TweakVI is detected as TROJAN!!!

#1
Like the title says, when I tried installing TweakVI on my system, I got a warning from my anti-spyware program installed (namely, CounterSpy from sunbeltsoftware.com) saying that "a known bad program attempting to run was blocked", and gives the names of the program as "TweakVI.exe", which is of course correct.

What is making CounterSpy detect the program as a trojan??? :wtf:

-Coolname007
 

mqudsi

Mostly Harmless
Staff member
#2
Around 2 years ago, TweakVI's site was incorrectly flagged by Google as distributing spyware. I double-checked with both the authors of TweakVI and Google, and it was a false alert that was later fixed and the spyware classification removed.

Seems CounterSpy is out of date.
 
#3
Around 2 years ago, TweakVI's site was incorrectly flagged by Google as distributing spyware. I double-checked with both the authors of TweakVI and Google, and it was a false alert that was later fixed and the spyware classification removed.

Seems CounterSpy is out of date.
hmm...well, I would prefer to check myself too, soon, just in case things have changed over the space of 2 years. :wink:

-Coolname007
 

JustinW

Super Moderator
Staff member
#4
False positives, warning of infection though the program is valid to come from a trusted source, happens all the time. Can happen if a program requests access to administrative functions, or preforms system operations that are expected only of the operating system components therefore it could be considered "malicious". Since TweakVI works a lot with the registry and "tweaks" the system, bad flag or not by google could cause one to occur. Like said above by CG, its a matter of who keeps up to date and who doesn't.

Give a few other anti-spyware scanners a go, to see if you get the same results.
 

mqudsi

Mostly Harmless
Staff member
#5
Around 2 years ago, TweakVI's site was incorrectly flagged by Google as distributing spyware. I double-checked with both the authors of TweakVI and Google, and it was a false alert that was later fixed and the spyware classification removed.

Seems CounterSpy is out of date.
Knock yourself out. Let me know if you find anything amiss, though I really don't think so. Stefan is a great guy.
 

Terry60

Knows where his towel is.
Staff member
#6
Only this week AVG 8 removed two of the Comodo firewall modules as viruses, and Comodo had to come out with their own update shortly afterwards.
 
#7
Submitting a false positive report to sunbeltsoftware.com right now. :smile: Anyone have an idea what version of TweakVI EasyBCD's NST Downloader downloads? I need the specific version for the report.

-Coolname007
 

mqudsi

Mostly Harmless
Staff member
#8
The very latest.
 
#9

mqudsi

Mostly Harmless
Staff member
#10
What I meant was, you could go to their site and see what the latest version is.

1.0 build 1105

Addendum:

I've also sent an email to Stefan letting him know SBS is incorrectly flagging his program.
 
Last edited:
#11
Great! :smile: Thanks very much, CG. I appreciate it.

-Coolname007

Addendum:

Weird...I just tried installing it again, right now, and did not get that message from CounterSpy this time. :wtf: But, then again, maybe that's because the anti-spyware program wasn't open at all this time, not even in the taskbar. So TweakVI installed this time around.

I really should try uninstalling, and installing it again this time, with CounterSpy open in the taskbar, to see if I get the same message again...

-Coolname007
 
Last edited:

mqudsi

Mostly Harmless
Staff member
#12
Perhaps a recent CounterSpy auto-update addressed the issue.
 

JustinW

Super Moderator
Staff member
#13
Good example here why its good to disable your protection when installing programs you want. I didnt get any complaints from McAfee when testing it, but any way, glad its been sorted now.
 
#14
Ok...well, it seems this problem has led into another. :frowning: I've already uninstalled TweakVI, but the program must have made some changes of its own accord during the time it was on there, because now CounterSpy will not open at all. It gives me a message saying "the server is busy", and gives me the options to either switch to the program that's causing the issue, or to try it again (the "cancel" button is greyed out). Pushing the "Switch to" button opens up the Start menu, and I don't know where to go to from there, while pushing the "Retry" button just sends me to the exact same messagebox again, and I have to actually kill the splash screen from the Task Manager before it will close.

I have no idea on how to undo the changes TweakVI apparently has done, other than of course attempting system restore. Fortunately, a restore point was created by TweakVI when I installed the program, and hopefully its still there and hasn't been deleted when I uninstalled the program...

Does TweakVI have an anti anti-spyware feature or what? :brows: CounterSpy was working perfectly fine before TweakVI was installed.

-Coolname007
 
Last edited:

mqudsi

Mostly Harmless
Staff member
#15
Nope. TweakVI only uses some anti-cracking code encryption techniques on its own binary files that some stupid products falsely detect as malware.
 
#16
Well, I don't know why it is acting up then, because it was working perfectly fine before TweakVI was successfully installed...
See the attached screenshot to understand what its doing.

-Coolname007
 

Attachments

Last edited:

mqudsi

Mostly Harmless
Staff member
#17
I've seen that error before with other software. Generally has to do with incorrectly multi-threaded software.

Drop sunbelt software an email, I guess?
 
#18
Never mind. :smile: Its working fine now, though I have done nothing to affect *not getting* or *getting* that error message...:wink: Heck, I haven't even hardly been in Vista that much lately, so I know there is nothing that I have done between the time that I *wasn't* getting the error message, and it was working perfectly fine, to the time it screwed up, and between the time I *was* getting the error message, and now when its working fine. Anyhow, its back working again, so I may have another go with TweakVI. :wink:

Jake
 
Last edited: