Problem with SIW [System Information for Windows]: Trojan or False positive?

botkiller4 · ‎03-22-2011

Hello there. I use SIW [free, portable version] on my PC.

I have been trying to download the latest version 2011.05.26.0, but Norton 360 5.0 deletes it everytime! It says it detected a trojan. This is the report:
____________________________
____________________________
On computers as of:
09-06-2011 at 21:11:37
Last Used:
09-06-2011 at 21:13:37
Startup Item:
No
Launched:
No
____________________________
____________________________
Very Few Users
Fewer than 5 users in the Norton Community have used this file.
____________________________
High
This file risk is high.
____________________________
Threat Details
Threat type: Virus. Programs that infect other programs, files, or areas of a computer by inserting themselves or attaching themselves to that medium.
____________________________
Origin
Downloaded from http://www.gtopala.com/download/siw.exe
http://www.gtopala.com/download/siw.exe Downloaded File siw.exe.d5rc89k.partial
(Trojan.Gen.2) from: gtopala.com

siw.exe.d5rc89k.partial
____________________________
File Actions
File: c:\users\userxyz\downloads\siw.exe.d5rc89k.partial
Removed
____________________________
File Thumbprint - SHA:
32441d5ad8893466869f9a8f388fd59263aad60397935e4bb51491b8848b6972
____________________________
File Thumbprint - MD5:
d207cff90e5a345fbb8d080eb2bd2f59
____________________________

I want clarification as to whether its indeed a trojan or false positive. I have been using this tool for for 3 years without issues.

UPDATE: I had downloaded this a few days back successfully. Today it was deleted from the location it was saved. I thought it some file system error which made it vanish. And then all re-downloading attemps with multiple browsers failed (IE9 and FF4). I am attaching the report for this file:
____________________________
____________________________
On computers as of:
09-06-2011 at 21:08:22
Last Used:
09-06-2011 at 21:10:23
Startup Item:
No
Launched:
No
____________________________
____________________________
Very Few Users
Fewer than 5 users in the Norton Community have used this file.
____________________________
High
This file risk is high.
____________________________
Threat Details
Threat type: Virus. Programs that infect other programs, files, or areas of a computer by inserting themselves or attaching themselves to that medium.
____________________________
Origin
Downloaded from URL Not Available

Source File:
siw v2011.05.26.0.exe
____________________________
File Actions
File: d:\utilities\others\siw v2011.05.26.0.exe
Removed
____________________________
File Thumbprint - SHA:
32441d5ad8893466869f9a8f388fd59263aad60397935e4bb51491b8848b6972
____________________________
File Thumbprint - MD5:
d207cff90e5a345fbb8d080eb2bd2f59
____________________________

A Norton guy since 2007!

botkiller4 · ‎03-22-2011

Is no one going to care replying?

A Norton guy since 2007!

mp3jo · ‎06-27-2009

if you think it is a false alarm - this may help you

http://community.norton.com/t5/Announcements/How-to-report-false-positives/m-p/225309#M19

Cheers,
Jo

--- N360 v6.4 on german 64 bit win7, IE9 ---

delphinium · ‎11-21-2008

Only five out of 42 identify the file as malicious, which usually indicates a false positive. We can't guarantee it one way or another. Best thing is to submit it and get a report on it as advised.

hhttp://www.virustotal.com/file-scan/report.html?id=32441d5ad8893466869f9a8f388fd59263aad60397935e4b...

Under certain circumstances profanity provides relief denied even to prayer.
Mark Twain

botkiller4 · ‎03-22-2011

Hello!

Thanks for replying. I have now registered a case under 'reporting false positives' to Symantec. Result is awaited. As soon as I get a response, I will post here again.

Regards.

A Norton guy since 2007!

botkiller4 · ‎03-22-2011

Hi.

I just recieved an email from Symantec. It says, "in light of further investigations and analysis", Symantec has removed this detection from all its products and that I must run Live Update to ensure the change is reflected on my machine.

So it was indeed a false positive it seems. I successfully downloaded and ran the application.

There is still 1 issue that Norton reports the website as having security threats; its the same SIW.exe which is listed as virus in Norton Safe Web report. I guess it will get rectified as well, in time to come.

Here is the latest Download Insight:

Full Path: c:\Users\USER_xyz\Downloads\siw.exe
____________________________
____________________________
Signature:
Not Available
Identified:
22-06-2011 at 01:46:30
Last Used:
Not Available
Start-up Item:
No
Version Number:
2011.5.26.0
____________________________
____________________________
Very Few Users
Fewer than 5 users in the Norton Community have used this file.
____________________________
Very New
This file was released less than 1 week ago.
____________________________
Good
Norton has given this file a good rating.
____________________________
Origin

http://www.gtopala.com/download/siw.exe Downloaded File siw.exe from: gtopala.com
____________________________
File Thumbprint - SHA:
265d47b3c87d7bfa77d2055ed36d471e37c5e4602840d79fa618d9d3d9cc190c
____________________________
File Thumbprint - MD5:
aba502891604bd1b571bf42208c4f425
____________________________

Thanks!

A Norton guy since 2007!

Norton 360

Problem with SIW [System Information for Windows]: Trojan or False positive?

Re: Problem with SIW [System Information for Windows]: Trojan or False positive?

Re: Problem with SIW [System Information for Windows]: Trojan or False positive?

Re: Problem with SIW [System Information for Windows]: Trojan or False positive?

Re: Problem with SIW [System Information for Windows]: Trojan or False positive?

Re: Problem with SIW [System Information for Windows]: Trojan or False positive?

Products

Services

Support