PMUNINST.EXE False Positive

[dadkins]

PMUNINST.EXE is part of Sony's USB Mouse software.
It is flagged as Smithfraud-C with today's update.

It is an optical mouse package uninstaller by Primax:
http://www.primax.com.tw/pdt-computer.htm

[md usa spybot fan]

This detection could very well be a false positive, however, I personally find it highly unusual that an installation .exe program resides in:

• C:\WINDOWS\system32

On the light side:

• You mentioned Sony and although I did not find any reference to Sony on the Primax Electronics Ltd. Web page that you cited. However, if Sony is in fact involved, I could see were the purveyor of root kit Digital Rights Management (DRM) software would feel free to place installation files wherever they want.

On the serious side:

• Note of caution: Before someone from Team Spybot fully investigates this report of a false positive, the name pmuninst.exe itself has been associated with various infections/malware, although not necessarily when located in the C:\WINDOWS\system32 directory. Among a few articles reporting pmuninst.exe as possibly malicious:
  
  • eTrust Spyware Encyclopedia - Moiling
    http://www3.ca.com/securityadvisor/p...x?id=453098609
  • F-Secure Trojan Information Pages Zlob
    http://www.f-secure.com/v-descs/zlob.shtml

[tashi]

Thank you dadkins and md usa spybot fan, I will bring this topic to Teams' attention.

[reno250]

I am also experiencing the exact same issue.

Is there any updated information with respect to this from the Team yet?

[dadkins]

md usa spybot fan,
Trust me, the file was created BEFORE I purchased the machine, 6 months before the machine was delivered to Best Buy in Aug 2004!

It's not a rootkit. I have all of the detectors available and *NONE* of them fine anything... from anyone!
I probably have more scanners than most people even know of... it's a rather twisted hobby of mine. I get bored often.
All that is ever found on my machines are cookies... cookies are irrelavent.

It is a false positive. No question.
If anyone would like a copy of it, all ya have to do is ask(I'm not going to post *ANY* exe on a message board - for anyone!).

David

EDIT: Try this, open your system32 folder and do a search for exe. See how many hits you get on YOUR machine... bet ya get a few. LOL!
It's not just Sony that puts exes in the system32 folder friend!

[Kerim]

Hi,

Just an added note...

Me too I noticed that I have
C:\WINDOWS\system32\PMUNINST.EXE (Primax Mouse Uninstall Program)
Real size: 172,032 bytes
Created: Wednesday, May 26, 2004, 7:13:48 AM
Modified: Thursday, June 19, 2003, 1:44:28 AM

with another 336 exe files in system32.

I take the opportunity to ask if anyone here knows why, for Microsoft team, a file could be modified before it is created

Kerim

[smartwombat]

I run AVG Spyware checker - it didn't find it.
Also Ad-Aware SE - that didn't find it either.

So I hope it's a false positive.
There are also other files associated with that mouse product.

What is odd that on my VAIO I have no Sony USB optical mouse - never have !
But it might be the drivers for the internal touchpad?

[Yodama]

hm, its a Sony, so it must be Smit... , na just kidding
it is a false positive. it is going to be fixed with the next update scheduled for friday.

I take the opportunity to ask if anyone here knows why, for Microsoft team, a file could be modified before it is created

The creation date of a file points to the date when the file was "created" on your computer, not the absolute creation date. For instance if you copy an old file from another computer to yours and not modify it, it will have the actual date as creation date, but modify date will remain the old one.

[reno250]

it is a false positive. it is going to be fixed with the next update scheduled for friday.

Thanks for the FP confirmation, Yodama.

[dadkins]

hm, its a Sony, so it must be Smit... , na just kidding
it is a false positive. it is going to be fixed with the next update scheduled for friday.

Thank you Yodama!