powarc964.exe causes malware alert in Prevx1

[Teffy357]

When I try to run powarc964.exe to install the latest PA, the malware monitor, Prevx1, prevents it from running. The error is shown here:

IS-681VH.TMP
Determination: Bad
IS-681VH.TMP
AUTOMATED MALWARE PROFILE, ANALYSIS, REMOVAL AND SIGNATURE INFORMATION:
DEFINITION OF: IS-681VH.TMP

* Safety Rating: Known Malware, do not run
* Malware Family: Part of Malware group - Covert Sys Exec
* Determination: Automatically determined using Prevx1 centralized heuristics
* Malware Form: EXPLOIT
* Protection: Prevx1 is a very powerful PC security product, it will protect, disinfect, cleanup and remove IS-681VH.TMP and safeguard your PC against viruses, trojans, worms, spyware, rootkits and adware
* New Users: You can download the full Prevx1 product and use it to cleanup and remove IS-681VH.TMP and other infections free of charge, then leave it to monitor your PC for other infections
* First seen: Oct 21 2006 (GMT)
* Last seen: Oct 21 2006 (GMT)
* File Size: 689,152 bytes

MALWARE ASSESSMENT: PREVX 4 AXES OF EVIL METHODOLOGY
1. COVERT ANALYSIS OF: IS-681VH.TMP

* File Names Used: 35
* Paths Used: 35
* Common File Name: IS-681VH.TMP
* Common Path: %temp%\is-0gsic.tmp\
* Vendor Information: No Vendor details specified
* Product Information: Setup/Uninstall
* IS-681VH.TMP may use 35 or more path and file names, these are the most common:
* 1 :%temp%\is-1v55a.tmp\IS-AUJIV.TMP
* 2 :%temp%\is-2u1hm.tmp\IS-HSETM.TMP
* 3 :%temp%\is-37902.tmp\IS-TUFH8.TMP
* 4 :%temp%\is-3de7g.tmp\IS-DFU95.TMP
* 5 :%temp%\is-3nhjp.tmp\IS-63SN9.TMP
* 6 :%temp%\is-4qnvd.tmp\IS-FIEFD.TMP
* 7 :%temp%\is-5sk0u.tmp\IS-CB8NE.TMP
* 8 :%temp%\is-7b0ie.tmp\IS-AKRN6.TMP
* 9 :%temp%\is-83u11.tmp\IS-C4425.TMP
* 10:%temp%\is-8ek9q.tmp\IS-KAN4Q.TMP
* 11:%temp%\is-8s49d.tmp\IS-VCHQO.TMP
* 12:%temp%\is-9jp6h.tmp\IS-HSSN2.TMP
* 13:%temp%\is-9m8nd.tmp\IS-9RKTN.TMP
* 14:%temp%\is-9omjg.tmp\IS-GUOH0.TMP
* 15:%temp%\is-agl9s.tmp\IS-AFO7I.TMP
* File Name Structure: Normal
* File and Path Structure: Suspicious, code execution from unusual location

2. RELATIONSHIP ANALYSIS OF: IS-681VH.TMP

* Malicious Objects Created: 1 objects
* Malicious Creators: None
* Malware Run Keys: None
* Self Persists:
* Antivirus Detection: No third party antivirus detection observed
* Anti-Spyware Detection: No third party anti-spyware detection observed

3. ACTIVITY ANALYSIS OF: IS-681VH.TMP

* The following behaviors have been observed for this object:
* Installs programs.
* Deletes programs.
* Creates Run Once Keys.
* Runs temporary programs.
* Runs other programs.
* Creates known malware.

4. PROPAGATION ANALYSIS OF: IS-681VH.TMP

* Malware Group Propagation Rate: Moderate (spreading)
* Malware Group: Covert Sys Exec
* Copyright Prevx Limited 2005, 2006

[spwolf]

If you know the website of that company or use their product, please let them know of false positive.

Apperantly Inno Setup is considered malware, which is ridicilous?!

So many of these so-called "anti-malware" products are complete garbage.

Please report it and let us know of their website so we can report it as well.

thanks,

[Teffy357]

I did report the false positive. The product is Prevx1 v2.0.5 Build 6 and the web site is www.prevx.com

[spwolf]

Quote:

Originally Posted by Teffy357

I did report the false positive. The product is Prevx1 v2.0.5 Build 6 and the web site is www.prevx.com

seems to be fixed?

Still, it is pretty incredible that someone can simply tag every install created by one installation tool as malware...