TweakVI is detected as TROJAN!!!

[Coolname007]

Like the title says, when I tried installing TweakVI on my system, I got a warning from my anti-spyware program installed (namely, CounterSpy from sunbeltsoftware.com) saying that "a known bad program attempting to run was blocked", and gives the names of the program as "TweakVI.exe", which is of course correct.

What is making CounterSpy detect the program as a trojan??? :wtf:

-Coolname007

 

[mqudsi]

Around 2 years ago, TweakVI's site was incorrectly flagged by Google as distributing spyware. I double-checked with both the authors of TweakVI and Google, and it was a false alert that was later fixed and the spyware classification removed.

Seems CounterSpy is out of date.

 

[Coolname007]

Around 2 years ago, TweakVI's site was incorrectly flagged by Google as distributing spyware. I double-checked with both the authors of TweakVI and Google, and it was a false alert that was later fixed and the spyware classification removed.

Seems CounterSpy is out of date.

hmm...well, I would prefer to check myself too, soon, just in case things have changed over the space of 2 years.

-Coolname007

 

[JustinW]

False positives, warning of infection though the program is valid to come from a trusted source, happens all the time. Can happen if a program requests access to administrative functions, or preforms system operations that are expected only of the operating system components therefore it could be considered "malicious". Since TweakVI works a lot with the registry and "tweaks" the system, bad flag or not by google could cause one to occur. Like said above by CG, its a matter of who keeps up to date and who doesn't.

Give a few other anti-spyware scanners a go, to see if you get the same results.

 

[mqudsi]

Around 2 years ago, TweakVI's site was incorrectly flagged by Google as distributing spyware. I double-checked with both the authors of TweakVI and Google, and it was a false alert that was later fixed and the spyware classification removed.

Seems CounterSpy is out of date.

Knock yourself out. Let me know if you find anything amiss, though I really don't think so. Stefan is a great guy.

 

[Terry60]

Only this week AVG 8 removed two of the Comodo firewall modules as viruses, and Comodo had to come out with their own update shortly afterwards.

 

[Coolname007]

Submitting a false positive report to sunbeltsoftware.com right now. Anyone have an idea what version of TweakVI EasyBCD's NST Downloader downloads? I need the specific version for the report.

-Coolname007

 

[mqudsi]

The very latest.

 

[Coolname007]

The very latest.

Thanks, but I need to know what version that is currently...

-Coolname007

 

[mqudsi]

What I meant was, you could go to their site and see what the latest version is.

1.0 build 1105

Addendum:

I've also sent an email to Stefan letting him know SBS is incorrectly flagging his program.

 

[Coolname007]

Great! Thanks very much, CG. I appreciate it.

-Coolname007

Addendum:

Weird...I just tried installing it again, right now, and did not get that message from CounterSpy this time. :wtf: But, then again, maybe that's because the anti-spyware program wasn't open at all this time, not even in the taskbar. So TweakVI installed this time around.

I really should try uninstalling, and installing it again this time, with CounterSpy open in the taskbar, to see if I get the same message again...

-Coolname007

 

[mqudsi]

Perhaps a recent CounterSpy auto-update addressed the issue.

 

[JustinW]

Good example here why its good to disable your protection when installing programs you want. I didnt get any complaints from McAfee when testing it, but any way, glad its been sorted now.

 

[Coolname007]

Ok...well, it seems this problem has led into another. I've already uninstalled TweakVI, but the program must have made some changes of its own accord during the time it was on there, because now CounterSpy will not open at all. It gives me a message saying "the server is busy", and gives me the options to either switch to the program that's causing the issue, or to try it again (the "cancel" button is greyed out). Pushing the "Switch to" button opens up the Start menu, and I don't know where to go to from there, while pushing the "Retry" button just sends me to the exact same messagebox again, and I have to actually kill the splash screen from the Task Manager before it will close.

I have no idea on how to undo the changes TweakVI apparently has done, other than of course attempting system restore. Fortunately, a restore point was created by TweakVI when I installed the program, and hopefully its still there and hasn't been deleted when I uninstalled the program...

Does TweakVI have an anti anti-spyware feature or what? :brows: CounterSpy was working perfectly fine before TweakVI was installed.

-Coolname007

 

[mqudsi]

Nope. TweakVI only uses some anti-cracking code encryption techniques on its own binary files that some stupid products falsely detect as malware.

 

[Coolname007]

Well, I don't know why it is acting up then, because it was working perfectly fine before TweakVI was successfully installed...
See the attached screenshot to understand what its doing.

-Coolname007

 

[mqudsi]

I've seen that error before with other software. Generally has to do with incorrectly multi-threaded software.

Drop sunbelt software an email, I guess?

 

[Coolname007]

Never mind. Its working fine now, though I have done nothing to affect *not getting* or *getting* that error message... Heck, I haven't even hardly been in Vista that much lately, so I know there is nothing that I have done between the time that I *wasn't* getting the error message, and it was working perfectly fine, to the time it screwed up, and between the time I *was* getting the error message, and now when its working fine. Anyhow, its back working again, so I may have another go with TweakVI.

Jake