Microsoft/McAfee Detects Frostwire Installer As OpenCandy/Ask Tool Bar Adaware?

Comodo Internet Security - CIS AV False Positive/Negative Detection Reporting
1

Hello,

I would like your opinion about whether or not the Frostwire installer is Adaware known as OpenCandy?

The Microsoft Malware Protection Center (MMPC) has investigated the following file(s) which we received on 2/15/2011 11:55:57 AM Pacific Time.

Below is the determination for your submission.

========
Submission ID MMPC11021551483986

Submitted Files

frostwire-4.21.3.windows.exe [Adware:Win32/OpenCandy]

Microsoft Security Essentials and Windows Defender detects and McAfee it, I submitted a false positive report to Microsoft and re-submitted the file to McAfee (They detect the Ask Tool Bar not Open Candy), but Microsoft still think it is Malware, they gave me this link:

http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?name=Adware:Win32/OpenCandy

They detected the newer and older installer from the Frostwire official website:

Download Mirror:

http://www.brothersoft.com/d.php?soft_id=62030&downloader=no&url=http%3A%2F%2Fusfiles.brothersoft.com%2Finternet%2Fp2p_file_sharing%2Ffrostwire-4.21.3.windows.exe

Official Website Reports:

http://siteinspector.Comodo.com/taskreport/?uid=2465

http://www.virustotal.com/url-scan/report.html?id=3bc85116bcd3151c3d80cb447bcc1aca-1297813526

http://www.virustotal.com/file-scan/report.html?id=f8796c5a261ebf2c78d1d0383efc0140b9d1763894e565a1d6564bc98b73506b-1297817134

http://anubis.iseclab.org/?action=result&task_id=18db9982b3d1df724251ef2aa80747ad6&format=html

http://safeweb.norton.com/report/show?url=http%3A%2F%2Fwww.frostwire.com%2F

Download Mirror Website Reports:

http://siteinspector.Comodo.com/taskreport/?uid=2466

http://www.virustotal.com/url-scan/report.html?id=8d3257c2e0e42d79bfbceac765436d4e-1297815148

http://www.virustotal.com/file-scan/report.html?id=aef06d45f4aa73a6abfffc159c2635911666e7bd25ff42ddbf8a9c5ce9dea26f-1297818753

http://anubis.iseclab.org/?action=result&task_id=1cd0bdd924beb0764653b21368c78ad4e&format=html

http://safeweb.norton.com/report/show?url=http%3A%2F%2Fwww.brothersoft.com%2Fdownload-frostwire-62030.html

File Reports:

Frostwire 4.21.3

7.92mb

MD5 : 2398c8279f8dee6d771615eb7688b2ed

http://www.virustotal.com/file-scan/report.html?id=bd3964ee028104cf61d4ac6e20d6c5ad7eb2fad8cde193a74a5d9543e7969657-1297816735

http://camas.Comodo.com/cgi-bin/submit?file=bd3964ee028104cf61d4ac6e20d6c5ad7eb2fad8cde193a74a5d9543e7969657

http://anubis.iseclab.org/?action=result&task_id=130d2687d70d8a974a9cb1e21527a3b60&format=html

OpenCandy Website:

http://www.opencandy.com/

OpenCandy Website Reports:

http://siteinspector.Comodo.com/taskreport/?uid=2520

http://www.urlvoid.com/scan/opencandy.com

http://www.virustotal.com/url-scan/report.html?id=36a1f56b3530fdc7a54f3335df25e81a-1297875262

http://www.virustotal.com/file-scan/report.html?id=73ed0cd87c7a5fa0cad457b653280fdf101bc0d4f1ff4374e6b4d97234cb17ba-1297878963

http://anubis.iseclab.org/?action=result&task_id=17fa9d541e9cccf54a959b2c8d80cab25&format=html

http://www.siteadvisor.com/sites/opencandy.com

Thank you,
-John Jr :slight_smile:

[attachment deleted by admin]

2

i dont use frostwire, but if the installer offers different apps or a toolbar “powered by open candy”, then it IS adware by definition. i don’t think its harmful or anything . it’s a good way for freeware developers to earn some cash, but i admit i was shocked to read some of the info that opencandy collects.
taken from the microsoft link:

Adware:Win32/OpenCandy transmits various information to a remote server, including the following:

*
  a code identifying the downloaded program - this code allows for tracking the specific downloaded program's installation and allows the OpenCandy component to download the list of offers the program's developer chose to recommend
*
  [u]a unique machine code which may be stored locally on the computer and used by future installers utilizing the OpenCandy component[/u]
*
  operating system version
*
  the current language the operating system is using
*
  the language of the installer
*
 [u] the country location and time zone of the affected computer[/u]
*
  installation status of offered programs
*
  if a recommendation is made, how long the offer is viewed and if it is accepted
*
  if a recommendation is accepted, whether the recommended program's installer successfully downloads and launches, and whether it completes successfully, fails or is cancelled
3

Yeah, that is a lot of information collected without most people knowing unless they bother to read the Small Print :wink: , thank you for commenting. :frowning: :slight_smile: