Sign in to follow this  
jee soo lee

false positive- Naver Whale

Recommended Posts

My name is jee soo Lee in NAVER corporation, South Korea.


I'm writing this report for asking you modifying the error, that lavasoft vaccine program recognize our program 'whale' as a malicious code.



'Whale' is the PC based new web browser we have the plan for releasing ( http://whale.naver.com/en/ )


(related article : http://www.businesskorea.co.kr/english/news/ict/16685-challenge-ie-chrome-naver-releases-internet-browser-whale-tapping-web-browser-market)



during testing compatibility between your vaccine program and our browser, we have found that your vaccine program recognizes our program as a malicious code, therefore restrict installation.


many users complained about this problem



specific situation is like these


1. sometimes, your vaccine program recognize 'whale.exe' as a malicious code


2. sometimes, your vaccine program recognize 'IETabDriver.exe' as a malicious code



this is the corresponding link for the report



https://drive.google...b3M?usp=sharing



i also attach our file below (password : infected)



could you mind correcting these errors? and uploading our program whitelist of your program?



i appreciate your help and i look forward to your reply.


Thank you.


IETabDriver.zip

whale (2).zip

Share this post


Link to post
Share on other sites

Hi jee soo lee,

 

Thanks for your report. To confirm, the files we checked are:

 

File: IETabDriver.exe

MD5: c103a08d9f2f9e2d18eedab0e376b481

 

File: whale.exe
MD5: 9969650dab84c15ab0d8a69b7a827e9f

 

These two files are not currently detected.

 

Regards,

 

Andy

Lavasoft Malware Lab

Share this post


Link to post
Share on other sites

Yes, I can see the detection in the screenshot/xml file, but I can't recreate it with the files you uploaded. Maybe we're looking at different files.

 

Can you check the md5's of the detected files you're testing with and compare them with the files below? Are they the same, or different?

 

File: IETabDriver.exe

MD5: c103a08d9f2f9e2d18eedab0e376b481

 

File: whale.exe
MD5: 9969650dab84c15ab0d8a69b7a827e9f

 

Thanks,

 

Andy

Share this post


Link to post
Share on other sites

we have compared MD5 of those two files with ours, and they are the same.

but could you mind checking the error again using the file i attached(named : whale_install.zip)? this file is the combined file with those two file (usually, users use this file so, i think using this is more accurate)

and which window's version did you test in ? we have tested on the window 7(64bit), so i ask you to test on win 7(64bit).

and please check your UAC setting (the screen shot of our UAC setting is attached, please refer to this)

 

this is link of the file and screen shot,

https://drive.google.com/open?id=0B4IUsxrv-kNsQzZTUnBQNGdGb3M

 

i really appreciate your help.

 

sincerely

 

jee soo lee

Naver corporaion.

Share this post


Link to post
Share on other sites

Using the installer, I was able to recreate the detection on IETabDriver.exe. The md5 for that file was different from the original one that we tested with (md5: 0f0ec27159eda4c9bad814d28bda0e59).

 

This is an FP and will be removed from detection.

 

I wasn't able to recreate the detection on whale.exe. The md5 of the file installed using the installer is d574b68650c68f8941dbc16f86d56a2f, which is also different from the file we originally tested.

 

Can you upload the version of whale.exe that is being detected please?

 

Andy

Share this post


Link to post
Share on other sites

thank you for your helping,

 

we also have checked two files and there is problem of 'ietabdriver.exe' only, so it might not need to check about 'whale. exe' again

i really appreciate your help and if there is any other problems about this, i'll contact again

thank you

 

sincerely

jee soo lee

Naver corporation.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this