Hello,

I would like to report that Norton Power Eraser detects BitTorrent.exe as Suspicious.

http://www.bittorrent.com/

http://www.bittorrent.com/btusers/download/complete?os=win

File name: BitTorrent.exe

Submission date: 2011-03-30 19:04:11 (UTC)

Current status: finished

Result: 1/ 41 (2.4%)

Additional information

MD5   : 46854c694aaadb49e12a459f74a6dd0d

SHA1  : bc06aafa168b02a5caca697e66411105f7ced62f

SHA256: b150ced250382a6f6f044b2028f56e8b5b436f6ae34806f00465581f8b713fc5

http://www.virustotal.com/file-scan/report.html?id=b150ced250382a6f6f044b2028f56e8b5b436f6ae34806f00465581f8b713fc5-1301511851

http://valkyrie.comodo.com/Result.aspx?sha1=BC06AAFA168B02A5CACA697E66411105F7CED62F&&query=0&&filename=BitTorrent.exe

http://www.threatexpert.com/report.aspx?md5=46854c694aaadb49e12a459f74a6dd0d

http://www.sunbeltsecurity.com/cwsandboxreport.aspx?id=78745865&cs=792944CC2D3CE1D211A6A85DCB3CD1BE

http://analysis.avira.com/samples/details.php?uniqueid=GLfVHsY0OU9CfrBwqng1rKhL7hvrzTDS&incidentid=711944

https://www.microsoft.com/security/portal/Submission/SubmissionHistory.aspx?SubmissionId=17d358d0-7536-4019-81e1-b6ed68e33406

Thank you,
-John Jr :)

It actually is suspicious isn't it?

If you didn't knowingly install the program it could be used in a very bad way.  It's a file sharing program and it could just as easily be sharing all your personal files if someone else installed it.

I use a legitimate remote administator program so I can connect into my other systems and Norton always detects it as a security risk labeling it as a remote control software.  Thats exactly what it is, the only difference between it and a remote access trojan is that I installed it and I controll it.

Do you think Norton should just skip all these programs and always assume everyone knows exactly what programs they have installed and what all of them do and are capable of?

Dave

Hello,

I did knowingly install it. :)

If Norton thinks it is suspicious, then Norton thinks it is suspicious, I will let the Experts decide; I am not against Experts sharing what they think. ;)

I am just posting to see if this is a false positive or what not, that is all. ;)

I like to have the Anti-malware Teams double check every detection to make sure, that is all. ;)

Thank you for sharing that. :)

Because of the aggressiveness of the tool, it is more likely to object to more applications and have a much higher rate of false positives.  It is not a good second opinion scanner.  It is for the purpose of removing malware that safer methods have failed to remove.

I already knew from the warning already given by Norton about the product, I always try to double check any detections anyway, regardless; so it is not much of a problem to me, but I still like to report things.

If I think something is malicious and am not sure, I just quarantine it and try to get other opinions, and if it turns out to be malware; I remove it. ;)

It would be nice if NPE had its own forum and/or a way to submit false positives/malware from the program itself. :)

Anyway, thank you for commenting again. :)

hi  goodjohnjr,

Thank you for your input.  We are currently looking into this and i will update this thread if we find anything but it appears as though the bittorrent file shares some suspicious attributes. Your first screenshot shows that it wasn't detected outright, only listed in the second group of 'suspicious' so its not so much an FP, especially when you factor in the aggressive nature of NPE.

We always appreciate feedback.

Regards,

makoto

Thank you, at first it was detected as Bad, but I think after I had it Submitted through NPE, then it was detected as Suspicious after I did another NPE scan. ;)

Thank you for your time & responding. :)

Here it is, from a NPE scan from today: :D

And after Submitting the file:

Now my post is more accurate. ;)