Avast! make a false positive in utility that just switch on/off autostart of autoruns. But It reporting NSIS:Startpage-B.
Please fix this FP as soon as possible
POP-UP info
Web shield has blocked a harmful webpage or file
URL: hxxp://www.tipypropc.cz/wp-content/uploads/2009/05/autorun-fixi.exe
Infection: NSIS:Startpage-B
Action: Connection Aborted
62% detection rate and you still think that it is FP? ;D It may be but i wouldn’t say that.Let’s wait for avast team.If it’s not malware it’s kind of browser hijack or something like that,PUP! ???
Norman detect it as Suspicious_Gen2.CXLWH on VT scan, this is an auto created signature
when i scan it i get a new detection name W32/Malware.GSGB so i guess it have been manually analysed and found malicious and VT does not have that signature…yet
SOPHOS analysis
Hello,
Thank you for the file submission! SophosLabs confirmed that this application changes the IE homepage to a questionable site, so it is detected as Troj/StartP-DN.
Die Datei ‘autorun-fixi.exe’ wurde als ‘MALWARE’ eingestuft. Unsere Analytiker haben dieser Bedrohung den Namen DR/StartPage.dpb.58 gegeben. Bei der Bezeichnung “DR/” handelt es sich um ein Programm, das eigenständig einen Virus oder eine Malware auf einem System ablegen kann.Ein Erkennungsmuster wird mit einem der nächsten Updates der Virendefinitionsdatei (VDF) hinzugefügt werden.MALWARE
NORMAN analysis
Hi,
File is malicious so it is not a false positive.Due to mismatch between actual and extracted file,It was detected with different naming convention.Problem resolved now file will be detected as "StartPage.ALOO".
Malwarebytes analysis
Hi pondus,
Odd one that …its definetly not a password stealer( @ Mcaffee) and does contain a autorun fix persay.
However the install carton does change your default homepage setting without asking permission so it qualifies as a Trojan.StartPage although the bundled autofix executable does get a free pass as its not malicious
Interesting. Friend has ESET and he download that utility on his computer, runned It and It just can turn on/off automatic starting of autoruns. It’s 100% functional. I don’t know why It is reported as virus ???
but ESET is so good (As people say) and it cannot detect this sample? but every AV doing mistakes.
The trojan designed to look safe and good but in real it does bad things.
So in this big world you can’t find a better program to do that work ? ??? ???
The trojan designed to look safe and good but in real it does bad things
exactly and that is why they are called trojan
A Trojan horse, or Trojan, is software that appears to perform a desirable function for the user prior to run or install, but (perhaps in addition to the expected function) steals information or harms the system.[1] The term is derived from the Trojan Horse story in Greek mythology.