Author Topic: Trojan:Win32/Critet.BS - False positive from Defender? (Read 54669 times)

jpm · « **Reply #50 on:** March 28, 2018, 12:37:53 pm »

Right.. Now you see the dilemma.

I suppose Guinness or a class a rant is in order.

I filed a dispute with them just now. It felt funny filing a dispute on a clean file but... we live in funny times.

fabrikator · « **Reply #51 on:** March 28, 2018, 02:17:20 pm »

Well, if I were a software developer like Tweaking.com, and I had a program that I knew was clean, and Microsoft Security Essentials kept

flagging it for a virus, I would be all over Microsoft like flies on poop !

Is there another way us users could contact Microsoft on this issue other than the "submissions" page ??

Or could Tweaking.com just create another updated version of Windows Repair to fix this ?

Like I have mentioned before, v4.0.14 is NOT affected by all this crap.

fab

jpm · « **Reply #52 on:** March 28, 2018, 05:15:12 pm »

Well, the problem is THEY are Microsoft and we are a couple of guys. So in you analogy - we are the poop.

The antivirus world is like this though. You guys are just seeing this one right now. But it is very common for all the smaller authors. Don;t get me started on the whole PUP bullsh*t going on out there now.

I did hear back from tech support who confirmed there is no detection.

They recommended this:

Quote

Please try the following steps to clear cached detections and obtain the latest malware definitions.

 
1. Open command prompt as administrator and change directory to c:\Program Files\Windows Defender

2. Run “MpCmdRun.exe -removedefinitions -dynamicsignatures”

can someone try it and let me kknow.

Still_Game · « **Reply #53 on:** March 28, 2018, 10:31:44 pm »

Quote from: jpm on March 28, 2018, 05:15:12 pm

Well, the problem is THEY are Microsoft and we are a couple of guys. So in you analogy - we are the poop.

The antivirus world is like this though. You guys are just seeing this one right now. But it is very common for all the smaller authors. Don;t get me started on the whole PUP bullsh*t going on out there now.

I did hear back from tech support who confirmed there is no detection.

They recommended this:

Quote
Please try the following steps to clear cached detections and obtain the latest malware definitions.

 
1. Open command prompt as administrator and change directory to c:\Program Files\Windows Defender

2. Run “MpCmdRun.exe -removedefinitions -dynamicsignatures”

can someone try it and let me kknow.

Anything similar for MSE?

ergo · « **Reply #54 on:** March 29, 2018, 02:23:05 am »

Given this really weird time in cyberspace, I have gotten way more careful. For example, the strong evidence now that the virus checker Kaspersky has been spying in our country's computers, got a 60 minutes sessions about the associated risks, and the US govt has banned it and required that every government agency that installed it must prove they removed it from their computers. Or how about Facebook - not only is it clearly established that most of the communications on Facebook were fake bot software, but one of the board members at Facebook openly worked with Cambridge Analytica to find ways to help Trump get elected.

I like Tweaking, my sense is that it is a good and straight-forward product (and sadly can't use even though I paid for the subscription) but I just need to bend over backwards. I've been hacked too many times in too many ways over the years.

Boggin · « **Reply #55 on:** March 29, 2018, 02:27:53 am »

Quote from: ergo on March 29, 2018, 02:23:05 am

Given this really weird time in cyberspace, I have gotten way more careful. For example, the strong evidence now that the virus checker Kaspersky has been spying in our country's computers, got a 60 minutes sessions about the associated risks, and the US govt has banned it and required that every government agency that installed it must prove they removed it from their computers. Or how about Facebook - not only is it clearly established that most of the communications on Facebook were fake bot software, but one of the board members at Facebook openly worked with Cambridge Analytica to find ways to help Trump get elected.

I like Tweaking, my sense is that it is a good and straight-forward product (and sadly can't use even though I paid for the subscription) but I just need to bend over backwards. I've been hacked too many times in too many ways over the years.

You may need to reinstall and use it in Safe Mode with Networking or use a different antivirus program until MS get this sorted out.

If you have computer problems that you need to run the program, then open a thread in the Computer Help section.

ergo · « **Reply #56 on:** March 29, 2018, 02:40:44 am »

Thanks, Boggin, but I was just giving a straight answer to someone who expressed concern about what many are experiencing. As I wrote, there is a lot of wiggy stuff going on and I think it's good to be careful. Far as I'm concerned, turning off my virus protection is not an option.

I have no problem with my computer. It's a brand new Dell, raided, 64 GB RAM, I take good care of it.

