Would like an honest opinion on this!?

Morro

Level 16
Thread author
Verified
Top Poster
Well-known
Jul 8, 2012
792
Okay this evening I first scanned my HD with 360 TS and nothing was found. Then I double checked with HerdProtect , and I got two warnings. The first warning was about an xpi. ( So firefox, or in my case Cyberfox. ) I first thought it might have been from a extension I hat removed from Cyberfox, ( My Back-up Browser. ) so I hat HerdProtect set to remove it. After I hat removed it, I later found out it was ublock for Firefox that was removed so I reinstalled it again and after a rescan with HerdProtect I reported it as a False Positive.

The second thing reported by HerdProtect was found by 41 out of 68 to be a PuP ... here are several screenshots of the detailed results on the PuP Helper.exe found by HerdProtect.

Part 1: http://i176.photobucket.com/albums/w172/Illius_photos/Diversen/HerdProtect Result P1_zpsfvqqp9fq.jpg

Part 2: http://i176.photobucket.com/albums/w172/Illius_photos/Diversen/HerdProtect Result P2_zps7wtpu8ql.jpg

Part 3: http://i176.photobucket.com/albums/w172/Illius_photos/Diversen/HerdProtect Result P3_zpscxjdartr.jpg

Part 4: http://i176.photobucket.com/albums/w172/Illius_photos/Diversen/HerdProtect Result P4_zpsdatxlw5f.jpg

Part 5: http://i176.photobucket.com/albums/w172/Illius_photos/Diversen/HerdProtect Result P5_zps5q3y5dqi.jpg

Has any one noticed this themselves with Cyberfox and the security software you use? Would this mean that every time Cyberfox gets updated this file would be re-installed again. ( Because I hat HerdProtect remove it, and Cyberfox seems to work with out a problem? )

Now I realize no security software is perfect, and a False Positive is always possible, but 41 out 68 report it as seen above. So what are the thoughts on this by those of you with more knowledge in this area?
 

Nico@FMA

Level 27
Verified
May 11, 2013
1,687
CyberFox is a scam to make money. Firefox is the best browser and second is Chrome.
First of all Cyberfox is no scam and its open source. In regards who is the best browser, that is a personal preference anyway.
As even with the many online tests, Firefox, Chrome, Opera, IE and some other browsers come pretty much with the same functionality.
And while security is a issue none of these browsers will let you down.

If you are worried your PC is infected, follow the instructions here: http://malwaretips.com/forums/malware-removal-assistance.10/
and they will assist you.
Good advise m8

Okay this evening I first scanned my HD with 360 TS and nothing was found. Then I double checked with HerdProtect , and I got two warnings. The first warning was about an xpi. ( So firefox, or in my case Cyberfox. ) I first thought it might have been from a extension I hat removed from Cyberfox, ( My Back-up Browser. ) so I hat HerdProtect set to remove it. After I hat removed it, I later found out it was ublock for Firefox that was removed so I reinstalled it again and after a rescan with HerdProtect I reported it as a False Positive.

The second thing reported by HerdProtect was found by 41 out of 68 to be a PuP ... here are several screenshots of the detailed results on the PuP Helper.exe found by HerdProtect.

Part 1: http://i176.photobucket.com/albums/w172/Illius_photos/Diversen/HerdProtect Result P1_zpsfvqqp9fq.jpg

Part 2: http://i176.photobucket.com/albums/w172/Illius_photos/Diversen/HerdProtect Result P2_zps7wtpu8ql.jpg

Part 3: http://i176.photobucket.com/albums/w172/Illius_photos/Diversen/HerdProtect Result P3_zpscxjdartr.jpg

Part 4: http://i176.photobucket.com/albums/w172/Illius_photos/Diversen/HerdProtect Result P4_zpsdatxlw5f.jpg

Part 5: http://i176.photobucket.com/albums/w172/Illius_photos/Diversen/HerdProtect Result P5_zps5q3y5dqi.jpg

Has any one noticed this themselves with Cyberfox and the security software you use? Would this mean that every time Cyberfox gets updated this file would be re-installed again. ( Because I hat HerdProtect remove it, and Cyberfox seems to work with out a problem? )

Now I realize no security software is perfect, and a False Positive is always possible, but 41 out 68 report it as seen above. So what are the thoughts on this by those of you with more knowledge in this area?

Cyberfox is a opensource project and as such some of its code is being flagged by AV detection.
Not so much because its harmful but more based upon reputation. If you have the feeling that you are infected or something is wrong then i suggest 2 things, either you know what you are doing and run Mbam and such and kill the infections yourself (If any) or option 2 you head to the forum @Tony Cole suggested and have one of our fine malware removal specialists help you out.
Either way Cyberfox is work in progress with all the good and bad that comes from a opensource project yet there are loads of users and good feedback so do not worry to much about Cyberfox as its pretty much a Firefox clone.

Cheers
 

frogboy

In memoriam 1961-2018
Verified
Top Poster
Well-known
Jun 9, 2013
6,720
CyberFox is a scam to make money. Firefox is the best browser and second is Chrome.
How is CyberFox a scam to make money. Please let me know your reasons for this comment. o_O
 
  • Like
Reactions: scot

viktik

Level 25
Verified
Well-known
Sep 17, 2013
1,492
You can see below that herdProetct is not using latest data.

While virustotal is showing detection ratio : 1/57
https://www.virustotal.com/en/file/...93c434104e69f1768ea3538c/analysis/1425166270/

herdprotect is showing 41 detections.

My advice is don't use herdprotect

HERD PROTECT STUPIDITY_01-03-2015_05-03-02.jpg




HERD PROTECT STUPIDITY_01-03-2015_05-06-01.jpg



HERD PROTECT STUPIDITY_01-03-2015_05-06-34.jpg
 
H

hjlbx

Herdprotect scan engine does indeed use signatures that are, at least in some cases, a few weeks old.

