Jump to content


Photo

False positive report - Shop To Win


  • Please log in to reply
5 replies to this topic

#1 Mike088

Mike088

    Newbie

  • Members
  • Pip
  • 3 posts

Posted 18 May 2012 - 05:15 PM

Hi I'm a Senior Systems Engineer at Shop To Win,


Ad-Aware is triggering a false positive on our product. The Shop To Win installer downloads the latest installation package from an Amazon S3 bucket (http://download.shoptowin.net) using a helper program called installassist.exe. Ad-Aware version 10.1.211.3382 is misclassifying this behavior as dangerous and is not allowing the software install to complete.

Further, Ad-Aware is blocking access to http://stjpe.com which is crucial to the operation of the Shop To Win product.

Please let me know if i can furnish any additional information.

Sincerely,
Michael Kelley
Senior Systems Engineer
Shop To Win, an Online Convergence Company


About Shop To Win:
Shop To Win is a loyalty-based sweepstakes program that allows consumers to earn entries into daily and annual sweepstakes while they shop at over 2000 internet merchants. The product shows consumers a reminder each time they visit a site where they are eligible to earn sweepstakes entries (for example, http://www.homedepot.com), provides a winner experience so that we can contact sweepstakes winners, and provides a shopping confirmation to the consumer once a month confirming the entries they have earned. The software is freely and publicly available at http://www.shoptowin...er/info/getapp/


I've attached a zip file that contains the detected file, the log file of the scan that detected the FP as well as screenshots of the detection.

URL/download location of detected application: http://www.shoptowin...er/info/getapp/

Attached Files



#2 CeciliaB

CeciliaB

    Volunteer

  • Moderator
  • 7335 posts

Posted 20 May 2012 - 02:37 PM

Hi Mike088,

I'm sure someone at Lavasoft will check your file and URLs, but while waiting for that you maybe can explain while shoptowin.net is blacklisted at SURBL, see http://www.mywot.com...d/shoptowin.net

The company seems to agree that it is ad-ware according to http://forums.malwar...showtopic=99816

#3 LS Andy

LS Andy

    Lavasoft Staff/Forum Overlord

  • Root Admin
  • 1531 posts

Posted 21 May 2012 - 03:36 PM

Hi Mike088,

This is a false positive & will be fixed on an update to be released today.

Regards,

Andy
Lavasoft Malware Lab
unsolicited@tenalia.com

#4 Mike088

Mike088

    Newbie

  • Members
  • Pip
  • 3 posts

Posted 22 May 2012 - 06:02 PM

Hi CeciliaB,

Thank you for drawing our attention to the first site, our VP of Technology and Information Security, Peter Wyner, has now reached out to them in order to address our poor standings on that site. Your second link is Peter's false positive report of Shop To Win to Malware Bytes, as a result they granted us whitelist status.

LS Andy,

We truly appreciate your rapid response. Testing now shows I can successfully download and install our product, but it appears that with the Shop and Bank Safely Online option turned on, http://stejpn.com is still a blocked address. The website http://stejpn.com is used by the Shop To Win product to render communication sliders and messaging, keep the software up to date, and is part of the general use and functionality of the software. Blocking this site essentially blocks the use of the Shop To Win Product even when successfully installed. I would just like to further request this address be cleared in order to allow users who download Shop To Win the proper functionality while running Ad-Aware with that option turned on.

Once again thank you for your initial response, and please let me know if there's any other information I can provide to assist in this process.

Sincerely,
Michael Kelley
Senior Systems Engineer
Shop To Win, an Online Convergence Company

#5 LS Andy

LS Andy

    Lavasoft Staff/Forum Overlord

  • Root Admin
  • 1531 posts

Posted 28 May 2012 - 10:08 AM

Hi Mike088,

Can you please verify that http://stejpn.com is not blocked?

Regards,

Andy
Lavasoft Malware Lab
unsolicited@tenalia.com

#6 Mike088

Mike088

    Newbie

  • Members
  • Pip
  • 3 posts

Posted 29 May 2012 - 10:13 PM

Hi LS Andy,

Just tested this and it appears to no longer be blocked. Thanks so much for all your help!

Sincerely,
Michael Kelley
Senior Systems Engineer
Shop To Win, an Online Convergence Company




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users