This problem is between Microsoft and its response to Tweaking software

Boggin · « **Reply #57 on:** March 29, 2018, 02:49:34 am »

You can white list the program in your antivirus program - I had to do that for a short while when Norton Security kicked out the .exe.

ergo · « **Reply #58 on:** March 29, 2018, 03:05:24 am »

Boggin, I think you must have read my message quickly and not processed what I said.

Boggin · « **Reply #59 on:** March 29, 2018, 03:11:19 am »

I was just giving a solution to be able to run the program without turning your AV program off - which point did I miss ?

ergo · « **Reply #60 on:** March 29, 2018, 03:52:29 am »

I'm not sure what message you mean. I pasted it below. I thought it was pretty clear.

Given this really weird time in cyberspace, I have gotten way more careful. For example, the strong evidence now that the virus checker Kaspersky has been spying in our country's computers, got a 60 minutes sessions about the associated risks, and the US govt has banned it and required that every government agency that installed it must prove they removed it from their computers. Or how about Facebook - not only is it clearly established that most of the communications on Facebook were fake bot software, but one of the board members at Facebook openly worked with Cambridge Analytica to find ways to help Trump get elected.

I like Tweaking, my sense is that it is a good and straight-forward product (and sadly can't use even though I paid for the subscription) but I just need to bend over backwards. I've been hacked too many times in too many ways over the years.

Boggin · « **Reply #61 on:** March 29, 2018, 04:10:27 am »

I didn't see the relevance of your main paragraph in relation to the thread - I was responding to the last one regarding the repair program.

ergo · « **Reply #62 on:** March 29, 2018, 05:37:43 am »

OK, I'll try to make it really simple.

Cyberspace is hacking us everywhere you turn. Facebook isn't safe. Mcafee isn't safe. Cyberspace is attacking us in all different directions. I've been personally hacked in a number of ways over the years.

I liked your program (until I was blocked from using it) but why in the *.* am I supposed to open up the floodgates to rate Tweaking as a trusted product to do what it wants?

Honestly, I don't know why you don't understand me because it's completely obvious to me that it's not our job to develop work-arounds so your product works in any way that we may or may not understand?

Jeez. I really hope you'll stop telling me you still don't understand what I'm saying because it is so obvious. Rani

Boggin · « **Reply #63 on:** March 29, 2018, 06:28:14 am »

If you read the thread, it's the Admins who have been doing the work to get this fixed and the repair program has been proven to be safe.

Tell me - what has this got to do with what is has been reported from those who use the repair program -

Given this really weird time in cyberspace, I have gotten way more careful. For example, the strong evidence now that the virus checker Kaspersky has been spying in our country's computers, got a 60 minutes sessions about the associated risks, and the US govt has banned it and required that every government agency that installed it must prove they removed it from their computers. Or how about Facebook - not only is it clearly established that most of the communications on Facebook were fake bot software, but one of the board members at Facebook openly worked with Cambridge Analytica to find ways to help Trump get elected.

No one has mentioned the suspicion about Kaspersky and has no bearing on MS antivirus programs blocking the program - Facebook doesn't come into and neither does data collection or Trump getting elected.

Now do you see why I was questioning this ?

When Norton Security kicked out the .exe on mine, I knew it was a false positive and had no qualms about white listing the website to reinstall the program.

jpm · « **Reply #64 on:** March 29, 2018, 06:33:14 am »

Quote from: Boggin on March 29, 2018, 06:28:14 am

If you read the thread, it's the Admins who have been doing the work to get this fixed and the repair program has been proven to be safe.

Tell me - what has this got to do with what is has been reported from those who use the repair program -

Given this really weird time in cyberspace, I have gotten way more careful. For example, the strong evidence now that the virus checker Kaspersky has been spying in our country's computers, got a 60 minutes sessions about the associated risks, and the US govt has banned it and required that every government agency that installed it must prove they removed it from their computers. Or how about Facebook - not only is it clearly established that most of the communications on Facebook were fake bot software, but one of the board members at Facebook openly worked with Cambridge Analytica to find ways to help Trump get elected.

No one has mentioned the suspicion about Kaspersky and has no bearing on MS antivirus programs blocking the program - Facebook doesn't come into and neither does data collection or Trump getting elected.

Now do you see why I was questioning this ?

When Norton Security kicked out the .exe on mine, I knew it was a false positive and had no qualms about white listing the website to reinstall the program.

You are correct. the internet is not safe. Not at all. Nothing is sacred and your need to be aware of everything. You need to choose what you install very carefully.

You are also correct that this issue is not your problem and something we need to solve with Microsoft.

Our problem is that it is 100% a problem with Microsoft and we are trying to relay the information.

You can choose to whitelist it or not - but it should be cleared in all their definitions soon. I know they are working on it.

jpm · « **Reply #65 on:** March 29, 2018, 06:36:35 am »

Looks like 1.263.1691.0 definitions there after have been corrected.

