Help - Search - Members - Calendar
Full Version: False Positive ? Theme-changing program ("Visual Styler")
Lavasoft Support Forums > Archived Topics > Archives: Resolved/Inactive Topics > Resolved/Inactive False Postive Issues
AlrikFassbauer
Mar 10 2009, 08:25 PM
Hello, everyone.

Ad-Aware (now the "Anniversary Edition) reported a file to me as a "suspicious" file.

It actually came with a windows theme-changing program, which is called "Visual Styler" by a small company called "Auslogics". They had it on their web site, but it seems to have been withdrawn. At least it I cannot find it there anymore listed there anymore.

A search engine will show a lot of results, however, because it seems to have been licensed to computing magazines as well (saw it several times on magazine discs).


The relevant passages of the log file seem to be this:

QUOTE
>>> Quarantined items:
>>> Description: d:\programme\auslogics\auslogics visual styler\themehelper.dll Family Name: Win32.Backdoor.Hupigon Clean status: Reboot required Item ID: 151807 Family ID: 810
>>> Description: HKLM:system\controlset001\services\6to4: Family Name: Win32.Backdoor.Hupigon Clean status: Success Item ID: 28590 Family ID: 810
>>> Description: HKLM:system\currentcontrolset\services\6to4: Family Name: Win32.Backdoor.Hupigon Clean status: Success Item ID: 28593 Family ID: 810
>>>
>>> Scan and cleaning complete: Finished correctly after 207 seconds


I've tried to upload the log file here, hopefully it will work (I don't do this regularly).

I've also tried to upload the file itself, in a compressed form (via .zip format - use 7zip for that).


I'd like to know whether this was really dangerous or not, as a small feedback. Because it is wasn't dangerous, then I'd like to have my program working again. Otherwise I must seek an Alternative.


Regards,

Alrik


LS Albin
Mar 11 2009, 11:23 AM
Hi AlrikFassbauer !

We will investigate this and If it turns out to be a FP it will be removed.

Thanks for your report.

Albin

Lavasoft Malware Labs
AlrikFassbauer
May 4 2009, 08:04 PM
Well, now I had a really hard time logging in here ... - My Opera 9.64 browser just didn't let me to !

Considering this, I had similar problems with a few other forums before ... And then it was because of the Cookies.

But - even after deleted the Cookies of this site here from within Opera, the browser didn't let me in !

I'm posting now with the help of Mozilla Firefox ... at least THAT works !


Okay, what I originally wanted is just ask what happened to this seemingly false positive. Ad-Aware still deletes the file, thus making the program unusuable (just a few seconds ago again, as I did a new test run/scan of it).

I'd like to know whether this is a real threat or just a false positive ?
LS Albin
May 5 2009, 08:14 AM
Hi!

The file indicates suspicious behavior and is linked to the Win32.Backdoor.Hupigon family. The file is also detected by several other vendors. You can choose to upload the file to http://www.virustotal.com to see the result.

Thanks

Albin

Lavasoft Malware Labs

AlrikFassbauer
May 5 2009, 01:11 PM
Okay, I see.

Have you contacted the developers ? The complete program was sold as commercial software, as far as I know. I think it would be a good idea to inform them.

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2009 Invision Power Services, Inc.