DrWebCureIt became aggressive...

Hi malware fighters

I advised users to use DrWebCureIt for a second op as a free tool, it is still free but only for curing your computer now else you have to pay for it, so if it finds FP, that I later evaluated, you could exclude them. Not with the latest version. I lost a acer system32 file by the name of Kill1211.exe flagged falsely as ToolWifiKill.
It also falsely flagged tfwab.dll in the Threatfire program (this could be restored). Bad policy there, this is not gonna make them friends. The quarantine file was not to be found, files disappeared in digital oblivion and I have to download them to re-install,

polonus

I hardly think this is an FP, Kill1211.exe ToolWifiKill it is detecting a tool that could be used for good or evil, just as avast has flagged some tools in the past, but by at least identifying it as {Tool} would give the user a bit of a clue.

So the problem is not being able to exclude them or say leave it alone/no action at the time of detection is a bad step.

Surely if you run DrWeb to repair, would prevent the sending of files to quarantine and any possible loss later.

For what do you need to pay then? Can you elaborate?

Hi Tech,

You can only scan the computer with DrWenCureIt for free if you want to cure, says the prompt at the beginning, else you have to buy the program. In the old days you could exclude files from action taken, that is now greyed out, only thing I find on the computer now was a logfile and so I lost the system 32 extecutable, I am gonna keeps my hands off of DrWebCureIt now,

polonus

Removing of the suggested tools… and waiting for your further suggestions.

Hi Tech,

I am glad now that I created two accounts on my acer XP SP3 and I could recover the executable in question from the safe XP account. That is the extra bonus of having two accounts a normal user account and a main admin account, you have always one to recover from, but still I am shocked of what DrWebCureIt is now, more of a nag tool than it was,

polonus

So Basically, once you run a scan with the new version of this tool, you have no control over what it then does?

Oh, dear.
I’ve had FP’s with this before, too. It’s…um…quite aggressive. (Had to re-install the application affected.)

Is it just me,or is cureit now running a full scan as default,rather than the “express scan” it always ran first?

Yeah. OK guys no response.
that’s cool.

I am gone.

Hi normishmael,

That is more or less what it is in its effects,

polonus