other anti-virus which detected this library as malicious, leading to a false positive.
If you run this library through http://www.virustotal.com, most of the major anti-virus don't consider it as a virus.

Posted: Sun Apr 15, 2007 12:26 pm
by kingpin
kaspersky report this:

File C:\Programmi\BirdieSync\Uninstall.exe/data0005: detected riskware not-a-virus:RiskTool.Win32.PsKill.q


File C:\BirdieSyncSetup.exe/data0020: detected riskware not-a-virus:RiskTool.Win32.PsKill.q


Is it a false positive?

Posted: Sun Apr 15, 2007 12:39 pm
by Birdy
As you may see, Kaspersky doesn't consider it as a virus: "not-a-virus". This alert comes from the use of a library in the installer which allows to stop a process during installation. And some sensible anti-virus raise an alert considering it could be a problem... But you can install this version without problem.

Posted: Sun Apr 15, 2007 1:48 pm
by kingpin
very well, merci :)