Topic: [solved] False Positive (trojan horse) in MUTE.EXE (DPbase 7.05.2)

In this package DPsFnshr.7z, "mute.exe" contains a troja horse. It changes the homepage in internet explorer.. to something else. I don't know to where, but I wouldn't visit it with my computer............

Version: 7.05.2

Last edited by pillerstol (2007-11-26 01:39:43)

Re: [solved] False Positive (trojan horse) in MUTE.EXE (DPbase 7.05.2)

from a clean system redownload base from us and verify the hash... then scan
(not the same machine as before unless you format)

thousands of other users have not reported anything...

what virus scanner / version / definition dates supplied this positive...
what is the SARC or other description of this payload

DP BartPE Tutorial   DP_BASE Tutorial   HWID's Tool     Read BEFORE you post    UserBars!
http://driverpacks.net/userbar/admin-1.png
The DriverPacks, the DP_Base program, and Support Forum are FREE!.

Re: [solved] False Positive (trojan horse) in MUTE.EXE (DPbase 7.05.2)

If you extract "\DPbase\bin\DPsFnshr.7z", to a folder and enter that directory, AVG finds a trojan horse in "mute.exe". Tried it 3 times

Re: [solved] False Positive (trojan horse) in MUTE.EXE (DPbase 7.05.2)

that file hasnt been touched in 6 months (we log)

its a false positve did you verify the hash on your download ?

i have avg on a UBCD4win disk im loading it now... which engine and definition dates?

DP BartPE Tutorial   DP_BASE Tutorial   HWID's Tool     Read BEFORE you post    UserBars!
http://driverpacks.net/userbar/admin-1.png
The DriverPacks, the DP_Base program, and Support Forum are FREE!.

Re: [solved] False Positive (trojan horse) in MUTE.EXE (DPbase 7.05.2)

"DPs_BASE_7052.exe":   804c193146f3fe37334bc2afd79c11d6, with md5deep

Everything the latest, dpbase and driver packs, and also AVG. You must extract the contents of the 7-zipped file, otherwise the virus scan will fail.

Last edited by pillerstol (2007-11-26 01:55:22)

Re: [solved] False Positive (trojan horse) in MUTE.EXE (DPbase 7.05.2)

I just downloaded the DP Base package again (same MD5 hash), decompressed ALL the files then scanned the lot with Symantec Endpoint Protection v11 (supersedes SAV and SCS) and all files were clean.

Then to be safe, scanned the files again in VirtualPC using ESET Smart Security v3, also clean.

False positive.

Read BEFORE you post.  HWID tool   DriverPacks Tutorial   DONATE!
http://driverpacks.net/userbar/admin-1.png
Not all heroes wear capes, some wear Kevlar!

Re: [solved] False Positive (trojan horse) in MUTE.EXE (DPbase 7.05.2)

It's because we use AutoIt. AutoIt can easily be used to create malicious scripts. Unfortunately, pretty much every anti-virus app has once flagged *any* AutoIt executable as a virus because of that. Simply because their algorithms suck that bad.

Not much we can do about it.

Founder of DriverPacks.net — wimleers.com

Re: [solved] False Positive (trojan horse) in MUTE.EXE (DPbase 7.05.2)

AVG Free v7.5 Did indeed report it as a trojan...

But it's not it disables the beep for the driversigning popup window (very annoying if KTD is on.)

Either create an exception or report it as a false positive to AVG

you can delete it if you want its not mission critical

DP BartPE Tutorial   DP_BASE Tutorial   HWID's Tool     Read BEFORE you post    UserBars!
http://driverpacks.net/userbar/admin-1.png
The DriverPacks, the DP_Base program, and Support Forum are FREE!.

Re: [solved] False Positive (trojan horse) in MUTE.EXE (DPbase 7.05.2)

AVG Antivirus doesn't catch anything.  Rather, it catches so few that I've decided it's a gateway virus.  It lulls the user into a false sense of security and lets all the really bad viruses in.

If you want a good free antivirus - go with Avast Antivirus.  Their home edition is free, all you have to do is request a home key from their website and they give it to you.  You have to renew that free home key every year, but it's at least a good antivirus.

~TigerC10~

Re: [solved] False Positive (trojan horse) in MUTE.EXE (DPbase 7.05.2)

or check with your broadband provider.  Often they have special subscriber deals (some even free) for McAfee antivirus.

Re: [solved] False Positive (trojan horse) in MUTE.EXE (DPbase 7.05.2)

McAfee isn't doing as hot as it used to.  It's sub-Norton at the moment (just barely - there's almost no difference).

NOD32 > Kaspersky > Avast > Norton > McAfee > Trend Micro > OneCare > AVG

~TigerC10~