NANO AntiVirus Posted April 30, 2010 ID:241985 Share Posted April 30, 2010 Hello colleagues,Our user has informed us that IP of our site www.nanoav.ru (84.42.39.75) is blocked by Malwarebytes Anti-Malware. Please settle the problem.If you need any information please contact me by e-mail in my profileThank you.Best,Pamfilova Irina Link to post Share on other sites More sharing options...
MysteryFCM Posted May 1, 2010 ID:242427 Share Posted May 1, 2010 Apologies for taking so long. This IP is blocked because it lies within a known malicious range./editJust a note, all of the previous activity on this range seems to have gone from what I'm seeing, so I'm looking further into this. Link to post Share on other sites More sharing options...
NANO AntiVirus Posted May 12, 2010 Author ID:248745 Share Posted May 12, 2010 Apologies for taking so long. This IP is blocked because it lies within a known malicious range./editJust a note, all of the previous activity on this range seems to have gone from what I'm seeing, so I'm looking further into this.I can't understand, is it a great problem to check the site and unblock it?? Please settle the problem! Link to post Share on other sites More sharing options...
MysteryFCM Posted May 12, 2010 ID:248749 Share Posted May 12, 2010 It's not just your site that needs checked, but your software aswell (I've got that scheduled for testing for this afternoon). Link to post Share on other sites More sharing options...
MysteryFCM Posted May 12, 2010 ID:248820 Share Posted May 12, 2010 Testing your software as I write this and ..... care to explain why you're targetting;1. MBAMService.exe (Malwarebytes AntiMalware)2. MSMPENG.exe (Microsoft Security Essentials)Got me curious now as to whether you're targeting solely these two, or other vendors aswell. Guess we'll find out as testing progresses to stage 2, once stage 1 has finished. Link to post Share on other sites More sharing options...
NANO AntiVirus Posted May 13, 2010 Author ID:249388 Share Posted May 13, 2010 Testing your software as I write this and ..... care to explain why you're targetting;1. MBAMService.exe (Malwarebytes AntiMalware)2. MSMPENG.exe (Microsoft Security Essentials)Got me curious now as to whether you're targeting solely these two, or other vendors aswell. Guess we'll find out as testing progresses to stage 2, once stage 1 has finished.Did you mean that the system protection of NANO AntiVirus detects these processes as harmful? If so, it's predictable. We have analysed the situation. As we have conjectured there are unencrypted fragments of malicious code in the memory of both above-mentioned programs. Link to post Share on other sites More sharing options...
MysteryFCM Posted May 13, 2010 ID:249391 Share Posted May 13, 2010 It was your scanner that detected them - and I'm afraid your argument doesn't wash with me. The test was run on a CLEAN INSTALL of Windows XP SP3, as such, no malware was present, and there's no malicious code in either MBAM or MSE.Interestingly, care to explain also, why the log file it created, didn't make any mention of these detections? (I've got screenshots of the detections themselves and a copy of the log file btw, just incase).Regardless, the tests will be completed by tonight, and a decision as far as unblocking, will be based on such results. Your continued detection of MBAM/MSE files isn't going to help you - I'd strongly urge you REMOVE detection for them. Link to post Share on other sites More sharing options...
MysteryFCM Posted May 13, 2010 ID:249398 Share Posted May 13, 2010 I'd like to clarify, incase you're wondering why it's taking so long to do the tests - your software is taking an hour and a half per scan on the test system (which is a long time, given it takes another 45-60 mins to restore the image for the next test). Link to post Share on other sites More sharing options...
NANO AntiVirus Posted May 14, 2010 Author ID:249878 Share Posted May 14, 2010 It was your scanner that detected them - and I'm afraid your argument doesn't wash with me. The test was run on a CLEAN INSTALL of Windows XP SP3, as such, no malware was present, and there's no malicious code in either MBAM or MSE.I guess you don't understand me. I will try to explain more clear. I don't allege that there are malware in your test system or that MBAM or MSE are malware. The fact is that there are fragments of malware in the memory of these both programs. We guess that these fragments are some signatures of virus bases of these AV's. I can send on demand 160 byte dump of the memory block of MBAM process where is the above-mentioned fragment. That fragment looks like a part of the modified Kryptik.gen by our classification (Trojan.FakeAV!gen27 by Symantec, FakeAlert-LX by McAfee and so on).To avoid that kind of problem other AV's store signatures in encrypted state usually. Interestingly, care to explain also, why the log file it created, didn't make any mention of these detections? (I've got screenshots of the detections themselves and a copy of the log file btw, just incase).We create a few log files. Logs with detects are here "Documents and Settings\All Users\Application Data\nanoav\scan.*.log". If you have more questions about NANO AntiVirus we will be glad to discuss it on our forum (English is available). Link to post Share on other sites More sharing options...
