Trojan.Packed.Execryptor warnings

By FrodoOfTheShire Posted May 5, 2008 19:39:17

I have been using PCTools Spyware Doctor for the past years. I rarely received false positive but, lately, when uninstalling a version and then going to the latest build of that antispyware program, I receive warnings on “deskscape.dll” and “WBSrv.dll”. The latest build identifies processes, file and start-up infections (Trojan.Packed.Execryptor) related to those two DLLs.

I refused Spyware Doctor to block them and added those files to its exclusion list.

Has anybody received similar warnings on those files with other Spyware or Anti-Virus Program?

If I were Stardock, I would certainly have a chat with PCTools and have them cleanup their detection routines. Having its software being pointed as infected would not please me at all.

0 Karma 9 Replies 13 Referrals

If I were Stardock, I would certainly have a chat with PCTools and have them cleanup their detection routines. Having its software being pointed as infected would not please me at all.

You are not wrong. From time to time AV proggies get an update which gives false-positives for legitimate software, and Stardock's is often one of them. It's annoying to say the least.

I'll pass this on to the 'back-room-boys' and they can light a fire under PCTools...

This has been identified as a false positive and we have reported it to PC Tools who have acknowledged it and have escalated it internally.

Hopefully this can be sorted out fairly quickly.

This is why I suggest folks disable these 'security' apps for the duration of an install. Also, adding Stardock apps to the Exclusion list is a good way to go.
Also, these security apps can be working fine with our software, then an update to it occurs and it's trojan this, and trojan that.

Sign Up or Login and this ad disappears!
There are many great features available to you once you register. Sign Up for a free account and browse the forums without ads.

I'll pass this on to the 'back-room-boys' and they can light a fire under PCTools

These issues occur from time to time.

Once discovered we pass them on for appropriate resolution....in this case it affected more than just ourselves [Stardock]. This entails the to-ing and fro-ing of notification emails, etc...the last of which was from Koop to me letting me know the same info as what Neil posted above in #2.

It should be corrected in a future/subsequent build/release from PCTools...

Escalating problem

Now PC Tools’ Spyware Doctor (even with exclusions specified, Anti-Virus and On-Guard Protection disabled) systematically kills wbsrv.dll and quarantine it. So, Spyware Doctor now needs to be totally disabled for WindowBlinds to work ... ... ...

Happy to know you have been in contact with them. This new situation (refusing to take into account the user’s white listing) has nothing to do with you. I have to get out for work right now, but I will Email them a detailed report (along with my personal thoughts ...) tonight.

Regards

Update:

The reason Spyware Doctor was killing WindowBlinds and apparently not following my exclusion list was simple: WindowBlinds now appears under two different folders Program files\Stardock\WindowBlinds and also Program Files\Stardock\Deskscapes\WindowsBlinds. The first path is a newer one its wbsrv.dll full path was not in the exclusion list.

This raises a different question: since I use Stardock Central to install/uninstall the application, why is it that two different folders are created for WindowBlinds? Furthermore, isn’t it strange that under Program Files\Stardock\DeskScapes are sub-folders for DeskScapes, DesktopX, LogonStudio, SoundPakager, TweakVista and WindowBlinds? Why are they under DeskScapes?

And, talking about DeskScapes, the Premium Dreams that I bought (Winter Snow, Photo Dream, Liquid Dream) which I particularly like because of their content and of the very low CPU resources used, do not work anymore, all others work.

FrodoOfTheShire : What build of Deskscapes do you have installed?

Did you install it from SDC or Impulse?

I installed DeskScapes with Stardock Central. It currently reports version 2.00.058 as installed. A few weeks ago, the Premium Dreams we have to pay for (among which you own "Winter Snow") refused to start. I had to uninstall Deskscapes through Stardock Central and reinstall DeskScapes so that theses dreams, when first launched, asked for email and serial number and then worked correctly.

They now just won't do anything, not even give an error message. Regular Dreams work fine. I have never used Impulse.

As I had done before, I uninstalled DeskScapes via Stardock Central, even removed the ContentLicenses folder and reinstalled it. Purchased Dreams requiring a license prompted me for email and serial and activated correctly.

Maybe something was disabled by Spyware Doctor (now out of my system until a new build is released) or by a DeskScapes update. We'll see.

I use Lavasoft Ad Aware SE personal edition. It never gave me a false alert. And avast home as antivirus.