Possible virus found in mydefrag-v4.3.1.exe

[higgie]

When I run the file that I recently downloaded. The Norton AV alerted me of this attack, automatically deleted the file. When I re-downloaded this again this time from home website. When I run the Norton AV download insight and saw that same result... I looked up in the history found that mydefrag-v4.3.1.exe was possibly infected with WS.Reputation.1... according to the symantec website this virus was detected because this file was ruled too new... you should let Norton web know of this problem... And take that file offline and scan this file...

Thanks
 

[BloodySword]

Uninstall Norton immedately and install a REAL Antivirus application. I can only suggest this because Norton is a real fake.

Upload the installer file on http://www.virustotal.com and you will see that it is one of the 52893590735208975289437529839307597298745892430758092374502987582095 false positives from Norton. Okay, Avira also has much false positives, but most of the files are packed with a runtime executable compressor and this files are tagged as suspicious. But MyDefrag installers are not compressed with runtime compressors, only the installer package is compressed using LZMA I guess.

[jonib]

Read more about false positives here My virusscanner says MyDefrag is infected!

jonib

[jeroen]

according to the symantec website this virus was detected because this file was ruled too new... you should let Norton web know of this problem...

Thanks for your message, I appreciate it. I have now added this false-positive to the list on the My virusscanner says MyDefrag is infected! page. In my opinion virus scanners should not delete a file simply because it is too new. And I am sorry but I do not have the time to contact Norton and try to get them to fix their problem.

[BloodySword]

I did not look at it, but are the executabled from the installer compressed with UPX by Inno? Or are it native uncompressed executables with added compressed package data?

[jeroen]

They are compressed by Inno, I don't do anything extra. I don't know exactly what Inno uses for the compression.

[BloodySword]

I checked it. The installer executable itself is uncompressed, so there is no reason why any antivirus should think it is suspicious. The installer package is compressed with LZMA as far as I know. I used Inno setup some time ago and there was LZMA compression by default, but not in a 7zip container. Perhaps a falsepositive is caused because the antivirus has no idea what is inside the compressed data. In my opinion, blocking this file is unneccessary because the on access scanner would detect any infected file while the setup is extracting. And MyDefrag is 100% clean.

[jonib]

you should let Norton web know of this problem...

Actually I think there is an option in Norton to send a suspicions file to Norton to analyze, please do this and they will remove the false positive.

jonib

[higgie]

Uninstall Norton immedately and install a REAL Antivirus application. I can only suggest this because Norton is a real fake.

Upload the installer file on http://www.virustotal.com and you will see that it is one of the 52893590735208975289437529839307597298745892430758092374502987582095 false positives from Norton. Okay, Avira also has much false positives, but most of the files are packed with a runtime executable compressor and this files are tagged as suspicious. But MyDefrag installers are not compressed with runtime compressors, only the installer package is compressed using LZMA I guess.

I am loyal to Norton because I noticed that there was issue with some other AV... I use this Norton AV... I am not uninstalling this software for any other AV... EVER!!!!

[higgie]

I had discovered that I had missed some feature that lets you to disable the autoprotect temporarily allowing the software to be installed... I am happy to report that software is installed successfully.