I'm not sure why this is the case, but I'd bet it has something to do with Herdprotect's terms with the individual vendors - e.g. vendors give access, but not to current databases as the vendors keep them for their premium (paid) products.

That's only my guess, but in any case, I too have run into the same issue with false positives with Herdprotect because it was using outdated signatures.

Until it gets sorted out I stopped using it...mostly because it caused serious issues on my system and not so much the false positives.

Remember, it's still a beta.
 

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
Perhaps there are an issue regarding on matching the MD5/SHA on which the name may caused similar to those suspicious hence flagged to be malicious.
 

Morro

Level 16
Thread author
Verified
Top Poster
Well-known
Jul 8, 2012
792
If you are worried your PC is infected, follow the instructions here: http://malwaretips.com/forums/malware-removal-assistance.10/
and they will assist you.

First of all Cyberfox is no scam and its open source. In regards who is the best browser, that is a personal preference anyway. As even with the many online tests, Firefox, Chrome, Opera, IE and some other browsers come pretty much with the same functionality. And while security is a issue none of these browsers will let you down.

Good advise m8

Cyberfox is a opensource project and as such some of its code is being flagged by AV detection. Not so much because its harmful but more based upon reputation. If you have the feeling that you are infected or something is wrong then i suggest 2 things, either you know what you are doing and run Mbam and such and kill the infections yourself (If any) or option 2 you head to the forum @Tony Cole suggested and have one of our fine malware removal specialists help you out. Either way Cyberfox is work in progress with all the good and bad that comes from a opensource project yet there are loads of users and good feedback so do not worry to much about Cyberfox as its pretty much a Firefox clone.

Cheers

Well I was not really worried that my system was infected, but after the thing with Lenovo I was a bit surprised to see the details of that file. None the less before I made this post I did scan with MBAM and nothing was found.

Thank you Tony Cole and Nico@FMA.

You can see below that herdProetct is not using latest data.

While virustotal is showing detection ratio : 1/57
https://www.virustotal.com/en/file/...93c434104e69f1768ea3538c/analysis/1425166270/

herdprotect is showing 41 detections.

My advice is don't use herdprotect

Herdprotect scan engine does indeed use signatures that are, at least in some cases, a few weeks old.

I was unaware that the signatures it uses are out of date, I will remove HerdProtect then. Thank you for pointing that out viktik and hjlbx.

Perhaps there are an issue regarding on matching the MD5/SHA on which the name may caused similar to those suspicious hence flagged to be malicious.

So with that in mind it could have been another False positive. Oh well, we live and learn do we not. :)
 
  • Like
Reactions: frogboy

cruelsister

Level 42
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 13, 2013
3,133
Personally I feel the products that tout the fact that they use "all available scanners" are very bad ideas. Obviously an AV scanner, aside from detecting real malware, will have the potential for throwing out False Positives.

So let's assume that VT has added a new scanner, X AV, which has a 99.999% detection rate and 0.0001% FP's. If we then construct an Omni-engine scanner that includes both X AV and an additional 55 or so other engines and scan a malware file. It can be easily seen that since X AV will already detect the malware any detections by the other 55 will be superfluous; but as each AV is prone to FP's (and usually different sorts of FP files are targeted), the amount of bogus detections will increase with the number of scanners that a product uses. So if we consider the accuracy of a product to be a function of high malware detection and low FP's, it is intuitive that the accuracy of a scanner is inversely proportional to the number of scanners used.
 
H

hjlbx

The HerdProtect multi-AV scan engine is still in beta so it's really no big deal at this very moment. If out-dated signatures continue to be used when a stable release is made then it will be a big issue - as I see only limited value in scanning my system with signatures that are weeks old.

Besides...I've tried both HerdProtect and OPSWAT Gears (which is essentially the same concept as HP multi-AV scan with some network controls functionality).

Despite what both HerdProtect and OPSWAT say about minimal system impact that is not the case on my specific system. At least you can tweak OPSWAT to a large extent to minimize resource consumption.

I have to back cruelsister up on this one...while a multi-AV scan engine seems like a good idea, in practice it can be problematic. Generally, I've found, whenever one tries to turn their system into an impenetrable fortress by adding too much is when serious issues begin with stability, compatibility, resource hits, ... and lets not forget system upkeep/maintenance.

I've made the mistake of just way too many security apps in the past so I know from experience what happens in such a case.

I just do not see any worthwhile benefit to either HP or Gears when the same can be achieved by simply uploading unknown/untrusted files to VT. Granted, one is automated the other manual - but what good does an automated multi-AV scan do for me if it uses obsolete signatures or chews up my processor?
 

Behold Eck

Level 15
Verified
Top Poster
Well-known
Jun 22, 2014
717
Herdprotect scan engine does indeed use signatures that are, at least in some cases, a few weeks old.

I'm not sure why this is the case, but I'd bet it has something to do with Herdprotect's terms with the individual vendors - e.g. vendors give access, but not to current databases as the vendors keep them for their premium (paid) products.

That's only my guess, but in any case, I too have run into the same issue with false positives with Herdprotect because it was using outdated signatures.

Until it gets sorted out I stopped using it...mostly because it caused serious issues on my system and not so much the false positives.

Remember, it's still a beta.

What you say hjlbx makes a lot of sense.:cool:

Regards Eck:)
 

Moose

Level 22
Jun 14, 2011
2,271
Using the following browsers:

> K-Meleon with latest update.
> Flash Peak Slim Jet

Move away from about CyberFox about 3.5 months ago.
 
  • Like
Reactions: Behold Eck

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top