AIDA64 False positive

Criss · September 22, 2011, 5:08pm

Hi, as the title says, Norton blocks the latest version of AIDA64 (aka Everest), as you can see below:

I reported this on monday, here. After ~ 1 hour they replied to my submission asking for aditional information, like a screenshot of auto protect and a download link for AIDA64.

I sent another mail with the required information the same day, and thats it, no answer until the moment I am writing this message. According to this: Symantec will target a response of our final determination within 2 working days , they should have answered yesterday.

Sorry for bad english :smileysad:

Bombastus · September 22, 2011, 5:11pm

Hello,

I just downloaded it from the Finalwire site, and the Download Insight pop-up reported it as safe.

Bombastus · September 22, 2011, 5:12pm

This is where you should download it from:

http://www.aida64.com/downloads

The official page. Norton does not report any malware in those.

Bombastus · September 22, 2011, 5:13pm

Installed it, just to try it out, and it both installed and ran fine. No malware warnings.

Criss · September 22, 2011, 5:14pm

Try to instal it, that's the moment when autoprotect blocks it.

Bombastus · September 22, 2011, 5:17pm

No problem at all.

Criss · September 22, 2011, 5:21pm

I instaled it ~2 minutes ago, same result:

Aida_diskbench.dll is the file that Norton says is a trojan: http://img705.imageshack.us/img705/756/aidadiskbench.png

I am using NIS 2012.

wxmanunr · October 13, 2011, 2:43pm

Same issue here. Still not resolved as of 10/13/2011. Using NIS 2012. C'mon Symantec!

Bombastus · October 13, 2011, 2:57pm

My File Insight gives that .dll a good rating.

Atomic_Blast · October 13, 2011, 6:50pm

Hi:

I agree with Bombastus. No problems downloading/installing AIDA64 from their website.

Look at the SONAR/Heuristics settings are they at default? Try resetting them.

Atomic_Blast :)

Carlos_Linares · October 13, 2011, 9:41pm

I would download the package from the publisher's website to make sure it hasn't been tampered with. It seems like the users that are doing this aren't running into a detection. Note that the screenshot posted indicates a traditional AV sig detection. Not a behavioral/SONAR detection.

wxmanunr · October 14, 2011, 1:47pm

It is def. SONAR/heuristics that is flagging the dll. Same thing showed up on two different machines, both with NIS 2012. SONAR settings are default. I had to make an exception for the file to get it to install.

wxmanunr · October 14, 2011, 2:00pm

Ok, I redownloaded the file from here:

http://download.aida64.com/aida64extreme185.exe

That is THEIR website. Here is the detection (not SONAR this time - on a different machine):

Full Path: c:\program files (x86)\finalwire\aida64 extreme edition\aida_diskbench.dll
____________________________
____________________________
On computers as of Not Available
Last Used 10/14/2011 at 7:57:12 AM
Startup Item No
Launched No
____________________________
____________________________
Unknown
Number of users in the Norton Community that have used this file: Unknown
____________________________
Unknown
This file release is currently not known.
____________________________
High
This file risk is high.
____________________________
Threat Details
Threat type: Heuristic Virus. Detection of a threat based on malware heuristics.
____________________________

____________________________
File Actions
File: c:\program files (x86)\finalwire\aida64 extreme edition\aida_diskbench.dll
Removed
____________________________
File Thumbprint - SHA:
8949651c8be273e7a7f6dca7305cddbfa68fdd919dac5ea914c76155670738a4
____________________________
File Thumbprint - MD5:
9d9c37e282f0ea9c712585ecb9f9908f
____________________________

Thoughts?

Bombastus · October 14, 2011, 2:08pm

This is my File Insight of the same file:

Full Path: C:\Program Files (x86)\FinalWire\AIDA64 Extreme Edition\aida_diskbench.dll

____________________________

Developers FinalWire

Version Not Available

Identified 2011-10-05 at 06:33:11

Last Used Not Available

Startup Item No

____________________________

Unknown This program crash history is not known.

____________________________

Few Users Hundreds of users in the Norton Community have used this file.

____________________________

Mature This file was released 2 months ago

. ____________________________

Good Norton has given this file a good rating

. ____________________________

Source File: aida_diskbench.dll

____________________________

File Thumbprint - SHA: 8949651c8be273e7a7f6dca7305cddbfa68fdd919dac5ea914c76155670738a4

____________________________

File Thumbprint - MD5: 9d9c37e282f0ea9c712585ecb9f9908f

____________________________

wxmanunr · October 14, 2011, 5:58pm

Did you notice our hashes are EXACTLY the same, but we get two totally different outcomes?

Bombastus · October 14, 2011, 6:14pm

Yeah, that is pretty weird.

Pi1 · October 20, 2011, 1:01am

I had no problems when I tried it on my end on an updated 64-bit Windows 7 HPE (IE8). I downloaded http://download.aida64.com/aida64extreme185.exe, installed with defaults, and ran it (didn't use it though) without any problems. Are some of you guys still having this problem?

wxmanunr · October 20, 2011, 1:33pm

I followed your link exactly. Installed it and had the same problem:

Full Path: c:\program files (x86)\finalwire\aida64 extreme edition\aida_diskbench.dll
____________________________
____________________________
On computers as of Not Available
Last Used 10/20/2011 at 7:31:06 AM
Startup Item No
Launched No
____________________________
____________________________
Unknown
Number of users in the Norton Community that have used this file: Unknown
____________________________
Unknown
This file release is currently not known.
____________________________
High
This file risk is high.
____________________________
Threat Details
Threat type: Heuristic Virus. Detection of a threat based on malware heuristics.
____________________________

____________________________
File Actions
File: c:\program files (x86)\finalwire\aida64 extreme edition\aida_diskbench.dll
Removed
____________________________
File Thumbprint - SHA:
8949651c8be273e7a7f6dca7305cddbfa68fdd919dac5ea914c76155670738a4
____________________________
File Thumbprint - MD5:
9d9c37e282f0ea9c712585ecb9f9908f
____________________________

Please fix.

wxmanunr

Bombastus · October 20, 2011, 1:49pm

And it is still a completely clean, known good file, that installs and runs without any issue, on Windows 7 64-bit, using NIS 2012, for me.

wxmanunr · October 26, 2011, 12:01am

Alright, AIDA64 v2.00 just came out today. Same problem, but now it catches two files:

Full Path: c:\program files (x86)\finalwire\aida64 extreme edition\aida_update.dll
____________________________
____________________________
On computers as of Not Available
Last Used 10/25/2011 at 5:59:00 PM
Startup Item No
Launched No
____________________________
____________________________
Unknown
Number of users in the Norton Community that have used this file: Unknown
____________________________
Unknown
This file release is currently not known.
____________________________
High
This file risk is high.
____________________________
Threat Details
Threat type: Heuristic Virus. Detection of a threat based on malware heuristics.
____________________________

____________________________
File Actions
File: c:\program files (x86)\finalwire\aida64 extreme edition\aida_update.dll
Removed
File: c:\program files (x86)\finalwire\aida64 extreme edition\aida_diskbench.dll
Removed
____________________________
File Thumbprint - SHA:
abeb791a910437099d6837cd65dc4f15130c74b822a6bf1b9cc95e41d1633179
____________________________
File Thumbprint - MD5:
25cf3281c288b9d3708a562bf1e3231d
____________________________

Symantec?

wxmanunr

AIDA64 False positive

Announcements