Trend Micro Anti-Virus Gives False Alarm

If you own Trend Micro Anti-Virus, you will get a false warning that our setup program contains a “possible moly-1 threat.”  This is completely false, there is no virus in our software, and we do protect our software with code-signing certificate.

This false alarm is triggered on all our setup programs including:

  • Spell Check Anywhere
  • Grammar Check Anywhere
  • Food And Exercise Diary
  • Cloud Files Manager

We are right now in contact with Trend Micro to have them resolve this false alarm.  Below you can find some emails, with valid email address of the people at Trend Micro, with whom we are in contact at the moment.  You can, if you want, send emails to these people at Trend Micro to verify all this info.

Update as of Aug 11, 2009

Below is the series of emails with what looks the problem is going to be resolved in 2 weeks by Micro Trend.

Email 1

Below is an email after we called the legal department at Trend Micro.

From: jorge_young@trendmicro.com [mailto:jorge_young@trendmicro.com]
Sent: Monday, August 10, 2009 9:54 PM
To: support@spellcheckanywhere.com
Cc: Brean_Olsen@trendmicro.com
Subject: TG ENTERPRISES INC – blocked software
Importance: High

Hi Tomer (Tomer Guez of TG enterprises Inc – 781-583-7126)

In our brief conversation this morning, you claim that customers of your websites have been blocked by one of our antivirus programs as having malware:

WEIGHTLOSSSOFTWARE.COM

SPELLCHECKANYWHERE.COM

GRAMMARCHECKANYWHERE.COM

CLOUDFILESMANAGER.COM

Our Detection Reevaluation Review (DRR) is looking into it; however, in the meantime, can you please complete the form at the following URL?  Our DRR group will need the information requested to determine what is going on.

http://re-evaluation.custhelp.com/

Let me know if you have any questions or comments.

Regards

Jorge

Email 2

This is a follow up email from an manager handling these types of false alarms.

From: Brean_Olsen@trendmicro.com [mailto:Brean_Olsen@trendmicro.com]
Sent: Tuesday, August 11, 2009 12:02 AM
To: support@spellcheckanywhere.com
Cc: jorge_young@trendmicro.com
Subject: RE: TG ENTERPRISES INC – blocked websites

Tomer,

I would like to first introduce myself. My name is Bo Olsen I am the manger on the Detection Re-Evaluation team here at trend. Jorge young forwarded my your email regarding our product flagging your program. I will be able to assist you in resolving this issue. I will need the files that are being flagged by the product. If you could attach them in a password protected zip file I would appreciate it. Once I receive the files I will send them along to be reviewed so we can start working on getting this resolved.

Thanks,
Bo

Email 3

The problem is actually not with our software per say.  The false alarm is because of the program we use to package our software for delivery to the customer.  This packaging software is called Setup Factory.  It is this program that is being attacked falsely by Micro Trend.  Since we package all our software with Setup Factory, all our downloaded software get this false alarm.

Below is an email regarding this Setup Factory issue between Indigo Rose, the makers of Setup Factory, and us, regarding these false alarms:

—–Original Message—–
From: Indigo Rose Software – Sales [mailto:ir-sales@indigorose.com]
Sent: Tuesday, August 11, 2009 12:18 AM
To: t@tomer.us
Subject: [#LVS-557199]: Other From Tomer Guez (1249928131)

===== PLEASE REPLY ABOVE THIS LINE =====

> Possible virus infection in Setup Factory 8.0 bootstrapper.

Hello,

there is no virus in Setup Factory, this is just false positive that this vendor [Micro Trends] does not want to fix.

http://www.indigorose.com/forums/showpost.php?p=141521

Kind regards,

Ulrich

===================

Ticket ID: LVS-557199

Department: Sales & Service

Priority: Medium

Status: Open

Registered users can view this ticket online and post replies through the customer portal:

https://www.indigorose.com/customers/ticket-view.php?id=10908

Regards,

Indigo Rose Software

http://www.indigorose.com

The above URL post is the following:

Ulrich Ulrich is offline
Indigo Rose Staff
Join Date: Apr 2005
Location: Sao Paulo, Brazil
Posts: 681

Trend Micro is the only vendor constantly identifying setups build with Setup Factory as “possible Movly”. Yes, they were contacted by Indigo Rose. Repeatedly.

http://www.virustotal.com/analisis/9…acc-1248706331

Ulrich

Email 4

Some good news… Micro Trends have been, so far, very prompt in fixing this issue as you see in the email below.

From: Brean_Olsen@trendmicro.com [mailto:Brean_Olsen@trendmicro.com
Sent: Wednesday, August 12, 2009 6:17 PM
To: support@spellcheckanywhere.com
Subject: RE: TG ENTERPRISES INC – blocked websites

I was updated late last night we finished reviewing your programs and have released a bandage pattern (the first step to being removed) and on our next full release we should no longer detection the installer for your programs.  I am trying to find out if it made it into this weeks or next week’s update. I am not sure if it was able to make it in before we sent the pattern to QA for this week update.

Thanks,
Bo

Leave a Reply

The Food Database