The Eye Tribe

[peter.hormuth]

Hello,

when I try to install "TheEyeTribeSDK-0.9.36-x86.exe" on windows 7 which I downloaded at the http://theeyetribe.com/?download_file=5 ... 9dfb7fa141

My my trend micro scan says the file is infected by a trojan called "TROJ_FAKEAV.BMC"
the scanner is deleting the file.

Result:
[1204:0558][2014-06-26T14:51:26]e000: Error 0x80070002: Failed to launch elevated child process: C:\Users\adhope5\AppData\Local\Temp\{367819d6-79f3-441c-8543-8f5f115c610e}\.be\TheEyeTribeSDK.exe
[1204:0558][2014-06-26T14:51:26]e000: Error 0x80070002: Failed to elevate.
[1204:0558][2014-06-26T14:51:26]e000: Error 0x80070002: Failed to actually elevate.
[1204:0558][2014-06-26T14:51:26]e000: Error 0x80070002: Failed to elevate.
[1204:0558][2014-06-26T14:51:26]i399: Apply complete, result: 0x80070002, restart: None, ba requested restart: No

Is there another TheEyeTribeSDK-0.9.36-x86.exe version which is not infected or did I do something wrong.

Thanks

Peter

[Martin]

Hi Peter,

It seems the Trend Micro scanner is detecting false positive.

I just downloaded a fresh copy and scanned it locally with AVG with no issues found.

In addition I submitted the file to a service that scans with 40 engines (Kaspersky, McAfee, Symantec etc.) and it came back with 1/40 where the one is TrendMicro.

I have submitted a report to TrendMicro for reclassification.

[peter.hormuth]

thanks for the fast respone.

So we will wait for the update of trendmicro.

Peter

[Martin]

I will investigate further on our end to see if we can prevent the malware flagging. I think it is related to the way resource are embedded in the software. Hopefully we can have it fixed with the next update that goes out in within a few days.

[Martin]

This is the reply from TrendMicro:

Code: Select all

The file you have submitted is currently not detected by Trend Micro:

FileName:TheEyeTribeSDK-0.9.36-x86 (1).exe
FileSize:30593378
FileMD5:4efee91dd84888c0bdad312729392234
FileSHA1:a5b9c1c36d676f6cd9b620c51196d3debb2d452e

If you see any detection on your side while using Trend Micro products, please
submit the following information:

1. Screenshot of the detection
2. Component version of the product used
3. The exact copy of the file which is detected on your end

I'd be most thankful if you could provide the three items above so we can get this issue resolved.

Edit: Does it change if you do an update on the anti-virus engine and database?
Edit2: I just downloaded a fresh copy of the TrendMicro HouseCall and ran it over a fresh downloaded SDK copy with no issues found. Looks version dependent.

[Martin]

Received another reply from TrendMicro

Code: Select all

It is possible that a previous pattern had detection over your file which was corrected in the mean time. Signatures are released frequently so this might explain why I did not saw any detection over your file.


Seems it was a temporary miss-classification in their virus database/engine. Does it go away if you update the definition file?