False positive on the Bit Che file special.exe

[mrpete]

I have an app installed called Bit Che. It is a freeware torrent tool. There's a false positive on one of the Bit Che files. I'm posting this not so much for myself, as for the multitude of other Bit Che users that don't know that it is OK to ignore this particular result. I just spent about 2 hours submitting this file as a false positive to something like 15 or 20 anti-virus companies.

The Bit Che developer uses a "file packer to keep the file size down and also to ensure that Bit Che can't be infected with a virus. The file packer checks itself to see if bit_che.exe has been modified (by a virus or anything else) and will not start up if it has been modified."

Well ... virus writers use the same or similar file packers to keep the size of their EXEs down, too. MBAM confuses the Bit Che file with those nasty viruses that we all hate so much.

The file that is getting the false positive is special.exe and can be pulled in from the URL below. If I need to put the EXE in an encrypted RAR/ZIP/etc. please let me know in a reply.

http://rapidshare.com/files/277487378/special.exe

The MBAM developer mode log is at the bottom of this post.

Here is the Bit Che developer on his website talking about this sort of false positive ...

http://convivea.com/forums/index.php?topic...g10124#msg10124

The original install package for Bit Che is here ...

http://www.convivea.com/download.php

There's no rush and I Thank The Nice Folks That Produce And Work With MBAM For Everything you do!

--- the developers log is below ---

Malwarebytes' Anti-Malware 1.40

Database version: 2758

Windows 5.0.2195 Service Pack 4

9/8/2009 8:15:26 PM

mbam-log-2009-09-08 (20-15-13).txt

Scan type: Full Scan (A:\|)

Objects scanned: 91510

Time elapsed: 1 minute(s), 46 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

A:\special.exe (Spyware.OnlineGames) -> No action taken. [41345241301826171870661967196968182569191967242066186922192119672223192321]

[TeMerc]

Hello and welcome to the forums.

Due to heavy heuristic detections by Malwarebytes, almost any executable file located at the root will be detected. We suggest you either move the file to a different location on the drive or add it to your ignore list. Malware loves to hide at the root.

We do not make detection adjustments to these files.

[mrpete]

MBAM version 1.41 no longer detects the Bit Che file special.exe as malware/virus/etc.

THANK YOU VERY MUCH!!!

Please close this thread (if that's an option).