Spyware Doctor Alert during Install

sunilj · 24th August 2007, 00:01

Hello,

I am a developer at a Startup. We develop a browser extension with sidebar and our product is packaged using NullSoft installer. During the installation of our product, we are noticing that Spyware Doctor is alerting the user with threat name : Adware.Maxifiles. This alert is happening during kernel32::CreateMutexA call and subsequent release. Our product does not include any kind of Adware or Spyware.

I am interested to know what is causing this warning message and to find a way to stop this warning message. Any help provided would be greatly appreciated. Thanks.

Sunil

Joel · 24th August 2007, 04:12

Try to create a dummy installer that uses kernel32::CreateMutexA, let's see if Spyware Doctors detects it, the 3rd party launch code.

sunilj · 24th August 2007, 06:38

I can still see the problem using the below code.

; You can get help from the dll itself by calling it with a ? like example below.
; This plugin will prevent multiple instances of your program running at once.

OutFile "MutexCheck.exe"

Function .onInit
System::Call 'kernel32::CreateMutexA(i 0, i 0, t "myMutex") i .r1 ?e'
Pop $R0
StrCmp $0 0 +3
MessageBox MB_OK "The installer is already running."
Abort
FunctionEnd

Section "MainSection"
SectionEnd

kichik · 24th August 2007, 07:23

Then it's a false positive by Spyware Doctor and should be reported to them so they can fix it.

24th August 2007, 00:01	#1
sunilj Junior Member Join Date: Aug 2007 Posts: 2	Spyware Doctor Alert during Install Hello, I am a developer at a Startup. We develop a browser extension with sidebar and our product is packaged using NullSoft installer. During the installation of our product, we are noticing that Spyware Doctor is alerting the user with threat name : Adware.Maxifiles. This alert is happening during kernel32::CreateMutexA call and subsequent release. Our product does not include any kind of Adware or Spyware. I am interested to know what is causing this warning message and to find a way to stop this warning message. Any help provided would be greatly appreciated. Thanks. Sunil

24th August 2007, 04:12	#2
Joel Debian user (Forum King) Join Date: Jan 2003 Location: Arch land Posts: 4,917	Try to create a dummy installer that uses kernel32::CreateMutexA, let's see if Spyware Doctors detects it, the 3rd party launch code. * PC: Intel Core 2 DUO E6550 @ 2.33 GHz with 2 GB RAM: Archlinux-i686 with MATE. * Laptop: Intel Core 2 DUO T6600 @ 2.20 GHz with 4 GB RAM: Archlinux-x86-64 with MATE.

24th August 2007, 07:23	#4
kichik M.I.A. [NSIS Dev, Mod] Join Date: Oct 2001 Location: Israel Posts: 11,343	Then it's a false positive by Spyware Doctor and should be reported to them so they can fix it. NSIS FAQ \| NSIS Home Page \| Donate $ "I hear and I forget. I see and I remember. I do and I understand." -- Confucius

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

24th August 2007, 06:38	#3
sunilj Junior Member Join Date: Aug 2007 Posts: 2	I can still see the problem using the below code. ; You can get help from the dll itself by calling it with a ? like example below. ; This plugin will prevent multiple instances of your program running at once. OutFile "MutexCheck.exe" Function .onInit System::Call 'kernel32::CreateMutexA(i 0, i 0, t "myMutex") i .r1 ?e' Pop $R0 StrCmp $0 0 +3 MessageBox MB_OK "The installer is already running." Abort FunctionEnd Section "MainSection" SectionEnd