Spyware and Trojan warnings for installations created with Wise
|Article:TECH12346|||||Created: 2005-09-13|||||Updated: 2009-12-18|||||Article URL http://www.symantec.com/docs/TECH12346|
- Critical Object warning when Lavasoft Ad-Ware scans the computer.
- Data Miner message when an installation created by WIS 9 and executed on a computer with F-Secure Anti-Virus Client Security.
- The following error is displayed while compiling a WiseScript .WSE file:
"Could not open the file C:\Program Files\Wise Installation System\Progress\WizWin32a.DLL. Please check that this software has been installed properly."
- WiseCustomCall.dlls, called from MSI installations are falsely detected as trojan horses by some anti-virus softwares (i.e. Vipre)
Lavasoft Ad-Aware SE Personal Build 1.x, and F-Secure Anti-Virus Client Security 6.00 have mistakenly identified Wise Installation System files as components of known spyware (BroadcastPC or WhenU.DesktopToolbar ).
Installation of the PC-cillin spyware blocker has also been noted to prevents the Wise Installer from running. It detects the creation of the temporary file as spyware and apparently denies access to the temp folder.
Lavasoft Ad-Aware SE mistakenly identifies WizWin32a.DLL as a data miner file belonging to 'Broadcast PC'. Ad-Aware may also incorrectly identify Httpin32.DLL as a data miner.
BroadcastPC is a vendor of known ad ware software and is listed on the following sites:
WIS 9 uses WizWin32a.DLL for the progress bar during installation. It can be seen on the Progress Bar page of Installation Expert in the Custom Progress Bar DLL field. WIS 9 uses Httpin32.DLL during installs to handle FTP and HTTP downloads during "Copy Local File" actions.
Ad-Aware will also identify 'restart.exe' (default location \Program Files\Wise Installation System\Runtime\Wise) file as belonging to 'WhenU.DesktopToolbar'.
WhenU.DesktopToolbar is listed on the following site:
WIS 9 uses Restart.EXE in conjunction with runtime scripts to restart the computer. Restart.wse is in the same directory as the Restart.EXE file if you need to examine this script.
If Ad-Aware and Wise Installation Systems both exist on the development computer, a Wise Solutions file may be deleted by Ad-Aware. Deselecting WizWin32a.DLL listed in the "Object" column for removal after Ad-Aware scanning will prevent deletion of these files. To replace missing files, reinstall Wise Installation Systems on the affected computer.
F-Secure AntiVirus Client Security will open a 'Data Miner detected' message when an installation created by WIS 9 is executed. When this message appears, select the radio button next to 'Do Nothing' and click 'Ok'. Selecting 'Quarantine' or 'Delete' will cause the installation to silently fail.
F-Secure- AntiVirus Security uses the portions of Lavasoft's Ad-Aware which is why both products misidentify WIS 9 files as Broadcast PC.
Wise Solutions has contacted Lavasoft to notify them Ad-Aware is mistakenly identifying our files as spyware.
Lastly, WiseCustomCalla.dlls, and WiseCustomCallb.dlls have been falsely identified as trojan horses by Vipre Antivirus. The WiseCustomCall dlls have been tested internally, and are safe. The Symantec team that supports the Wise products has contacted Vipre Antivirus to notify them that they are mistakenly identifying our files as trojan horses.
Article URL http://www.symantec.com/docs/TECH12346