Jump to content

Safesurf - False Positive


Jetswap

Recommended Posts

Dear Malwarebytes,

I am an official representative of JetSwap Inc.

We have detected that Your anti-virus program detects our software as Malvare Software.

C:\1\safesurf.exe (Trojan.Downloader) -> Действие не было предпринято. [ec978a5175e842f407377bce8779ff01]

How we can solve this issue?

Regards,

JetSwap Inc

Link to post
Share on other sites

  • 1 year later...

I talked with administration. So, we will post here.

 

Our project exists for about 11 years.

We can give to you authentication data to program and control panel.
 
Control panel is here:
 
or English translated partner: 
 
Safesurf is using GeckoFX, as browser engine.
 
Our program includes 4 parts.
A. Safesurf - main program, browser.
B. Surfguard - file, which monitors browser (A) crashes
C. Prtest - File for testing presentions (shows) (will explain later)
D. Built-in miner - 3rd party program.
 
Any user of our system can be both advertisers and surfers. Login data to program is the same as control panel. Advertiser fill the form. Can use needed commands, like inserting Javascript, sending triggers and other things, that can do browser and Javascript.
 
In other hard, surfer lauch the program and choose an appropriate mode:
1. Manual surfing.
2. Auto surfing.
3. Hidden surfing.
 
First asks for captcha after each shows.
Second do not ask captcha.
Third leaves itself in processes and over the screen. It was done for users, who want earn credits and nothing were going to prevent using computer. They do not almost want feel the program is running.
 
To protect us from illegal distribution of file we use both captcha to enter to account and unique computer key. Furthermore, there is an abuse file in "Documents", root of C: and near the program with link for removing program and to give a penalty to user who installed the program to that computer.
All files will recreate once removed. If Abuse file near the program will be removed, the authorization in program will be broken, so the user should login again.
 
This all was done after user tryed to distribute our program by bot-networks.
 
We critically treat to using our network to distribute Winlockers and other malware programs. We remove them once find.
 
----
B.
Surfguard is using to monitor browser. If advertisers setted wrong settings or because of content, browser can crash. Surfguard relaunches Safesurf and continue surfing without any moving to user
 
----
C.
Prtest is realtime settings monitor because system can do different complex things like registrations. Using "presentation code", Prtest get all commands from our system and tries to run them. User can debug the variables, view content and etc.
 
----
D.
We included mining API to our program, now it is called "Bitsurf". Can use CPU/GPU. All credits go to user accounts.
 
----
Except all, the system could not be used to distribute viruses through our program. Except exploits to the whole system, but not to our program.
So, there any recommendations on our website to use sandboxes and virtual machines.
 
There are also many our partner systems which our "engine".
 
We think, that program cannot be Adware because it does not show advertisement. It works like browser. So if our program is in adware class, any browser can be adware too by this way.
 
 
In addition, we are trying to communicate with ESET to remove our program from our database because Adware detection is from Eset.

Link to post
Share on other sites

  • Staff

I am gonna rename these Detections to PUP.Optional Because of the miner component.

 

You say its not adware but on the jetswap page you linked:

 

The following are the basic technologies of advertising used in the system:

 

When you say users,  the affialiates or people that have this installed on their system get the bitminer credits?

 

Can you provide a installer for the whole package please.

Link to post
Share on other sites

I am gonna rename these Detections to PUP.Optional Because of the miner component.

 

You say its not adware but on the jetswap page you linked:

 

The following are the basic technologies of advertising used in the system:

 

When you say users,  the affialiates or people that have this installed on their system get the bitminer credits?

 

Can you provide a installer for the whole package please.

 

Taken from http://en.wikipedia.org/wiki/Adware:

 

The term adware is frequently used to describe a form of malware (malicious software),[19][20] usually that which presents unwanted advertisements to the user of a computer.[21][22] The advertisements produced by adware are sometimes in the form of a pop-up.[23]

 

After analysis of wiki thread, we can conclude that:

 

In our situation, we does not show unwanted advertisements. Users see what they want. Software demonstrates website to users, who get payment for this.

Furthermore, We do not use "pop-up" and etc. 

Thus, our software could not be categorized as software, which shows unwanted advertisements because users agree with viewing websites and earn credits (universal system currency)

----

 

Bitcoin miner was added for additional earning and can be enabled in Safesurf settings.

----

 

To conclude, We would like to say that our software could not be categorized by any known virus/adware classification.

----

 

Full installer is here

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.