NANO AntiVirus Posted May 17, 2010 Author ID:251253 Share Posted May 17, 2010 I have found the topic here on the forum. Perhaps this is the reason why our IP was blocked? The topic is closed so I can't post a disclaimer. Our AV NANO AntiVirus and known rogue Nano antivirus are not the same, there is the unfortunate name's coincidence only. I have sent the private message to the moderator Fatdcuk but haven't received any reply. Link to post Share on other sites More sharing options...
MysteryFCM Posted May 17, 2010 ID:251361 Share Posted May 17, 2010 I noticed the confusion over the name, thanks. I verified MBAM wasn't detecting yours during my testing. The tests were delayed however, which is why the block hasn't been removed yet. It's scheduled finishing today, and will likely be unblocked. I'll post back when this is done. Link to post Share on other sites More sharing options...
NANO AntiVirus Posted May 24, 2010 Author ID:255123 Share Posted May 24, 2010 I noticed the confusion over the name, thanks. I verified MBAM wasn't detecting yours during my testing. The tests were delayed however, which is why the block hasn't been removed yet. It's scheduled finishing today, and will likely be unblocked. I'll post back when this is done.Hello, are there some news? Link to post Share on other sites More sharing options...
MysteryFCM Posted May 24, 2010 ID:255328 Share Posted May 24, 2010 I'm running some more tests, which is why it's taking so long.Have you fixed the detection of the legit AV/AM's yet? (note, this is a pre-requisite before removal of the block can be approved by me, I can't allow you to go round detecting the likes of MSE/MBAM etc as malicious when they aren't, regardless of your reasons). Link to post Share on other sites More sharing options...
MysteryFCM Posted May 24, 2010 ID:255352 Share Posted May 24, 2010 Nevermind, got it re-scanning as I write this and see detection of legit AMs/AVs has not been fixed, so the block isn't going to be removed. Link to post Share on other sites More sharing options...
NANO AntiVirus Posted June 2, 2010 Author ID:260536 Share Posted June 2, 2010 Nevermind, got it re-scanning as I write this and see detection of legit AMs/AVs has not been fixed, so the block isn't going to be removed.We regret sincerely you refuse to unblock our IP, though it is not malicious. The decision should be unbiased but it looks like an attempted blackmail.The detection of processes of some AVs by our AV does not contain a fraudulent intent. It is a result of using an incorrect method by those AVs to store and operate their virus bases. So the fake detection is not so much our problem as the problem of developers of those products. Of course this situation is off-nominal and requiring a solution. We try to solve this problem but it requires a lot of efforts and time as we have to test third-party products instead of their developers in fact. Therewith we would like you to revise your attitude to this problem and also make some efforts to solve it by correcting the way your product works with virus signatures. Link to post Share on other sites More sharing options...
MysteryFCM Posted June 2, 2010 ID:260673 Share Posted June 2, 2010 Not blackmail at all.I've asked the developers to comment further on this. Link to post Share on other sites More sharing options...
MysteryFCM Posted June 2, 2010 ID:260764 Share Posted June 2, 2010 After further investigation, I am now removing the block. However, I'd ask you please ask your research team to look into the methods of detection that have caused this issue.The block will be removed as of the next update. Link to post Share on other sites More sharing options...
NANO AntiVirus Posted June 3, 2010 Author ID:261280 Share Posted June 3, 2010 After further investigation, I am now removing the block. However, I'd ask you please ask your research team to look into the methods of detection that have caused this issue.The block will be removed as of the next update.Thank you for your decision. We try to find a solution of the problem, but anyway, how I have said before, we would like to ask developers of MBAM, on their part, to draw close attention on this situation. Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now