10 replies to this topic

[BlairWitch]

Hello. I installed the Rising pc doctor today

http://www.rising-global.com/products/rising-pc-doctor.html

Since then malwarebytes have popped up some boxes about blocked ip addressess, like these: IP-BLOCK 204.188.205.14 (Type: outgoing) IP-BLOCK 222.76.95.78 (Type: outgoing)

So i scanned the rising pc doctor installer with virustotal it was detected by clamav as W32.Trojan.Genome-14 https://www.virustot...sis/1339313054/

My question really is that is it safe to use this program? Many say that it's a good program.

[BlairWitch]

218.10.190.10 (Type: incoming)
Server Location:

Harbin, Heilongjiang in China

[BlairWitch]

Now there is more development in this case. Malwarebytes detected the rising pc doctor updater as downloader trojan:
DETECTION C:\Program Files\Rising\RSD\Backup\RSD\RSSetup\updater.exe Trojan.Downloader QUARANTINE

This detection happened twice when the program was installed and also after i uninstalled the program and rebooted the computer.

[BornSlippy]

The detections are False Positives. The software is safe.

[BlairWitch]

BornSlippy, on 10 June 2012 - 10:57 AM, said:

The detections are False Positives. The software is safe.

That's good to know. I dumped the memory of the rising pc doctor driver protreg.sys and then uploaded it to virustotal and antivir detected it as rootkit.gen https://www.virustot...sis/1339343777/

I am so paranoid. Maybe i should quit using computer.

[Ibrad]

I use this software, its safe I don't know why the IP range is blocked. Nothing seems suspious on my machine since installing it. Its Anti-Trojan is cloud based so that is why you see it. It has no real time protection but has cloud task manager, and cloud software updater. I reported to MBAM FP to Rising so we shall see if MBAM fixes it.

[miekiemoes]

Hi,

I can't reproduce this detection. Just installed Rising PC Doctor and no detection here though. Can you verify this if mbam still detects? If so, please attach (zipped) the files to this thread that mbam detects.

Thanks.

[DarkSnakeKobra]

BlairWitch, on 10 June 2012 - 02:34 AM, said:

Hello. I installed the Rising pc doctor today

http://www.rising-global.com/products/rising-pc-doctor.html

Since then malwarebytes have popped up some boxes about blocked ip addressess, like these: IP-BLOCK 204.188.205.14 (Type: outgoing) IP-BLOCK 222.76.95.78 (Type: outgoing)

So i scanned the rising pc doctor installer with virustotal it was detected by clamav as W32.Trojan.Genome-14 https://www.virustot...sis/1339313054/

My question really is that is it safe to use this program? Many say that it's a good program.

ClamAV is known for it's fp's on Windows files as it's a UNIX antivirus scanner. Detection rate isn't the best out there and certainly others have much better detection.

[noknojon]

Quote

I installed the Rising pc doctor

There are many better A/virus programs, unless you are stuck in China and have limited internet.
As BornSlippery said "It is safe" but it is not regarded as a "Good" A/virus program in general -
If you run anything except a Linux system, I would choose one of the better known brands available -

[BlairWitch]

miekiemoes, on 18 June 2012 - 03:52 AM, said:

Hi,

I can't reproduce this detection. Just installed Rising PC Doctor and no detection here though. Can you verify this if mbam still detects? If so, please attach (zipped) the files to this thread that mbam detects.

Thanks.

Hello i just installed Rising pc doctor again and the file that was detected did not come with rising pc doctor installer that i downloaded yesterday. The one file that is in the quarantine is still detected by malwarebytes it was originally in the folder C:\Program Files\Rising\RSD\Backup\RSD\RSSetup which does not exist in this new installation.
Here is the detected file  updater.zip   268.22K   1 downloads

https://www.virustot...sis/1342170882/

Let me know if that file contains anything malicious. Thanks.

[miekiemoes]

Hi,

Thanks, I can reproduce detection on this and it's indeed a false positive here. This will be fixed in next update.