Computer not file sharing

Status
Not open for further replies.
jobeard said:
hmm; concerned with Look@Lan

I just found it also installs
C:\WINDOWS\iun6002.exe
which has been reported as a KeyLogging tool :confused:

regedit contains only one enter; that with the Uninstall of Look@Lan, which implies
the application has to explicitly launch iun6002.exe

I've elected to disable Look@Lan

Caveat Emptor,
Jeff
Click to expand...

hmm..... Caveat Emptor?? :confused:
How about.... Scientia est potentia!
  • On the one hand, one should only download and use software they want on their computer
  • On the other hand, it's helpful to be knowledgeable about the big picture and look beyond a single data point (especially as we know about things called false positives)
Ironic but, in fact, the body of evidence actually points back to your malware tool as the likely point of failure (and IMHO is what you should be wary of - see below)
!!! It's reporting a warning on something debunked and declared a false positive circa 2006 - 2007 !!!
  • Your malware scanner is spitting out false positives and/or
  • How up to date (and how good?) are its malware definitions?

Here's the "bigger picture" (for a more balanced assessment)
  1. Start with the fact that Look@LAN is available for download from numerous trusted web-sites which pre-screen for malware. I provide just a few example sites below. You should also note: these 3 sites alone have already downloaded Look@LAN tool over 600,000 times! (and they continue to do so!)
  2. Warnings about C:\Windows\iun6002.exe were pretty much debunked and declared false positives circa 2006-2007
    • iun6002.exe is the uninstaller portion of Setup Factory 6.0 from www.indigorose.com
    • As an uninstaller it deletes files, gets invoked via the registry and takes other actions which a malware scanner could honestly misinterpret as a false positive
      => Except this particular file and issue of false positive was addressed years ago
      => Here's just one of the many old threads to be found on the topic. It's from Emsi software (manufacturer of trusted anti-malware products - also see my P.S. below)
      => Yet this issue is still not fixed in your scanner of choice! (IMHO: that would make me wary of the scanner itself)
      iun6002.exe will be installed by ANY application installer that is built with Setup Factory, be it legitimate or malicious. The presence of this file on a machine is NOT an indication of infection, just as finding unwise.exe (WISE installer) or unins000.exe (InnoSetup installer) on a system doesn't indicate an infection even if malware used that application to build it's installer.
    • I'll add that i've been using Look@LAN for years. Never had a problem. Never had any scanner ever report it as problem
So.. just what tool were you running??? Is also good to make sure malware definitions are up-to-date

P.S.
wrt Emsi Software and for anyone reading, here's another of my freeware tool tips!
Checkout another great and free! malware prevention tool from Emsi Software: a-squared HiJackFree 3.1
 
false positive is a possibility, but over the years, I've experienced that Registry entries
can not be counted upon to be limited to the actions the names imply;
ie Uninstall can perform far more than what a naive reading implies --
isn't that the game of most trojans and virus' -- deception ?
 
jobeard said:
false positive is a possibility, but over the years, I've experienced that Registry entries
can not be counted upon to be limited to the actions the names imply;
ie Uninstall can perform far more than what a naive reading implies --
isn't that the game of most trojans and virus' -- deception ?
Click to expand...
Gee, almost forgot about this thread. But I wanted to reply/point some things out re: your post. Yes, your statement is correct. But only within the narrow context of the singular data point you repeat and focus on.

Note that a good malware scanner uses heuristics to be “predictive”, not just "reactive", to threats. Their predictive nature makes them prone to sometimes issue false positives. That’s just a fact of life. Not knowing any better then a singular scanner warning, I’m the first to heed the warning (and encourage others to do the same!)

But, in this case, we do know better. Fact is, there’s a large body of evidence to the contrary. IMHO your scanner is the problem. It's still reporting a file that was white-listed two years ago (Please re-read my last post as your reply side-stepped all the evidence i already detailed to the contrary)

To highlight just a few points and "paint the bigger picture", so to speak..
  • Well-trusted sites like CNET's download.com have already downloaded over 500,000! copies of Look@LAN since 8/24/2007
  • Over 2,100 copies downloaded just last week alone
  • Do you really think they continue to download an infected file 500,000+ times for the last two years? Or is the problem your scanner?
  • btw.. Over the couple of years i've been using Look@LAN: No malware. No problems. No scanner (including AVG, Symantec and others) i've ever used has ever reported it a problem)
ll6.jpg


Please understand, I think everyone should or should not run whatever software they choose (is a personal choice) :) But forum readers should both understand the issues (and evidence) of false positives. And not be afraid to download/use a handy tool like Look@LAN if they so choose.
 
Status
Not open for further replies.

Similar threads

Daniel Sims
Steam Family Sharing gets a complete overhaul
Replies
4
Views
153
GodisanAtheist
GodisanAtheist
O
Syngate - what is it and why has it shown up on my laptop?
Replies
2
Views
279
Nelson28
N
A
BitTorrent dethroned as the main source of internet's upstream traffic
Replies
11
Views
201
Axeia
Axeia

Latest posts

Back