Windows Blinds 7.95 Beta - Windows 8 - Virus Warning

By on June 13, 2013 11:59:58 AM from Stardock Forums Stardock Forums

bastianhager

Join Date 01/2013
0

Hi,

I just downloaded the WB Beta for Windows 8.

Norton detects a Virus / Malware or whatever it should be called "WS.Reputation.1" and the file gets autoamtically deleted.

I downloaded from the official Stardock link I got by email from them for the beta.

Here the Report of Norton:

Updated:
February 15, 2012 3:15:47 PM
Type:
Other
Risk Impact:
High
Systems Affected:
Windows XP, Windows Vista, Windows NT, Windows Server 2003, Windows 2000

Behavior

WS.Reputation.1 is a detection for files that have a low reputation score based on analyzing data from Symantec’s community of users and therefore are likely to be security risks. Detections of this type are based on Symantec’s reputation-based security technology. Because this detection is based on a reputation score, it does not represent a specific class of threat like adware or spyware, but instead applies to all threat categories.

The reputation-based system uses "the wisdom of crowds" (Symantec’s tens of millions of end users) connected to cloud-based intelligence to compute a reputation score for an application, and in the process identify malicious software in an entirely new way beyond traditional signatures and behavior-based detection techniques.

Antivirus Protection Dates

  • Initial Rapid Release version March 27, 2009
  • Latest Rapid Release version April 20, 2010 revision 025
  • Initial Daily Certified version March 27, 2009 revision 005
  • Latest Daily Certified version April 20, 2010 revision 024
  • Initial Weekly Certified release date April 1, 2009

So, what to do?

 

 

25 Replies
Search this post
Subscription Options


Reason for Karma (Optional)
Successfully updated karma reason!
June 13, 2013 12:12:03 PM from WinCustomize Forums WinCustomize Forums

Uninstall Norton.

Reason for Karma (Optional)
Successfully updated karma reason!
June 13, 2013 12:13:39 PM from WinCustomize Forums WinCustomize Forums

Systems Affected:

Windows XP, Windows Vista, Windows NT, Windows Server 2003, Windows 2000

Someone needs to let Norton know that the program isn't even compatible with those systems. My advice would be to disable the AV until WB 8 is downloaded and installed.

Better yet, see reply #1

Reason for Karma (Optional)
Successfully updated karma reason!
June 13, 2013 12:21:07 PM from Stardock Forums Stardock Forums

Norton has this irritating feature of believing anything it has no info on might be a virus and so it should claim it is.

You can ignore that warning in Norton for WB, it is simply because it is new that Norton knows nothing about it.  There should be a white list option somewhere.

I would also urge you to consider an alternative AV supplier when you need to renew your subscription so that Norton get the message that they are causing harm to small software companies with their scare tactics.

Reason for Karma (Optional)
Successfully updated karma reason!
Sign Up or Login and this ad disappears!
There are many great features available to you once you register. Sign Up for a free account and browse the forums without ads.
June 16, 2013 8:42:42 PM from WinCustomize Forums WinCustomize Forums

Quoting Wizard1956,
Better yet, see reply #1

 

Reason for Karma (Optional)
Successfully updated karma reason!
June 16, 2013 9:05:29 PM from WinCustomize Forums WinCustomize Forums

Quoting Neil Banfield,
Norton has this irritating feature of believing anything it has no info on might be a virus and so it should claim it is.

Exactly.

Reason for Karma (Optional)
Successfully updated karma reason!
June 17, 2013 4:53:21 AM from WinCustomize Forums WinCustomize Forums

Norton is the hardest virus to get rid of on your computer.

Reason for Karma (Optional)
Successfully updated karma reason!
June 17, 2013 6:07:35 AM from WinCustomize Forums WinCustomize Forums

My Norton did not say anything about the beta and I downloaded it on day 1 - also if you trust a prog and it gets automatically deleted after the download open up Norton and tell it to restore the recently deleted file.
if you want to know about the program use Norton insight ... I did it with all beta releases so far and Insight highlighted everything as green- 
You are more likely do get virus warnings on products such as stardock if you did not make a update of your definitions.

