« previous next »
Pages: [1]   Go Down

Author Topic: Why are uninstallers so often flagged?  (Read 3499 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33897
  • malware fighter
Why are uninstallers so often flagged?
« on: December 21, 2006, 09:29:04 PM »
Hi malware fighters,

You could already be aware of the fact that av scanners can consider some uninstaller executables as being trojans. As we update these suspects to jotti there either is no trojan (sign of a FP). Examples DrWebCureIt flags the Democracy Player uninstall.exe from Particapatory Culture Foundation as infected with Trojan.Popuper, when we upload the uninstall executable to Jotti not a single scanner (DrWeb's included) find anything and the file is flagged as clean.
Another example is the Flock uninstaller.
What is so special about uninstallers that make that some av scanner flag them as infected. Can somebody explain?

polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48553
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: Why are uninstallers so often flagged?
« Reply #1 on: December 21, 2006, 11:14:52 PM »
Good question polonus.
I've come accross the same thing on more than one occasion.
I just wasn't smart enough to ask. ;D
Logged
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re: Why are uninstallers so often flagged?
« Reply #2 on: December 21, 2006, 11:19:50 PM »
Quote from: polonus on December 21, 2006, 09:29:04 PM
What is so special about uninstallers that make that some av scanner flag them as infected. Can somebody explain?
I'm curious too... Maybe they have riskware behavior?  ::)
Logged
The best things in life are free.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89033
  • No support PMs thanks
Re: Why are uninstallers so often flagged?
« Reply #3 on: December 21, 2006, 11:37:28 PM »
As Tech says probably because of behaviour after it is deleting lots of files and registry entries, which under certain circumstances might be though suspicious. I guess it would depend on what detected it signature, generic or heuristic detection.
Logged
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.3.6108 (build 24.3.8975.762) UI 1.0.801/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48553
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: Why are uninstallers so often flagged?
« Reply #4 on: December 22, 2006, 12:24:05 AM »
David,
Since in my case the detection was done by avast! and avast! doesn't use heuristic detection,
I guess we can rule that out.
Logged
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89033
  • No support PMs thanks
Re: Why are uninstallers so often flagged?
« Reply #5 on: December 22, 2006, 01:36:12 AM »
Heuristics, Generics [gen] or signatures were given so it entirely depends on what the detection was. I was also answering polonus generally as he asked a general question and not one specific to avast.
Logged
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.3.6108 (build 24.3.8975.762) UI 1.0.801/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33897
  • malware fighter
Re: Why are uninstallers so often flagged?
« Reply #6 on: December 22, 2006, 08:52:43 AM »
Hi malware fighters,

How much harm it does depends partly on what you have to do to get rid of this stuff. If you can't find normal uninstallers, or they don't work, or they wind up loading more ads on your computer, you'll call this software malicious. But compared to spyware, its fairly mild. But that will not produce a Trojan FP, would it?
Kaspersky is found to see trojans in uninstallers, while there are not. So clearly
False Positives. But this malware really exists: Emcodec.D for instance works via a bogus installer and drops an uninstaller. There is nothing false about this one.
Identifying and analyzing spyware is a complex challenge. New forms of spyware are constantly under development, and the same technology that can make spyware malicious and unwanted also appears in software that users want to keep and use on their computers, such as antivirus software. It's not always possible for software to determine whether a program is something the customer wants to preserve or remove.
So the complexity of the thing, and the dual nature would lay at the core of this problem. So one conclusion is with uninstallers flagged, check and double-check before making a decisive decision upon what action to take.

polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!
Pages: [1]   Go Up
« previous next »