Author Topic: WR-AIO flagged as malware by Sophos (Read 10783 times)

Ztruker · « **on:** November 19, 2012, 05:03:10 pm »

Following posted in a thread I'm working at G22ksToGo.com:

Quote

BUT, after running all the steps in windows repair and restarting my machine; my anti-virus (Sophos) is reporting a virus/spyware (was not reporting it prior to running windows repair). It is reporting the following:

CXmal/Badlnk-A
and it is reporting the location as:

\\.\GlobalRoot\Device\Harddisk\VolumeShadowCopy1\Documents and Settings\username\recent\windows repair.lnk
\\.\GlobalRoot\Device\Harddisk\VolumeShadowCopy2\Documents and Settings\username\recent\windows repair.lnk

He uninstalled WR-AIO and the notifications from Sophos went away.

Shane · « **Reply #1 on:** November 19, 2012, 05:11:35 pm »

\\.\GlobalRoot\Device\Harddisk\VolumeShadowCopy1\Documents and Settings\username\recent\windows repair.lnk
\\.\GlobalRoot\Device\Harddisk\VolumeShadowCopy2\Documents and Settings\username\recent\windows repair.lnk

Those are just locations in the volume snap shot, and those are just shortcuts in the recent menu, it isnt even flagging the program, just the shortcuts?

lol have him submit it to them so they can fix their defs

And the name of it they flagged it as is a bad link
CXmal/Badlnk-A

Maybe because the shortcut location is on the snap shot and the shortcut points to the normal drive?
http://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/CXmal~BadLnk-D/detailed-analysis.aspx

If you have a submit link I can send my program to them as well.

Shane

Author Topic: WR-AIO flagged as malware by Sophos (Read 10783 times)

Ztruker

WR-AIO flagged as malware by Sophos

Shane

Re: WR-AIO flagged as malware by Sophos