False positive?

Fréderique · Beitrag von **Fréderique** » Fr 27. Feb 2015, 12:49

Hi, my antivirus program BullGuard just quarantined one of the files in MPE: mpeclient.apk => classes.dex. It says the file is infected.
Please comment. If it's a false positive I'll inform BG and get it out of quarantaine. I wanted to add a screenshot of the BG message but can't find out how to add it as an appendix.

FJ, if you see this, thanks again for making MPE. I use it all the time to save my text messages to my PC and to save my contacts. Great job!

Fréderique

Fréderique · Beitrag von **Fréderique** » Fr 27. Feb 2015, 13:10

I'm sorry, I said it wrong.

The infected and quarantined file is Android.Trojan.SMSSend.AAH.

The infected object was mpeclient.apk => classes.dex

The path where they found it was C:\Program Files (x86)\MyPhoneExplorer\mpeclient.apk => classes.dex.

The infected process was [3956] C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe.

To be clear, this Trojan was found on my desktop pc. Maybe I imported it to the desktop through my text messages in MPE?
I'm confused what this is about.
Can somebody help out?
Thanks.

RobertR · Beitrag von **RobertR** » So 1. Mär 2015, 18:30

Same on my pc
Emsisoft Anti-Malware found "Android.Trojan.SMSSend.AAH"
-----------------------------------------------
Scan-Beginn: 01.03.2015 17:12:42
C:\Program Files (x86)\MyPhoneExplorer\mpeclient.apk -> classes.dex gefunden: Android.Trojan.SMSSend.AAH (B)
-----------------------------------------------
I quarantined this file and MPE is still running.

MPE is free, but I need a lot of money for new safety programs when I want to use it :shock:

Fréderique · Beitrag von **Fréderique** » Di 3. Mär 2015, 13:12

Hey RobertR,

I found info on this malware here, in German:

http://www.fjsoft.at/forum/viewtopic.php?t=23891

As far as I understand it, this problem is known and being handled by FJ but there seems to be confusion about what he is doing about it and other malware that have been detected in MPE.

What's going on exactly? Is MPE becoming untrustworthy as far as malware is concerned?

Do you think that by eliminating this malware I can just continue using MPE? I'm really very fond of this program.

Fréderique

Fréderique · Beitrag von **Fréderique** » Di 3. Mär 2015, 13:33

Another interesting question:

I installed MPE on this pc on August 25 last year and I run all kinds of scans all the time. How come this trojan has only just been found??

RobertR · Beitrag von **RobertR** » Di 3. Mär 2015, 19:45

Hi Frederic,
seems to be a malware für android devices.
I scanned my smartphone with "TrustGo" which didn't find any suspicious things ...??!!
On my pc I do an automatic scan once a week with Emsisoft Anti-Malware.
The scan last sunday was the first to discover this Trojan. Very strange !! I've installed MPE a few months ago. After that I had a lot of work with "Yawtix" that had confused my browser even after the removal.
Too bad, but I have to think about an alternative to MPE (Google-Sync?) ...
Right now I trust more in Google than in this infested Software

RobertR · Beitrag von **RobertR** » Di 3. Mär 2015, 20:07

Hi again,

... confused ...

5 minutes ago there was a popup of Emsisoft that my files in quarantine were rescanned with new signatures and some ot them were false alarms.
It concerned "mpeclient.apk"
I uploaded the file to Emsisoft on Sunday. Maybe they have checked it already - I've got no further Information.

Fréderique · Beitrag von **Fréderique** » Di 3. Mär 2015, 22:21

Thanks for responding. You can post in German if you like. I'm Dutch and understand German, it's just easier and quicker for me to write in English.

Now I'm totally confused as well. I'm mailing with MBAM about this. Shall tell them your findings.

I've used MPE for some years now, never had a problem. MBAM said my pc was clean, just some adware left. I don't know yet which adware and whether it's related to MPE.

I've read a lot today on this forum and it all seems to be about malware/adware that is installed upon installation of MPE. I saw nothing about trojans. Did you?

I'll let you know if I know more, ok?

And my name is Fréderique, I'm a girl. :-D

Fréderique · Beitrag von **Fréderique** » Mi 4. Mär 2015, 17:42

RobertR,

Did you see this?
===================================

icke1954
Moderator

Joined: 19 Apr 2014
Posts: 1518

PostPosted: Tue Mar 03, 2015 17:51 Reply with quoteBack to top
Hallo,
Bitte diesen Post mal anschauen http://www.fjsoft.at/forum/viewtopic.ph ... 817#110817

Gruß icke
================================================

So it IS a false positive!! That is good news. Because if you install MPE without the additional optional software it is a GREAT program!

FJ, if you read this, thank you for telling Icke to post that.
I'm VERY relieved!!

I'll tell BullGuard it's a false positive.
And I agree totally that TOO many people use software without spending a small amount. What is 5 or 10 euros for most people? You drink 2 beer or buy a packet of cigarettes and it's gone too.

Greed is destroying our world.

Don't let it get to you, FJ, all the bad comments. Keep on going! <3

RobertR · Beitrag von **RobertR** » Do 5. Mär 2015, 19:03

Good news

Thank you Fréderique