Onderstaand het antwoord dat ik vandaag van support bij softperfect punt com kreeg:
Hi Bitwiper,
It's all much simpler. Somewhere earlier in June Kasperksy began
detecting the network scanner as a Trojan. A few other antivirus
products followed shortly thereafter as they apparently steal
signatures from one another.
We decided to recompile the latest version of the software hoping that
would have helped. The rationale was that the binary file is not
exactly the same even if built from the same source twice in a row.
This helped but not entirely.
After all, we e-mailed Kaspersky and let them know about the false
alarm. They admitted their mistake and update the database. You can
re-check the network scanner at www.virustotal.com and see that it's
no longer flagged malicious.
The status at virustotal is now as follows:
The
old netscan.exe v4.4.7 (md5=8c31aeb125b0cfb1fbc7b247cf3578f5, see
http://www.virustotal.com/analisis/c236c26a40f6dfcda96bd48bb3d3f2e36eb428d8c06746eef63017a619bf96eb-1276722678):
Antiy-AVL - 2.0.3.7 - 2010.06.11: Trojan/Win32.Refroso.gen
ClamAV - 0.96.0.3-git - 2010.06.16: PUA.NetTool.Scanner-4
Comodo - 5123 - 2010.06.16: TrojWare.Win32.Refroso.bkau
eSafe - 7.0.17.0 - 2010.06.16: Win32.Corrupt.Ep
Jiangmin - 13.0.900 - 2010.06.15: Trojan/Refroso.jcr
Kaspersky - 7.0.0.125 - 2010.06.16: Trojan.Win32.Refroso.bkau
McAfee-GW-Ed. - 2010.1 - 2010.06.16: Artemis!8C31AEB125B0
VBA32 - 3.12.12.5 - 2010.06.16: Trojan.Win32.Refroso.bkau
Difference with yesterday:
2 more scanners consider this file malicious: Comodo and eSafe.
The
new netscan.exe v4.4.7 (md5=1b79be1a0c64d6b066db25de1b949cbd, see
http://www.virustotal.com/analisis/37df9ce5cc6452220f84f13adfe42e257a810d8476762ac14eab6ff012e78316-1276721901):
ClamAV - 0.96.0.3-git - 2010.06.16: PUA.NetTool.Scanner-4
McAfee-GW-Edition - 2010.1 - 2010.06.16: Artemis!1B79BE1A0C64
Panda - 10.0.2.7 - 2010.06.16: Suspicious file
VBA32 - 3.12.12.5- 2010.06.16 - Trojan.Win32.Refroso.bkrv
Difference with yesterday: Kaspersky no longer consider this file malicious, however Panda now says it's a suspicious file.
Yesterday night I downloaded some more files from softperfect.com. In the latest networkx.exe, only F-Secure reports:
F-Secure - 9.0.15370.0 - 2010.06.15: Suspicious:W32/Malware!Gemini
No scanner complained about Sofperfect Personal Firewall.
Conclusion: it's a mess, but I believe Softperfect. This is another dent in my trust in virusscanners. If some arbitrary AV vendor (Kaspersky in this case, but it could have been any vendor) decides to blacklist software - without providing a proper description of the "malicious activity" apparently performed, other AV vendors will follow - apparently without any serious analysis - just malicious because Kaspersky says so. What's a layman supposed to do? Trust the software maker or
a number of virus scanners? This could be disastrous for small sofware companies.
I use a payed subscription of Kaspersky, and posted a question about this false positive on Kasperksy's website on june 9. Apart from an automated reply Kaspersky did not bother to contact me. AV may not be dead and burried yet, but its very ill for sure.
[edited 00:54: had the results of the old and the new file in the wrong order]