Application detected as malware: False Positive

Hi,

Our Registry Cleaner application (PC SpeedScan Pro) is being detected as Win32:Malware-gen by avast online scanner and as well on virustotal too.

Below are the details of the application:
Source of software: http://www.ascentive.com/products/pcspeedscan/
Name of developer: Ascentive LLC.
Name and version of application: SpeedScan.setup.exe (7.9.8)

This application is not malware. Therefore, we request you to remove our software from your malware detection database.

Please find attached the snapshot of your online scanner results.

Let me know incase you need anything else.

Looking forward to a prompt reply/action from your side.

Thanks & Regards,
Ascentive Tech Group

You can report it using one of these options…you may add a link to this topic in case they reply here

You can upload files and report issues to avast here : http://www.avast.com/contact-form.php (select subject according to Your case)

You can use mail
send to virus@avast.com in a password protected zip file
mail subject: False Positive / undetected sample (select subject according to your case)
zip password: infected

or you can send files from avast chest
how to use the chest. http://www.avast.com/faq.php?article=AVKB21

Hello,
sorry for your inconvenience, the malware gen detection will be changed in next VPS update

Hi,

Thanks for the prompt reply. I can see the malware gen detection changed to Win32:PUP-gen [PUP] .

Please remove this too as already informed.

I’m mailing the same to virus@avast.com too.

Thanks & Regards,
Ascentive Tech Group

Hi,

It is not being detected on avast online scanner but it is being detected on virustotal.

So, please do the needful.

Thanks & Regards,
Ascentive Tech Group

Can you give us a link to that…

Please find the link below:

https://www.virustotal.com/en/file/1ea8d590938fb214bbdad401242890e052fe253536a77c16c78dabde7031f4f1/analysis/1396337006/

Detected as PUP = not virus / Possible Unwanted Program

This is usually some kind of annoyware… ads / unwanted toolbars …

But we want you to remove this kind of detection too.

So you want Avast to leave the users open to all sorts of browser hijackers and nuisance programmes like scorpion, delta etc… If the user installs it deliberately then they can add an exception otherwise this tends to come bundled with other software

We just want our software to be removed from this detection. Our software is a registry cleaner application. We have provided you with our setup. You can analyse the same. Our intention was never to leave the users open to all sorts of browser hijackers and nuisance programmes.

if so, you have to report it to avast lab using one of the options i gave in my first post

I guess the links and attachment say enough.
http://zulu.zscaler.com/submission/show/4b71e31bebf863a6ada54a7012e176cb-1396365390
http://urlquery.net/report.php?id=1396365615677
http://urlquery.net/report.php?id=1396025256776[url=https://www.virustotal.com/nl/file/92f53929c171634ae2276626d9138bbea85bc61d44d7f7d9248b4d28f2d53d22/analysis/1396365191/]
https://www.virustotal.com/nl/file/92f53929c171634ae2276626d9138bbea85bc61d44d7f7d9248b4d28f2d53d22/analysis/1396365191/[/url]

That has me worried right now. Reg Cleaners are not usually safe for use. Nor trustworthy, and usually come packed with "Bloat"ware. Aka (Toolbars, Adware, or as Avast! calls it. PUP.

Edit: This is what Avast! is detecting. “Create a Desktop Icon for a recommended download” and “Yes Install the Ascentive Performance Center”. Other wise known as PUP. They don’t know what it is, and even though it belongs to you, it is considered Potentially unwanted Software. The user probably does not want 2 Icons, a Quick Launch Icon and more programs.

Ah, I see more issues.

Your website is connecting to many bad websites. Including. A RBN IP (Which I can’t find now? Removed?)
malvertising (facebaoock.com)
And what is the file; libraryfiles.exe. What’s it’s purpose?
2014-03-28 17:46:09 1 64.62.158.147 urlQuery Client ET POLICY PE EXE or DLL Windows file download
2014-03-28 17:46:09 3 64.62.158.147 urlQuery Client FILEMAGIC PE32 for MS

A lot of what I found last night appears to be missing. Was your site hacked?

VirusTotal
https://www.virustotal.com/nb/file/978b40e811542cc21a547b32b04de3c4c43b7992916694cee87ca486fd8149c3/analysis/1396385781/

Confirmed False Positive by Norman lab

libraryfiles.exe 4677E4883065B86829B2832ED3791EFD Hacktool.JX Hacktool.JX (FP)[Excluded]