moonoimonic / pdfbinder

Automatically exported from code.google.com/p/pdfbinder
0 stars 0 forks source link

Malewarebytes Quarentines pdfbinder for Trojan.MSIL #35

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago
What steps will reproduce the problem?
1.Scan MSI or system with pdfbinder installed.

What is the expected output? What do you see instead?
I hope to keep using the pdfbinder. It's quick and easy to use.
Instead I removed it to be on the safe side.

What version of the product are you using? On what operating system?

v1.2
windows 7 pro 64 sp1

Please provide any additional information below.
I like this program and hope its just a false positive

Original issue reported on code.google.com by kschnap...@gmail.com on 28 Feb 2014 at 12:27

GoogleCodeExporter commented 8 years ago
I do not know the first thing about Malwarebytes, but I very much expect this 
to be a false positive. Did you download the PDFbinder installer from this 
website (code.google.com)? If you picked it up elsewhere, maybe somebody has 
wrapped it in nastyness without my knowledge.

Original comment by j...@malamute.dk on 28 Feb 2014 at 10:43

GoogleCodeExporter commented 8 years ago
I just had the same issue, Malwarebytes found Trojan.MSIL in 
C:\Windows\Installer\12bb1a87.msi and also in PDFBinder.exe. I don't know if 
it's because Malwarebytes quarantined something but I also cannot uninstall 
PDFBinder (something about missing files). I downloaded it from here and also 
use Windows 7 64 bit.

Original comment by jake...@hotmail.co.uk on 28 Feb 2014 at 11:24

GoogleCodeExporter commented 8 years ago
I too had the same results with Malwarebytes. It said this file in Windows 7:

Windows/Installer/3e3323d.msi

was a trojan.

Original comment by byrondallas on 2 Mar 2014 at 3:47

GoogleCodeExporter commented 8 years ago
I did download the program from this site and tried it again before submitting 
this issue. I scanned the newly downloaded msi file and it popped up as 
Trojan.msil again. 
I understand that malwarebytes is foreign to you but it's a highly respected 
program and a go-to for many IT people. It might be a good idea for you, as the 
programmer, to ask malwarebytes for clarification on why it's flagging 
pdfbinder and get it white-listed to keep people from getting scared off.

Original comment by kschnap...@gmail.com on 2 Mar 2014 at 7:54

GoogleCodeExporter commented 8 years ago
I'm having the same issue....  I've been using PDFbinder for quite some time 
now and I would hate to have to find another program

Original comment by dlisin...@gmail.com on 3 Mar 2014 at 3:35

GoogleCodeExporter commented 8 years ago
Same trojan.msil found by Malwarebytes. Quarantined and removed with damage to 
pdfbinder. 
Cannot remove the program in control panel so I ended removing first in 
programs on C, then manually thru registry, entry by entry.
Would appreciate resolution because it's a great tool for merging pdfs and I 
would give it high marks if not for this issue.

Original comment by ktpaw...@gmail.com on 5 Mar 2014 at 1:55

GoogleCodeExporter commented 8 years ago
I would really appreciate it, if one (or more) of you would submit this issue 
with Malwarebytes. I am quite certain that there is no trojan hidden in the 
version of PdfBinder available here on Google Code, and hence I believe it must 
be a false positive on their end.

Original comment by j...@malamute.dk on 5 Mar 2014 at 1:59

GoogleCodeExporter commented 8 years ago
This is where you report false positives with Malwarebytes:

https://forums.malwarebytes.org/index.php?showforum=42

Original comment by byrondallas on 5 Mar 2014 at 3:14

GoogleCodeExporter commented 8 years ago
Ok I've submitted a complaint over at Malwarebytes and you can follow the 
thread here:

https://forums.malwarebytes.org/index.php?showtopic=143586

Original comment by byrondallas on 5 Mar 2014 at 5:20

GoogleCodeExporter commented 8 years ago
This is fixed now from Database version: v2014.03.05.09 and on. We also add the 
file to our false positive server filter to prevent this in the future. Thanks 
for reporting it. 

Original comment by rmatteo...@gmail.com on 5 Mar 2014 at 6:23