Everyone getting a clear now?

Still_Game · « **Reply #66 on:** March 29, 2018, 07:15:28 am »

JPM

I've lost the will to live after clearing the MSE alerts, uninstalling and reinstalling WRAIO again today and it again triggering an alert in MSE. I'm not sure which definition version I had but I carried out a manual update before and I think it was to 1.263.1691.0 - that's certainly what's showing now. I've told MSE to ignore the false positive yet again and I'll put this aggravation behind me until the next version of WRAIO is released and see what happens then.

jpm · « **Reply #67 on:** March 29, 2018, 12:44:25 pm »

LOL --- Told ya it was better to pour a Guinness than to deal with this.

Yeah - we have a new version due to. Should be a fun week.

fabrikator · « **Reply #68 on:** March 29, 2018, 01:05:04 pm »

I just updated to the latest Microsoft Security Essentials virus update v1.263.1709.0 .... AND

HURRAY ... YIPPEE ..... ALL IS WELL and CLEAR ...

v4.0.15 installed and working FINE !!!

THANK YOU to EVERYONE for their help and support on this issue, which was DEFINATELY a MICROSOFT F*UCK UP !!

See y'all later

fab

ergo · « **Reply #69 on:** March 29, 2018, 06:24:52 pm »

Jeez, this thread seems to be getting personal and surprisingly argumentative.

All I did was tell you my position. I value my privacy a lot.

Not, the latest update of the MS virus checker did not fix the install.

I actually don't care. I just passed on my own thought process about why I was unwilling to whitelist the program. And I am taken aback that you think there is something that is wrong with that.

But again, I don't care. It's not worth my time to deal with it. I still can't use Tweaking even though it's the only program in my computer that stopped working. And yes, I still believe that it is not my responsibility to deal with the clash between MS and Tweaking. Tweaking represented itself as working closely with Microsoft, but obviously it isn't. Again, after updating MS and Tweaking, it still doesn't work. And honestly I don't care because this was never personal for me, just something to chat about. Bye. Rani

fabrikator · « **Reply #70 on:** March 29, 2018, 10:24:47 pm »

ergo,

Microsoft fixed the false positive issue with virus update v1.263.1709.0, and there is nothing wrong with Windows Repair v4.0.15 now.

If you are still having problems installing, then you have other problems, not MSSE or Windows Repair, perhaps with something YOU are

doing wrong.

Boggin · « **Reply #71 on:** March 30, 2018, 02:54:47 am »

@ ergo - I've removed your duplicate post and sorry to hear you are still having problems which are beyond Tweaking's control as you will have noted by fabrikator's post.

If you need to run the program then you can reinstall and run it in Safe Mode with Networking.

ergo · « **Reply #72 on:** March 30, 2018, 05:07:03 am »

Thanks, Boggin,

It's not worth the risk doing a workaround, given MS lists it as having a severe threat level that opens computers up to hackers.

I have no idea if this is relevant but around that time my computer became a lot slower.

I'm about to unsubscribe to this, since I can't use it. Thanks again

Boggin · « **Reply #73 on:** March 30, 2018, 05:14:57 am »

It could be worth doing a scan with the free version of MBAM but MS has released some updates to counter Meltdown and Spectre which can impact performance on some machines.

It could also be the antivirus still checking what's left of the program.

https://www.malwarebytes.com/mwb-download/

I have its service set to Manual from Auto so it doesn't auto run in the background.

jpm · « **Reply #74 on:** March 30, 2018, 04:26:54 pm »

Quote from: ergo on March 29, 2018, 06:24:52 pm

Jeez, this thread seems to be getting personal and surprisingly argumentative.

All I did was tell you my position. I value my privacy a lot.

Not, the latest update of the MS virus checker did not fix the install.

I actually don't care. I just passed on my own thought process about why I was unwilling to whitelist the program. And I am taken aback that you think there is something that is wrong with that.

But again, I don't care. It's not worth my time to deal with it. I still can't use Tweaking even though it's the only program in my computer that stopped working. And yes, I still believe that it is not my responsibility to deal with the clash between MS and Tweaking. Tweaking represented itself as working closely with Microsoft, but obviously it isn't. Again, after updating MS and Tweaking, it still doesn't work. And honestly I don't care because this was never personal for me, just something to chat about. Bye. Rani

It may have been read personally but I didn't intend it so. I agree with you. As an end user it is not your worry to get involved - it's our problem.

My issue with the whole "false positive" industry. This crap happens all the time and although Tweaking is always clean when someone sees a detection from a Microsoft is always will hurt our rep, weather we are right or wrong.