madshi.net

Hi,

FYI, I was about to download latest madcollection.exe at work where we run kaspersky 6.0.4.1424 (a.d.f), up-to-date, which reports:
detected: virus HEUR:Trojan.Win32.Generic file: http://madshi.net/madCollection.exe

I downloaded it yesterday from home, where I run avast and that didn't complain.

I though false positives for this were over long time ago

Argh, they promised me they'd white list my certificate!

Weird, though, http://www.virustotal.com reports no problems with Kaspersky / madCollection.exe.

it wouldn't be the first time kaspersky introduces a false positive with an update

le: forgot to mention, this happens with the web scanner only. So, when you download: false-positive. if you scan the downloaded file, all is ok.

Thanks. I've pointed them to this thread, hopefully they'll remove the problem quickly.

FWIW, Kaspersky just told me they'd fix this with the next update.

As much problems I've had with them recently, at least they're quick to reply to false alarm complaints.

least they can do

doesn't seem like they fixed it. While checking out from local svn I get:
file C:\....\madCollection_3_0_m.exe: detected modification of virus 'HEUR:Trojan.Win32.Generic'.
Tried from web, as well:
file C:\Users\Administrator\AppData\Local\Temp\ogi5YxAk.exe.part: detected modification of virus 'HEUR:Trojan.Win32.Generic'.
last update of kaspersky was today.

Argh, thanks for letting me know, I'll contact them again!

Kaspersky says:

"The file referred by viewtopic.php?f=11&t=25970 should not be detected. If it is now detected, it should be that the database have not been updated. Please just wait for the update."

for a service that provides updates on a daily basis, the fix is taking quite a lot of days to arrive. oh well.

Well, as you said yourself, some parts of Kaspersky complain, while others don't. So it seems that they also use different data sets. Maybe those for web checking are updated less often? I've no idea, I don't understand it, either...