Trojan or not ?

3 replies [Last post]
j.orecchia
Offline
Joined: 2012-05-23

Hello,
I'm sorry, but Malwarebytes detects a trojan in your software delivery.
After executed PickMeApp0_5_14_9.exe, in the directory PickMeApp0_5_14_9,
I have a suspect file : bi.exe. Malwarebytes sends this file in his quarantine system because it is Trojan.Dropper !
Is it realy a trojan, or not ? May you tell me what is it exactly?
Thanks a lot in advance.
J.O.

Norton 360 : PMAGA.EXE SUSPICIOUS.CLOUD.2 DETECTED

TAppTeam
Offline
Joined: 2010-06-27
Norton 360 : PMAGA.EXE SUSPICIOUS.CLOUD.2 DETECTED

pmaga.exe is our small utility that chooses advertisement partner to show.

It is downloaded from pickmeapp.com site each time to keep track on available advertisers.

It was created using NSIS software (http://nsis.sourceforge.net/Main_Page)

Some of viruses were created  using NSIS as well.
It creates false positive alarms because of common signatures.

http://nsis.sourceforge.net/NSIS_False_Positives

Bellow please find link discussing similar problem with NSIS and Norton

http://forums.winamp.com/showthread.php?t=327622

 

We are in  contact with antivirus provider to deal with false positive alarm

 

Sincerely

TAppTeam

NOT A TROJAN!!!!

admin
Offline
Joined: 2010-06-06
NOT A TROJAN!!!!

Thank you for informing us the issue!

All files inside PickMeApp were tested. See the following fresh reports from VirusTotal

  1. bi.exe: view report
  2. GrabberEngine.dll: view report
  3. MiddleEarth.dll: view report
  4. PickMeApp.exe: view report

But you are right by pointing to "bi.exe" as the source of the false positive alarm.
BI.exe is the part of BetterInstaller application mentioned on our Software page.

As far as we know the root of problem may come from the usage of Inetc plug-in inside of bi.exe file.  INECT NSIS plugins is know as the cause of a false positive alarming: "Has a verified risk of causing a false positive for "generic downloader trojan" in Kasperky antivirus software."

if you still do not convinced, you may safely delete bi.exe.
It will not affect PickMeApp functionality and will remove the antivirus false positive alarm.

 

Thanks for your reactive

j.orecchia
Offline
Joined: 2012-05-23
Thanks for your reactive

Thanks for your reactive answer and your explanations.

I presumed that it was a false positive alarm from Malwarebytes software, but I was not sure.

So, I will continue to use PickMeApp software because it just works perfectly to transfer applications to my new PC.

Best regards,
J.O.