Nullsoft SFX installers as false positives?

File url below, for own safety don’t download&run

http://doubleshadow.thexuniverse.com/x3e/patch/X3Editor_patch_0.14_to_0.15.exe
file also uploaded to Avast! ftp incoming folder … just for sure

Microsoft Visual C++ v6.0 DLL [Nullsoft PiMP SFX] *
[-= Installer =-] Nullsoft SFX Setup !

yet it’s detected as
Sign of “Win32:Adware-gen [Adw]” has been found in “D:\Downloads\new\a9\X3Editor_patch_0.14_to_0.15.exe” file.

i guess something is wrong there with generic Adware detection set …

For safety then break the link replace the http with hXXp humans can read it and edit it and there is no accidental clicking by the curious. DrWeb link checker doesn’t find anything at the link though.

e.g. hXXp://doubleshadow.thexuniverse.com/x3e/patch/X3Editor_patch_0.14_to_0.15.exe

i know just dont think it’s needed in this case :slight_smile:

personally who doubleclick on such link even after reading the title and warning text and then allow execute fully deserve to be infected if it’s ‘malicious’ code :slight_smile:

File is wrongly detected. False positive alert will be fixed in next VPS update…

Whilst it may not be necessary in this case it is good practice that suspect links aren’t live. You would be surprised just how curious and stupid some people can be so it is really up to those who know better to ensure they don’t get exposed.

A web site did a trial of placing a link in a web page that had a much more prominent what ever you do don’t click this link, you would be surprised at the numbers that did click it, their curiosity got the better of them. So we should be looking after them rather than leaving them and their curiosity to fend for themselves.

Nice to see your consideration for those too curious/ignorant for their own good in saying they deserve to be infected ???

thanks misak :slight_smile:

DavidR i know … it was just sarcasm i don’t remember i ever posted full url to active malware in past …
yes they deserve to be infected :slight_smile: because there were enough stupid to ignore polite warnings :slight_smile:
ofc i know most of serious forums and posters use the policy to not post ‘active’ urls but … oh well :slight_smile:

but really think about it if there is “Minefield! Don’t enter or face death” and someone who is able read still goes there …
then Darwin wins …