Baku X DEMO 2016 is bad exe installer

Baku X.exe 2016 from Drzewiecki Design not safe an installer has bad virus or something wrong with its.

I already email him earlier.

:(

Hi,

I suspected this is a false positive based on my use of Norton and its scanning techniques, whiich can be a lot more 'robust' than other AV suites. So, as I have previously download the file (but not unzipped/installed it yet) I did the usual testing that I carryout in these cases......

1. Scanned the .zip file with Norton - no issues found.

2. Scanned the .zip file with AVG free - no issues found.

3. Scanned the .zip file with Malwarebytes Premium - no issue found.

4. Scanned the .zip file with SuperAntiSpyware free version - no issues found.

5 Unzipped the contents into a temp folder and Norton immediately flagged the baku_x_demo.exe file as unsafe. Checked the Details tab to see what it had found - stated it was due to WS.Repitation.1 - this is a generic reference used by Norton to ID those files THAT MAY contain risks based on its 'reputation' i.e. how many users have used it etc. Generally, these files can be restored via the link located to the left of the yellow Close button or from the Quarantine reports page.

6. Restored the baku_x_demo.exe file and then tested the file using AVG, Malwarebytes and SuperAntiSpyware - no issues found.

7. Installed the scenery into its own dedicated folder within my Scenery library setup and then tested the folder contents with all four products - no issues found.

Summary - a false positive report by Norton. This is a well known issue with Norton due to its more robust detection system that it uses to detect heuristic type threats. My normal practice, after doing the checking carried out above, is to 'trust' the file using the Norton File insight tool.

EDIT - if you do a google search for WS.Reputation.1 you will get a number of detailed overviews of what it is, how Norton detects it and other useful info - EDIT ENDS

Leave it in quarantine. Report it to norton. Wait until they decide.

Way to many people that react like longbreak and declare everything a false positive.

Btw longbreak, don't use two resident virus scanners at once. Norton runs in the background. So does malwarebytes premium. Those would interfere and block each other from detecting things.

Use one good paid av, throw the rest off your system.

OP, some av programs detect potentially harmful files, quarantine then, and report to card automatically. If the file is found safe it is automatically restored. Check if Norton does that. If not, report the file to them yourself. You will probably have to send it to them as a .zip file.

First, I don't 'react' and declare 'everything' as a false positive.

I based my assumption on the fact that the reported issue is not a 'true' virus but an 'assumption' by the Norton engine that it is a 'high' security risk because of its 'reputation' due to low use amongst the Norton community (this is clearly stated on the Norton webpage that describes the WS.Reputation.1 threat) AND the testing that I carried out.

WRT to using both Malwarebytes (MB) and Norton together. I have used both together for a number of years and I have never had any problems The reality is that both products are totally different beasts and complement each other - one is an anti-malware tool and the other is a anti-virus tool. However, Malwarebytes are increasingly claiming in their advertising that the product can be used as a total replacement for a traditional AV suite.

Malwarebytes used to be anti spyware and such.

Since version 3 (which you say you have), it contains a resident anti virus that you can not fully switch off. (Even though that may seem to be possible in settings.)

Don't use that and Norton together. They will interfer with each oher, and cause each other to miss virusses.

Also, don't think you are smarter then virusses. rust your AV.

If you have paid AV, just send in a sample of the found file, and let their lab analyse it. If it is deemed safe, the virus definitions update will include that, and the file will automatically be restored from Quarantine.

May take a week, but safety first.

Saying in general that files with such a name are safe is not a good idea. There is no saying if the next file with that that comes along is safe too.

You paid for your anti virus for a reason. Use it.

WOW!!!! I wish that I had just gone with the Malwarebutes (MB) marketing blurb as you have appeared to have done. I obviously wasted time on actually researching its claims about its AV protection prior to taking the decision to continue to use both MB and Norton. Likewise, simply assuming that running MB with Norton will only result in conflicts - again I have obviuosly wasted even more time researching the subject...............

Of course, if I hadn't wasted my time I wouldn't be able to highlight that........

MB is now a AV suite and/or contains an dedicated AV tool - Total rubbish, despite the marketing claim that seems to indicate as such. If you FULLY read the product info there is no actual mention of such. In fact, this has been fully clarified in the MB forum by a senior MB team member who states:

"I believe there's a bit of misinterpretation going on here that I'd like to clear up. First off, Malwarebytes 3.0 is not an actual antivirus and we have never said that it was. What we did say and are continuing to say is that it can replace your antivirus software because our protection mechanisms (such as Malicious Website Blocking, Anti-Exploit and Anti-Ransomware) are more proficient at blocking/preventing infection ........".

Note the emphasis he placed on the word 'replace'. In a nutshell, it does not contain ANY specific AV tool and simply relies on its existing tools to detect viruses and thus is still essentially an antimalware (AM) suite.

The full entry (by User ID exile360) can be read HERE.

MB and Norton will conflict - MB actually claims, in their FAQ and in a number of entries in their forum pages, that "We built Malwarebytes 3.0 to be compatible with all major antivirus software, even Windows Defender and Microsoft Security Essentials"

As I have previously stated I have had no issues whatsoever. Indeed, based on what I have read on various webpages there are plenty of users of both MB and Norton (and other AV suites) that have had no problems with conflicts. Yes, as with any product, there are SOME users who have encountered problems with MB and/or other AV suites, the vast majority of which seem actually related to how the Windows Action Centre (WAC- part of the OS) reports warnings from the installed product(s). Again, this is covered on the MB FAQ forum page and there are a number of ways to resolve such WAC issues if required.

WRT the general assumption that using multiple AV suites will cause issues - Yes it is generally acknowledged that running two AV suites together will cause issues but there is plenty of info out there that clearly shows that running an AV suite and a AM suite together should not cause issues and, indeed, it is often recommended as an AM suite will pick up stuff that an AV suite may miss (and vice versa) - this is due to the different ways in which such apps 'detect' harmful files.

WRT MB's claim that users can replace their dedicated AV - there is a lot of info out there on various websites and on the MB forums that would suggest that there are many security/IT specialist out there that are not totally convinced. Not surprising, as the main thrust of MB's claim is based on, some would say, a biased perception that all 'traditional' AV suites use what it terms are 'outdated' methods (both in how they detect stuff and how they are tested) whilst its own methods are supposedly 'cutting edge'. The fact is that many of the AV suites available today embrace the very same 'cutting edge' methods, only in a different way.

Trusting the AV - I accept that my actions WRT to this file and the WS.Reputation.1 'virus' may be seen as 'reckless' by some. However, as I have stated, I took the actions indicated based on my experience of using Norton, how/why Norton flags a file with the WS.Reputation.1 AND information gleaned on various forums, including Symantec's where it is readily acknowledged that the WS.Reputation.1 flag is a generic flag based on the usage of the file within the Norton community. I rarely get such 'WS.Reputation.1' indications but when I do I take what I consider to be the appropriate action for the file based on the reasons stated above AND with due consideration as to the source of the file and the likelihood of it being malicious.

By taking a structured approach to the testing of the file using alternative products it is possible to verify whether the file is safe or not. One step that I normally take but, at the time of testing I didn't have internet access to do so, is to upload the file for testing at the VirusTotal website (https://www.virustotal.com/#/home/upload) - did so prior to typing this post and it came back clean, having been checked against 64 AV engines, including Symantec.