Quoting Neil Banfield,
I would also urge you to consider an alternative AV supplier when you need to renew your subscription so that Norton get the message that they are causing harm to small software companies with their scare tactics.
Quoting RedneckDude,
Uninstall Norton.
Quoting 2of3,
Norton is the hardest virus to get rid of on your computer.


Gentlemen i don’t get your sarcasm here.. i know Norton has been ugly since 2008 but the 2013 version of Nortn-Antivirus is something completely different.
And to be honest even if it detects something barely “unknown” as a potential threat - Im better be safe than sorry-
I wrote the ticket about the beta that included Fences… I hate installers that have something else included in them.
No matter what it is…


(scare tactics) Neil i understand the anger but giving that advice to that user is nothing else then what Norton does or-did- only they do try to protect while you try to cause damage with that suggestion- think about it
So -(Norton get the message) you mean like MS did   that is like throwing cotton balls at a tank

 

Reason for Karma (Optional)
Successfully updated karma reason!
June 17, 2013 6:18:56 AM from WinCustomize Forums WinCustomize Forums

I understand Roloccolor's comment, and while Norton did have uninstall, etc. problems in the past (and Jafo hates it) it has improved greatly in recent times.

Let's remember this is a Support thread.  

Reason for Karma (Optional)
Successfully updated karma reason!
June 17, 2013 6:22:51 AM from Stardock Forums Stardock Forums

Quoting Roloccolor,

My Norton did not say anything about it and i downloaded it on wb beta on day 1 - also if you trust a prog and it gets automatically deleted after the download open up norton and tell it to restore the recently deleted file
if you want to know about the program use Norton insight ... i did at all betay releases so far and Insight highlighted everything as green- 
You are more likely do get virus warnings on products such as stardock if you did not make a update of your definitions.

Quoting Neil Banfield, reply 3I would also urge you to consider an alternative AV supplier when you need to renew your subscription so that Norton get the message that they are causing harm to small software companies with their scare tactics.Quoting RedneckDude, reply 1Uninstall Norton.Quoting 2of3, reply 6Norton is the hardest virus to get rid of on your computer.

I dont get your gentlements sarcasm here i know Norton has been ugly since 2008 but the 2013 version of Nortn-Antivirus is something completely different.
And to be honest even if it detects something barely unknown as a potential threat - im better be safe than sorry Sir
 

In this case you are not.

The net result of the feature is to scare potential customers away as they trust their AV vendor over some third party company they just discovered.  This means Norton are in a position of trust and should be very careful what they say, but they seem happy to scare customers so they will renew their protection each year.  This is a major problem for smaller companies as it is hard to get the feature to know much about an app when their AV deletes it before it can be run.  The end result is we keep on having to send software to be white listed which can take I think upto a week each time for every single update.

If the file is signed then the right approach would be to simply inform the user that they do not know much about this software, but it is signed by XXXXX and perhaps link this back to the server info which would know that many apps signed by XXXX have been found to be perfectly valid and so chances are this one is also fine.  Factor in the download location and you have a solution that rightly triggers on unknown threats while at the same time acting in a responsible manner and providing accurate information.

Reason for Karma (Optional)
Successfully updated karma reason!
June 17, 2013 6:44:55 AM from WinCustomize Forums WinCustomize Forums

Neil i was still in editing forgive me im not that fast...take another look
But Norton does not scare cutomers of from SD or others or wants them to stay away from you guys, if a file is brand new and barely anone has it - it gives you a fair warning and isolates the file as potential thread... i dont see nothing wrong about that. 
like i wrote that can be solved if you trust in a prog - just mark it as ok and restore it. But if you have it set to manual update - of course you get false warnings since your list is outdated.
I downloaded all the betas so far and never ever had any issues with SD products,- So i have to say Insight of Norton is pretty fast all you have to do is make updates and im sure there wont be any prob at all - or explain to me why i have not gottn a deleted installer ? Im sure i would have contacted IRC about it right away as i normaly do.

