testing actually a-squared anti-malware

i’m trying this malware scanner as eXperience modo told me about it,
it detected realVNC as malware but that’s not a prob,
then it found for me some office word 2007 portable i tried once and i was not sure about it, a-squared told me it was some high risk software, some crypted trojan, i dont know if it’s active on the system but i put the winword.exe that was 53KB in quarantine. i’m almost sure it was a malware, and a very bad one, a crypted trojan…
i tested it on virustotal.com and got 6 engines on 36 detecting something wrong…
this file winword.exe is not digitally signed by MS, what is not possible as they’re all always digitally signed,
so i got this file detected by a so little part of scanners and i dont really know if it’s sure 100% it’s a crypted trojan but a file named as a MS file and not signed is always more than suspect. it’s some exe without any icon named winword.exe and located to C:\Users******\AppData\Roaming\Thinstall\WORD 2007\300000005700002h

no other scanner i got alerted me about it, KAV or SuperAntiSpyware Pro.
anyone using this scanner, what do u think about it ?

i’m going to send it to comodo.

Sensitive scanner, lots of FP’s. If you add them into the exclusion lists, you have a very powerful scanner :wink:

this file looks very suspicious, how comes if it’s winword.exe it’s not signed ?
i sent it to comodo, but u’re right, there are lots of false/pos,
realVNC was detected as some highrisk malware with a-squared.

Yes suspicious… What about uploading to virus total?

i tested it on virustotal.com and got 6 engines on 36 detecting something wrong...

Throw it at CIMA see what it makes of it.

I warned you of the FP didn’t i ? (I hope so :P)

Well, A-squared is a good scanner, so perhaps you should send it to their developers to see if it’s indeed a virus ?


This file is within a Thinstall virtualised layer so even if it was malicious it’d be isolated from your real system.However my own view is that this is a FP generated because of it’s virtual status.

As has been stated A2AM is prone to FPs (largely from the Ikarus engine),but it’s a top notch product and the Mamutu BB element is the best of it’s class.

i sent it to comodo and kaspersky but as this exe is named winword.exe it should have a MS digital signature.
and yes eXPerience u warned me about false/positive but realVNC detected as a malware by a-squared, this is too important false/positive for me as this prog is known by all the people and this kind of detection is not possible, how can a-squared dont know realVNC and detect it as a malware ?
i dled realVNC from the real website, got a real key, so a-squared cant not know this prog, it detected all the things that had a link with realVNC, the progs, the registry, the startup,
if it was some prog coded as a freeware and not known, ok, but not with progs like realVNC,
who doesnt know this prog?
AV teams know it,
and like some other scanner (i think it was prevx edge) that deteted nvidia dll and kaspersky dll as malware,
that’s not possible, those too strong scanners cant make the difference between too many things, especially when it comes from realVNC, nvidia or kaspersky.

so this type of scanners that got so many false positive cant help the user at the end, how to know what is false or good when u got all those results,
and that’s not normal that trusted apps are tagged as malwares, this is a failure from those scanners, they should know like my exemples that realVNC is not a malware, nvidia dll neither and kaspersky too.
cause it’s known files that got no link with any kind of malware.
imagine someone that just see the result ; high risk malware and he deletes all his realVNC prog, delete his nvidia dll so no more graphic driver, delete kaspersky driver, so when u uninstall a-squared and turn on kaspersky, it’s dead,
as they’re all known files and not malwares in anyway.
those scanners are not able to do a good job, first they should have a whitelist to stop those false/positive that are impossible,
imagine, they know nothing in fact and scan things and give results on trusted files totaly crazy,
i’m not sure it’s helpfull for users.
only things founded are fils that are not malwares, where is the need to have this kind of protection ?
hey men look that, today i found 56 malwares,
oh really ?
yep, all wrong, like all the alerts i had at each scan…
i’m not sure i will get a-squared or prevx edge…
got to think,
avira is not that bad in fact…
and i have virustotal and defense+