ls,
Mcafee states next during setup :
‘C:\Users\XXXXX\AppData\Local\Temp\is-V896G.tmp\CBStub.exe’
uitgevoerd waarmee is geprobeerd
‘C:\Users\XXXXX\AppData\Local\Temp
spE46.tmp\InstallManager.exe’ op te
roepen, en de bedreiging Trojan : Artemis!8700FB0DC4BE is gedetecteerd
en verwijderd
Hi,
it is possible there is a false virus threat detection due to the fact an offer screen is loaded during the setup.
It only displays an optional offer and nothing will get installed additionally without your acceptance.
All files on our servers have been checked before uploading.
If you feel uncertain, please see the result if you upload the setup to virustotal.com, where most software correctly identifies the file as safe, if something is found, it’s the offer screen mentioned above.
An ad free setup is available here for a small license fee: http://www.pdfforge.org/pdfcreator/plus
It only displays an optional offer and nothing will get installed additionally without your acceptance.
All files on our servers have been checked before uploading.
If you feel uncertain, please see the result if you upload the setup to virustotal.com, where most software correctly identifies the file as safe, if something is found, it’s the offer screen mentioned above.
An ad free setup is available here for a small license fee: http://www.pdfforge.org/pdfcreator/plus
best regards,
Looks that this is not False positive.
Virustotals reports: Detection ratio: 14 / 56.
Well, that actually means 75% of the products there consider it safe. The main issue here is, a pua detection is so loosely defined that it is impossible to say if the detection is actually false or just very misleading. Since the installmonetizer component displays an offer screen during the setup and even viewing a single ad is potentially unwanted, a pua detection
can be correct if a very strict definition of pua is in use. This however doesn’t mean any there is any threat and unfortunately the alerts look more or less just like virus/trojan detections. Some products even go as far as putting pua and virus/trojan into the same alert which is just wrong (e.g. “A virus was found: pua.installmonetizer”).
However, you shouldn’t even need to worry about this and most users will simply have their AV delete any detection, so we will also take action on this from our end and look for a better solution.
best regards,
Robin