Author Topic: WR-AIO flagged as malware by Sophos  (Read 11136 times)

0 Members and 1 Guest are viewing this topic.

Offline Ztruker

  • Jr. Member
  • **
  • Join Date: May 2012
  • Posts: 77
  • Location: Space Coast of Florida
  • Karma: 1
    • View Profile
WR-AIO flagged as malware by Sophos
« on: November 19, 2012, 05:03:10 pm »
Following posted in a thread I'm working at G22ksToGo.com:

Quote
BUT, after running all the steps in windows repair and restarting my machine; my anti-virus (Sophos) is reporting a virus/spyware (was not reporting it prior to running windows repair). It is reporting the following:

CXmal/Badlnk-A
and it is reporting the location as:

\\.\GlobalRoot\Device\Harddisk\VolumeShadowCopy1\Documents and Settings\username\recent\windows repair.lnk
\\.\GlobalRoot\Device\Harddisk\VolumeShadowCopy2\Documents and Settings\username\recent\windows repair.lnk

He uninstalled WR-AIO and the notifications from Sophos went away.
Rich
The only thing that is certain is that nothing is certain - Heraclitus.

Offline Shane

  • Administrator
  • Hero Member
  • *****
  • Join Date: Sep 2011
  • Posts: 9281
  • Location: USA
  • Karma: 137
  • "Knowledge should be shared not hidden."
    • View Profile
Re: WR-AIO flagged as malware by Sophos
« Reply #1 on: November 19, 2012, 05:11:35 pm »
\\.\GlobalRoot\Device\Harddisk\VolumeShadowCopy1\Documents and Settings\username\recent\windows repair.lnk
\\.\GlobalRoot\Device\Harddisk\VolumeShadowCopy2\Documents and Settings\username\recent\windows repair.lnk

Those are just locations in the volume snap shot, and those are just shortcuts in the recent menu, it isnt even flagging the program, just the shortcuts?

lol have him submit it to them so they can fix their defs :-)

And the name of it they flagged it as is a bad link
CXmal/Badlnk-A

Maybe because the shortcut location is on the snap shot and the shortcut points to the normal drive?
http://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/CXmal~BadLnk-D/detailed-analysis.aspx

If you have a submit link I can send my program to them as well.

Shane