Inqsoft Sign of Misery

Avast 4.6.691 (0537-0)
avast identifies scripts and exe’s made by the Sign of Misery as Win 32:Trojano-2351. The bin file of the programe is also id’ed as a virus.
The programe’s home page – http://s0m.narod.ru/
This is a freeware programme that helps to deal with shareware programs and make different scripts and compile them to exe.
The author declares that the SoM is id’ed as a trojan by AVP - but 2.70 pre-release2 of the SoM fixes this problem. I updated it but Avast still regards it as a trojan.
I sent the bin file and exe’s to Avast from the chest.

I stumbled on a similar problem with a freeware Tweaking Program from Romania. It contained malicious scripts. When I published this on another forum, the author became offensive. He has sworn to hunt me down. At least, I know exactly where he lives.

By the way, “narod.ru” (can be read as “Russian people”) is a very large community and you can’t possibly blame them.

I know what narod.ru means - I speak Russian:) narod - means people/nation.
In any case - narod.ru is a free hosting service. that’s quite natural to use free hosting for distribution of freeware.
Nevertheless - this doesn’t solve my problem. SoM is not a trojan.

I downloaded SoM and the exe was not detected as malware by any of the scanners on Jotti.

Nosferatum, pleasse read the pvt msg I’ve sent you.

Sorry Nosferatum, but I added this because there are still some silly people around that would never download anything from a .ru server.

For instance, Kaspersky has a Dutch website (and representation) that nowhere mentions the Russian origin of the program :-[.

Nicolas

SMTP module(domain @195.209.41.194:rocketmail.com) reports:
message text rejected by mx1.mail.yahoo.com:
554 delivery error: dd This user doesn’t have a rocketmail.com account (hjtbetaATrocketmail.com) [0] - mta187.mail.re2.yahoo.com

— I changed @ to AT—

Eddi, I can’t contact you by email

Hi Nosferatum,

That why I am so glad I have the plug-in browser scanner from Dr Web’s. It is lean, it is mean, and does not run resident on your comp. So it does not run cycles on your comp that much, and has a quick response time, I found. They pre-scan all the links you want to later click on their update scanner in St. Petersburg (the plug in is free). I have it installed in FF, but it is there for other browsers as well. Whenever they say the link is OK there is no virus no bad script or malware etc. running via that link. Whenever I am in doubt I pre-scan with Dr Web. They are nr. 2 in update rate, just behind Kaspersky’s. So what more do you want. I updated to the last plug in. Great. You can have the Russian version. Pitriski naboj!

greets,

polonus

Hey, after I started this topic I sent incorrectly identified files from the chest and then once again archived and encrypted to virus@avast.com. But it’s no use. Hey, does someone receives those mesages or is it all futile??? SoM is stll gets halted by avst.
I can’t beleive that nothing can be done. :o

Two facts:

  1. Alwil does not automatic answer to virus submission.
  2. Alwil should make submission, analysis and vps update better.

Simultaneous (theard): http://forum.avast.com/index.php?topic=16534

Honestly, I would consider the whole SoM program rather suspicious; besides, the mentioned file is detected as dangerous by other antiviruses as well.
I suggest to put the file (or SoM folder) into the list of avast! exclusions.

Hi,

Actually I don’t want any offcial replies. What I do want though is to update my avast bases and see that SOM files are not halted any more by resident scaner

igor: I suggest to put the file (or SoM folder) into the list of avast! exclusions.

I already did, but the thing I can disable the protection when I use SoM, but resident monitor still halts the exe’s compiled by the program.

There are 2 lists of exclusions - one for on-demand scanners (in program settings), one for resident protection (in Standard Shield settings) - make sure you have it in the later one, too.

Igor, thanks for advise. it works now.