Spyware reports in NetWorx - false alarm?

Started by John Byers

John Byers

Spyware reports in NetWorx - false alarm?   25 January 2016, 13:33

Windows 10, Norton security 2016. Norton didn't like the NetWorx V5.5. After I downloaded the program update, Norton said it was spyware and deleted it. I will report this to Norton, but it is probably reporting something that is true, so I will not force this download by bypassing Norton.

Let me know if you remove the virus bug so I can download the latest update. smile

JByers
SoftPerfect Support forum - Andrew avatar image

Re: Spyware reports in NetWorx - false alarm?   25 January 2016, 17:09

John, you'd be about the 10th this week asking us to remove a virus that is not there confused

It's a pretty common issue, we specifically mentioned it in this article.

Unfortunately that's the way NAV works. Even though our software has good reputation, any change to the files (such as a new version or a language update) triggers these alerts. Here is more information about this issue.
Will

Re: Spyware reports in NetWorx - false alarm?   29 January 2016, 21:33

Downloaded File networx_setup.exe Threat name: PUA.Yontoo.C from softperfect.com
Source: External Media

networx_setup.exe
SoftPerfect Support forum - Andrew avatar image

Re: Spyware reports in NetWorx - false alarm?   29 January 2016, 21:38

The same Norton here doesn't show any alerts, neither do the vast majority of other AVs.
aetheric

Re: Spyware reports in NetWorx - false alarm?   30 January 2016, 06:20

It's definitely a false positive. Norton AV uses heuristic algorithms, in an attempt to find threats that "are not known yet". In other words: NAV does not have a specific "virus signature", but uses certain "low-level code recognition". If certain instructions, in a certain sequence, are found, NAV will flag it as a threat.

The NetWorx installer v5.5 is safe to download.
sean

Re: Spyware reports in NetWorx - false alarm?   07 February 2016, 01:29

I had same problem. Then I checked in virustotal and got all clear there. I'd trust virustotal more because it has over 50 scanners in 1 place. One or two can show false alerts, but sure they can't be all wrong.

Btw I want to say thankyou softperfect. After using networx for years I can def say its a damn good piece of software!! Good job folks! Keep it going. Keep the quality. It shows. And 5stars to your lightweight superfast handcrafted website! Definitely not one of the ubiquitous template solutions. Style quality details and all. All the best!
G

Re: Spyware reports in NetWorx - false alarm?   09 February 2016, 04:30

I am a Networx addict (laugh) as i often connect to 2G through bluetooth PAN network.
I downloaded Networx 5.5.1 from softperfect own site, installed in a fresh win 8.1, customized, worked like a charm.
Soon after Google Chrome reverted its settings to default because they were 'corrupted by another program'. I became suspicious and managed chrome search engines. Turned out 'Ask' was there (among others) but not enabled. I ran some virus scanners; Hitman Pro flagged one file as malware: C:/windows/system32/drivers/networx.sys (size 71 kB). I deleted and emptied trash. I restarted Networx; no problems. I checked the file in VirusTotal; result here: https://www.virustotal.com/da/file/70b5eb61f8d6c1cfbe8eb3ede008f3da7eb030ecb89e2de30e089a08b73c4f57/analysis/
Some found 'Nettool, Win64, Netfilter; Riskware'
My question: Does Networx install a driver there? If not, it's probably malware disguised under false name.
Comments and experiences wanted!
SoftPerfect Support forum - Andrew avatar image

Re: Spyware reports in NetWorx - false alarm?   09 February 2016, 10:04

A component of NetWorx may be flagged as NetFilter. This is a third-party network driver used to filter out local traffic, which unfortunately has also been misused in malware by others, thus resulting in it being flagged by your antivirus.

You can choose not to install it if you don't need to filter out LAN traffic.

In any case, NetWorx is safe. It is simply a situation when the same driver is used by both legitimate software and some malware, thus making certain virus scanners presume that everything with this driver may pose risk. When virus scanners conduct a thorough analysis instead of superficial presumption, they report NetWorx as safe. Many users send their antivirus vendor a message asking to investigate the situation with NetWorx. After that, if the vendor has prompt customer support, NetWorx is marked as safe.

Reply to this topic

Sometimes you can find a solution faster if you try the forum search, have a look at the knowledge base, or check the software user manual to see if your question has already been answered.

Our forum rules are simple:

  • Be polite.
  • Do not spam.
  • Write in English. If possible, check your spelling and grammar.

Author:

Email:

Subject

A brief and informative title for your message, approximately 4–8 words:

     

Spam prevention: please enter the following code in the input field below.

 **     **   *******    ******    **    **  **     ** 
 **     **  **     **  **    **   ***   **  **     ** 
 **     **  **         **         ****  **  **     ** 
 **     **  ********   **   ****  ** ** **  **     ** 
  **   **   **     **  **    **   **  ****   **   **  
   ** **    **     **  **    **   **   ***    ** **   
    ***      *******    ******    **    **     ***    

Message: