NoVirusThanks Malware Remover Free v3.1

[jamescv7]

[30-04-2011] – v3.1.0.0

+ Fixed Windows Server 2008 run error
+ Optimized behavioral scan
+ Option to Exclude items
+ Minor fixes and optimizations
+ Unlocked “Behavioral Analysis” for Free version
+ Unlocked “Scan Windows temp folder” for Free version
+ Unlocked “Scan current user temp folder” for Free version
+ Added “Accept EULA” Form
+ Fixed startup for Windows Vista/Seven
+ Optimized initialization of the application
+ Updated DB to v594

Source

 

[bogdan]

Not much I can say about an anti-malware that detects his own executable as possibly infected:
[attachment=186]

 

[jamescv7]

Seems a FP there even Kmplayer is a known for a legitimate was also flagged as infected.

 

[bogdan]

The number of false-positives is huge. Legit Windows files are flagged:

Files Infected:

c:\windows\system32\dwm.exe -> No action taken
c:\windows\system32\taskhost.exe -> No action taken
c:\windows\explorer.exe -> No action taken
c:\program files\acronis\trueimagehome\trueimagemonitor.exe -> No action taken
c:\program files\common files\acronis\schedule2\schedhlp.exe -> No action taken
c:\program files\avast software\avast\avastui.exe -> No action taken
c:\program files\comodo\comodo internet security\cfp.exe -> No action taken
c:\program files\mozilla firefox\firefox.exe -> No action taken
c:\program files\daemon tools lite\dtlite.exe -> No action taken
c:\users\bogdan\appdata\roaming\dropbox\bin\dropbox.exe -> No action taken
c:\program files\findandrunrobot\findandrunrobot.exe -> No action taken
c:\program files\mozilla firefox\plugin-container.exe -> No action taken
c:\program files\the kmplayer\kmplayer.exe -> No action taken
c:\users\bogdan\desktop\nmr_portable\portable\nmr.exe -> No action taken
c:\program files\java\jre6\bin\jp2ssv.dll -> No action taken

VT link: dwm.exe
VT link: explorer.exe
VT link: taskhost.exe

I have no comments.

 

[Jack]

The number of false-positives is huge. Legit Windows files are flagged:

Files Infected:

c:\windows\system32\dwm.exe -> No action taken
c:\windows\system32\taskhost.exe -> No action taken
c:\windows\explorer.exe -> No action taken
c:\program files\acronis\trueimagehome\trueimagemonitor.exe -> No action taken
c:\program files\common files\acronis\schedule2\schedhlp.exe -> No action taken
c:\program files\avast software\avast\avastui.exe -> No action taken
c:\program files\comodo\comodo internet security\cfp.exe -> No action taken
c:\program files\mozilla firefox\firefox.exe -> No action taken
c:\program files\daemon tools lite\dtlite.exe -> No action taken
c:\users\bogdan\appdata\roaming\dropbox\bin\dropbox.exe -> No action taken
c:\program files\findandrunrobot\findandrunrobot.exe -> No action taken
c:\program files\mozilla firefox\plugin-container.exe -> No action taken
c:\program files\the kmplayer\kmplayer.exe -> No action taken
c:\users\bogdan\desktop\nmr_portable\portable\nmr.exe -> No action taken
c:\program files\java\jre6\bin\jp2ssv.dll -> No action taken

VT link: dwm.exe
VT link: explorer.exe
VT link: taskhost.exe

I have no comments.

EPIC FAIL!
Never tried NoVirusThanks...but after I've seen this ...I will avoid this product...
The developers of this products should really improve this product .

 

[jamescv7]

Out of curiosity what type of scan did you performed? Is the paranoid scan activated? Cause probably that's the main problem or if not then a serious flaw of FP.

 

[bogdan]

It is probably caused by their "Behavior Analysis" feature but if something will produce so many false-positives don't enable it by default in your product and give a warning when the user activates it.

 

[jamescv7]

So is that a quick scan were the FP found?

 

[bogdan]

I only tried Flash & Quick but I think all types of scan will find those as long as Behavior Analysis is set to Advanced (Default for the portable version, never tried the installer version). Even Basic Behavior Analysis has its share of false-positives.

 

[Jack]

I've also tried the Portable version and NoVirusThanks manage to detect 2 threats .......One of which is it's own file and the other is ... chrome.exe .....
[attachment=367]

Scan Log :

NoVirusThanks Malware Remover Free 3.1.0.0
DB version: 594 (28.04.2011)
Report created on 6/6/2011 at 7:49:18 AM
Windows 7 Ultimate 6.1 Service Pack 1 32-bit
WIN7-PC - Win7

Scan type: Quick Scan
Time elapsed: 00:21:31
Objects scanned: 15929
Threats detected: 2

Files Infected:

c:\users\win7\appdata\local\google\chrome\application\chrome.exe -> No action taken
c:\users\win7\appdata\local\temp\rar$ex67.712\portable\nmr.exe -> No action taken

Folders Infected:


Registry Values Infected:


Registry Keys Infected:


System Hijacks Found:


IE Hijacks Found:


Hosts File Hijack Found:


Traces Found:


End.

I will also try the installer to see if it's any better...

 

[McLovin]

Find it's own program a virus. They mught need to fix that one.

 

[jamescv7]

Still its a weird that their own file was detected and some files rated as FP.