false positive??

To my surprise giFTl.exe, which is part of KCEasy, is reported to be a trojan horse. I have had this program for years. Who knows what damage it has done, if this alarm is correct. How do I know whether it is or not?

It has to be a False Positive, I should think. Hopefully Kevin or someone else will be around before long to comment. :slight_smile:

I hope (and think) you’re right about it being a false positive. I never had the impression that the programmer of KCeasy was one of the bad guys.

Anyway, lets consider this incident to be something positive. Now I have experienced myself how effective BOclean stops something (bad) from launching. :BNC

Well, I’m not familiar with KCeasy myself, but I Googled around a little, and I could not find any information to suggest that it is bad news.

I suggest you add the KCeasy executable to BOClean’s program excluder for the time being (if you haven’t done so already.)

Thanks for the suggestion. I’ll do that.

I have had BoClean for about 5 years now, and if BoClean caught something you can pretty well be sure it was a bad guy. There are not many false positives. (:TNG)

I agree, but they do occur, and I do believe this probably is one of those cases, as I believe KCeasy has been around for quite some time as well.

If it were indeed malware, I’m sure that by now there would be ample information to that effect.

… this is of course assuming you downloaded KCeasy from a reputable source, and that the executable in question is indeed located in the Program Files\KCeasy directory …

But let’s wait for Kevin or someone else to drop by.

Straight from the source. In fact, I just downloaded and installed it again. The same warning popped up with the new version\installation.

Thought it might; alrighty, let’s wait for someone who’ll be able to shed some light on the phenomenon… :slight_smile:

Can you tell me what it’s being reported as? That’d help in tracking down where the problem definition is. I’m no longer doing the whole nine yards myself, so need to find out what we’ve got and get my guys on fixing it …

This is the message:

Location of startup: FILE

This trojan horse program was found on your machine.
It has been shut down, but the FILE from which it
started still remains and can be started up again.

Do you want the file removed also?

The file from which it started would be kceasy.exe itself. At least, that is where the shortcut to the program points to.

It’s detecting it as Safeshare.

[attachment deleted by admin]

Incidentally, I just came across this forum thread in which AVG Anti-Spyware detected the same file as “Not-A-Virus.PornTool.Win32.Porn2Peer.a”

Now AVG FP or not, could there be a relation?

It says it’s not a virus, but Porn2Peer. That’s why I use this program. :■■■■ (:LGH)

I just checked and none of the scanners over at http://virusscan.jotti.org/ found anything. It must be safe. I hope…


My error … it was reported as malware but apparently the variant you have is just “not a good idea.” Based on reports from other antimalware vendors, I’ll have that one removed. However the detect was not a false positive - it dates back a ways and definitely wasn’t clean at the time …

Does that mean it is “clean” now? If it wasn’t some time ago, it must have changed. Otherwise removing it would not be what I would like to see.

It was a file that came to us through a virus exchange as “infected” and when we received those, they got put into BOClean right away. If you check it out on google though, it was determined later not to be a malicious file after further examination. It’s not often that I’ve pulled a definition but went back and checked it myself against what others found and no … might be a pig as far as CPU goes, but nothing malicious in there. It’s probably the fact that it came with Kazaa that got it branded in the first place.