Are uninstall files infection-prone?

[conceptualclarity]

Until recently I had Webroot as my antivirus, and it was frequently flagging uninstall files. Now Roboscan in its full scan is claiming that the uninstall.exe for VideoLAN is or is infected by a trojan horse : Gen:Trojan.Heur.P.dW5@fmvpAzm (1).

I'm skeptical. I think at the end of the scan I'll whitelist it, and then scan it with the multi-program scanners (Virus Total, Jotti, VirScan. WinMHR, etc.) and the on demand scanners in my right-click menu. Right now it appears I can't scan the file with any of those.

So far, I do like Roboscan, however. I've come to expect false positives from all security programs, but one can't do without them.


Operating System
Windows XP Home Edition 32-bit SP3
CPU
Intel Pentium 4
Northwood 0.13um Technology
RAM
2.00GB DDR @ 166MHz (2.5-3-3-7)
Motherboard
Dell Computer Corp. 0G1548 (Microprocessor)
Graphics
Default Monitor (1280x1024@60Hz)
Intel 82845G/GL/GE/PE/GV Graphics Controller (Dell)
Storage
74GB Seagate ST380011A (ATA) 28 °C
3GB Lexar USB Flash Drive USB Device (USB)
119GB PNY USB 2.0 FD USB Device (USB)
Optical Drives
SAMSUNG CD-R/RW SW-252S
Audio
Unimodem Half-Duplex Audio Device
Anti-Virus
Roboscan

 

[Dhazee]

most exe's in general are prone to manipulation & binding of various baddies this includes most uninstaller packages as well so the answer would be yes
you could try emsisoft emergency toolkit, adwcleaner, rougekiller or a couple of other freeware scanner to get the job done when all else fails check the md5

 

[nsm0220]

any files on a pc can be infection-prone

 

[cruelsister]

That is a common vector for various nastier adware files. When the user attempts to uninstall, say a adware toolbar, running the packaged uninstaller will not only re-install the toolbar but adds a few more. They will also sometimes (frequently) act as an adware downloader if connected to the Internet.

Pretty funny as long as it doesn't happen on a production system.

 

[Littlebits]

Yes uninstaller files can be become infected that that is not the likely reason for the detection.
BitDefender AV engine will target just about any uninstaller file that doesn't include a digital certificate which is most open-source freeware products. Some uninstaller files will include uninstall references to bundled adware and PUP's even though they were never installed. Because if you AV only detects the uninstaller files and nothing else on your system then it is more likely to be false positives since malware traces will have to be in other locations on your system in order to have a successful infection.

Thanks.

 

[conceptualclarity]

Yes uninstaller files can be become infected that that is not the likely reason for the detection.
BitDefender AV engine will target just about any uninstaller file that doesn't include a digital certificate which is most open-source freeware products. Some uninstaller files will include uninstall references to bundled adware and PUP's even though they were never installed. Because if you AV only detects the uninstaller files and nothing else on your system then it is more likely to be false positives since malware traces will have to be in other locations on your system in order to have a successful infection.

Thanks.

Thank you, Littlebits. I sort of suspected it was something like you describe, but it's meaningful to hear it from someone in the know.

A great day for cats, with the video of that autistic boy being rescued from the vicious dog. Thank God they're going to put the dog down instead of being bleeding hearts.

 

[Cats-4_Owners-2]

*Smiling* as I thought (for some reason) conceptualclarity might be speaking of my 'cats..' ..until it <clicked>;and I'd remembered seeing the film footage mentioned on yesterday's news!
@conceptualclarity, I liked how you'd pointed out 'A great day for cats' while Littlebit's cat represents (symbolically) the rescue of many in like fashion from malicious system predators just waiting to pounce upon our hapless computer systems thus making 'false positives' seem far more liveable!

That is a common vector for various nastier adware files. When the user attempts to uninstall, say a adware toolbar, running the packaged uninstaller will not only re-install the toolbar but adds a few more. They will also sometimes (frequently) act as an adware downloader if connected to the Internet.

Pretty funny as long as it doesn't happen on a production system.

Thanks, Miss ..sister! I'd always wondered ..in silence.. what the reasoning behind advising the use of one's own system's uninstall feature rather then the packaged one was based! Those darned adware toolbars!!