And its not Nortons fault if Person XXXX is to sorry "not able" and marks a file as potential threat if its perfectly fine.
I dont see why someone would do something like that if he uses the same AV - unless by mistake
What i like to add is if a Person X downloads a beta that is not even  "a Day old" and gets a warning from his AV like that he should think about it why it did warn him or why that did happen...Steps to take UPDATE VD check Insight- Insight has not enough info on this file ( barely used by any others ) take the file and make a online check on it virustotal for example. This way the "average user" is always safe.
And if you are annoyed by insight disable "insight protection" - if turned on i recommend turning on auto update aswell

Since this warning of stardock could not have existed than far more than a day and if the user did his updates like he/she should i dont see why there is so much anger about of 12-24 hour warning... its not like Norton bans his cutomers from downloading SD products.
But then again im not here to protect Norton i know it had been not great over the past but i gave it another shot and i must say currently i cant complain.
Lavasoft Eset Avira are worse compared to the service you get and they did not detect files that are a real threats.

Sorry Doc ... i let go now
 

Reason for Karma (Optional)
Successfully updated karma reason!
June 17, 2013 8:17:27 AM from WinCustomize Forums WinCustomize Forums

Quoting Roloccolor,
But Norton does not scare cutomers of from SD or others or wants them to stay away from you guys, if a file is brand new and barely anone has it - it gives you a fair warning and isolates the file as potential thread... i dont see nothing wrong about that.

Rolocolor....there are two types of computer programs.

Only two.

One is a program FOR your computer.

The other is a program that [is allowed seemingly to] falsely SLANDER other legitimate programs without opportunity for recourse or restitution.

WHEN I discover my use of a program that falls into that second category too-bloody-well  I write it off as RUBBISH and choose one that is itself sufficiently competently written to NOT do what Norton does so well and STILL does.

Advice in #1 therefore is entirely appropriate....

Reason for Karma (Optional)
Successfully updated karma reason!
June 17, 2013 8:21:46 AM from WinCustomize Forums WinCustomize Forums

Oh...to add....

This is a support forum thread so the correct response will be Neil's...

The warning CAN be ignored.  It is what is [too often in the trade] called a 'false-positive'....

Reason for Karma (Optional)
Successfully updated karma reason!
June 17, 2013 8:29:17 AM from WinCustomize Forums WinCustomize Forums

Quoting Jafo,
The other is a program that [is allowed seemingly to] falsely SLANDER other legitimate programs without opportunity for recourse or restitution.

I have to agree...especially when they're guilty of putting out "scareware" http://drjbhl.joeuser.com/article/414579/Norton_PC_Checkup_Tool

and updates which crashed XP systems - http://drjbhl.joeuser.com/article/428384/Norton_Update_Crashing_XP_Computers_Endpoint_121_Is_The_Culprit

That together with code of theirs which was leaked (by the Indian military), makes their software less than desirable.

Reason for Karma (Optional)
Successfully updated karma reason!
June 28, 2013 6:56:47 PM from Stardock Forums Stardock Forums

I don't trust Norton, in spite of the so called advances in their software. When this laptop was new Norton was one of the pre-installed apps. I let it run its course then ditched it and installed the ones i normally use. During Norton's time on this lappy it missed most of what my other A/V's caught. I can't see spending hard earned bucks on something that a freebie does much better.

Reason for Karma (Optional)
Successfully updated karma reason!
June 29, 2013 1:52:53 PM from Stardock Forums Stardock Forums

i tested my machine with Hitman Pro and VirusTotal.

about 5 reputable AV vendors (like Bit Defender and F-Secure) throw warning about malware by files either modified or created by WindowBlinds.

it would be nice if this was fixed.

Reason for Karma (Optional)
Successfully updated karma reason!
June 29, 2013 1:59:18 PM from Stardock Forums Stardock Forums

[quote who="moonmadness.ca" reply="15" id="3376784"]
i tested my machine with Hitman Pro and VirusTotal.

about 5 reputable AV vendors (like Bit Defender and F-Secure) throw warning about malware by files either modified or created by WindowBlinds.

it would be nice if this was fixed.[/quote]

Could you post the report please.

Reason for Karma (Optional)
Successfully updated karma reason!
June 29, 2013 3:07:45 PM from Stardock Forums Stardock Forums

Hitman Pro flags 3 files as malware:

* C:\Windows\SysWOW64\netprofm.dll
* C:\Windows\SysWOW64\themeui.dll
* C:\Windows\SysWOW64\wmdrmsdk.dll

here's the analysis of the third file by VirusTotal:
https://www.virustotal.com/en/file/bffeabddec122390075d48e88a185d7f420b52dbf540c69b8de940c29090ba42/analysis/

the other 2 files are also flagged by VirusTotal.
----
here's the output from Hitman Pro:


HitmanPro 3.7.6.201
www.hitmanpro.com

   Computer name . . . . : XXXX
   Windows . . . . . . . : 6.2.0.9200.X64/4
   User name . . . . . . : XXXX/XXXX
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2013-06-29 12:57:10
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 45s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 27
   Traces  . . . . . . . : 27

   Objects scanned . . . : 804,719
   Files scanned . . . . : 14,203
   Remnants scanned  . . : 127,468 files / 663,048 keys

Malware _____________________________________________________________________

   C:\Windows\SysWOW64\netprofm.dll
      Size . . . . . . . : 183,808 bytes
      Age  . . . . . . . : -0.1 days (2013-06-29 16:13:39)
      Entropy  . . . . . : 6.5
      SHA-256  . . . . . :

5F36DFDBE62A7C01EBA706F72DE0B79FAB911D170A32876EAB91682A1D549576
      Product  . . . . . : Microsoft® Windows® Operating System
      Publisher  . . . . : Microsoft Corporation
      Description  . . . : Network List Manager
      Version  . . . . . : 6.3.9431.0
      Copyright  . . . . : © Microsoft Corporation. All rights reserved.
    > G Data . . . . . . : Gen:Variant.Graftor.2609
      Fuzzy  . . . . . . : 106.0

   C:\Windows\SysWOW64\themeui.dll
      Size . . . . . . . : 2,810,368 bytes
      Age  . . . . . . . : -0.1 days (2013-06-29 16:13:41)
      Entropy  . . . . . : 4.3
      SHA-256  . . . . . :

7CB451171E1B6DB2CFFC27B31E340D21DABD85EE42F315DAE2C0229BBFB4CC80
      Product  . . . . . : Microsoft® Windows® Operating System
      Publisher  . . . . : Microsoft Corporation
      Description  . . . : Windows Theme API
      Version  . . . . . : 6.3.9431.0
      Copyright  . . . . : © Microsoft Corporation. All rights reserved.
    > G Data . . . . . . : Gen:Variant.Graftor.3672
      Fuzzy  . . . . . . : 106.0

   C:\Windows\SysWOW64\wmdrmsdk.dll
      Size . . . . . . . : 468,480 bytes
      Age  . . . . . . . : -0.1 days (2013-06-29 16:13:42)
      Entropy  . . . . . : 6.93:04 PM 2013-06-29
      SHA-256  . . . . . :

BFFEABDDEC122390075D48E88A185D7F420B52DBF540C69B8DE940C29090BA42
      Product  . . . . . : Microsoft® DRM
      Publisher  . . . . : Microsoft Corporation
      Description  . . . : Windows Media DRM SDK DLL
      Version  . . . . . : 11.0.9431.0
      Copyright  . . . . : © Microsoft Corporation. All rights reserved.
    > G Data . . . . . . : Gen:Trojan.Heur2.LP.Cu8@aGFr4Iii
      Fuzzy  . . . . . . : 106.0

Reason for Karma (Optional)
Successfully updated karma reason!
June 29, 2013 3:11:49 PM from Stardock Forums Stardock Forums

Looking at those file names I think something else may be going on.

None of those dlls are Stardock ones and WindowBlinds does not replace any OS files, so if they fail AV checks via VirusTotal then you have something else on your machine that is possibly infecting files.

Why did you think they had anything to do with WindowBlinds?

Reason for Karma (Optional)
Successfully updated karma reason!
June 29, 2013 3:14:45 PM from Stardock Forums Stardock Forums

Quoting Neil Banfield,

Looking at those file names I think something else may be going on.

None of those dlls are Stardock ones and WindowBlinds does not replace any OS files, so if they fail AV checks via VirusTotal then you have something else on your machine that is possibly infecting files.

Why did you think they had anything to do with WindowBlinds?

 

because i did a clean install of Windows 8.1, installed Hitman Pro and WindowBlinds right after and scanned with Hitman Pro.

the only way to be absolutely sure this is caused by WindoBlinds would be to re-install Windows 8.1 and scan right after with Hitman to see if i get the same results.

give me about an hour or so...

Reason for Karma (Optional)
Successfully updated karma reason!
June 29, 2013 3:40:34 PM from Stardock Forums Stardock Forums

update:

sorry to have wasted your time.

 

I did a clean install of Windows 8.1 then installed Hitman Pro without installing WindowBlinds.

the same 3 files are flagged as malware so the problem is with Microsoft, not WindowBlinds.

 

very much sorry for the confusion.

 

feel free to delete the whole mess please.

Reason for Karma (Optional)
Successfully updated karma reason!
June 29, 2013 10:01:08 PM from WinCustomize Forums WinCustomize Forums

[quote who="moonmadness.ca" reply="20" id="3376831"]the same 3 files are flagged as malware so the problem is with Microsoft, not WindowBlinds.[/quote]

Sounds MORE like the problem is with Hitman Pro ....

Reason for Karma (Optional)
Successfully updated karma reason!
June 29, 2013 10:29:58 PM from WinCustomize Forums WinCustomize Forums

Quoting Jafo,
Sounds MORE like the problem is with Hitman Pro ...

Indeed. 

Reason for Karma (Optional)
Successfully updated karma reason!
June 29, 2013 10:32:37 PM from Stardock Forums Stardock Forums

Quoting Jafo,

[quote who="moonmadness.ca" reply="20" id="3376831"]the same 3 files are flagged as malware so the problem is with Microsoft, not WindowBlinds.


Sounds MORE like the problem is with Hitman Pro ....[/quote]

 

you're partly right.

 

there are about 7 antivirus programs who flag those files as malware when they are in fact legit.

Reason for Karma (Optional)
Successfully updated karma reason!
June 29, 2013 11:51:55 PM from WinCustomize Forums WinCustomize Forums

[quote who="moonmadness.ca" reply="23" id="3376947"]there are about 7 antivirus programs who flag those files as malware when they are in fact legit.[/quote]

 

Avast and MSE, and AVG flag my gadgets as malware.  

Reason for Karma (Optional)
Successfully updated karma reason!
July 1, 2013 3:53:13 AM from WinCustomize Forums WinCustomize Forums

Not MalwareBytes and MSE doesn't do that to the gadgets I have and I got plenty of gadgets.

Reason for Karma (Optional)
Successfully updated karma reason!
Stardock Forums v1.0.0.0    #108432  walnut2   Server Load Time: 00:00:00.0000547   Page Render Time:

Home | About | Privacy | Upload Guidelines | Terms of Service | Help
WinCustomize © 2014 Stardock Corporation. All Rights Reserved.