Checking If a Program is Malware or Just a False Positive

From a recommendation in a blog I trust, I installed JD Auto Speed Tester recently, to perform regular checks on my internet connection speed. I’ll blog about the results from that program in another post but before I do, while running my weekly maintenance routine, I ran into a problem as Malwarebytes Anti-Malware labelled some files in the Auto Speed Tester folder as a Trojans.

JDAST warning

So I quarantined the files, then uninstalled JD Auto Speed Tester immediately. I then reran Malwarebytes and my system came up clean. But what if this program was just giving a false positive and wasn’t really malware? Well, I set about trying to find out.

Is it malware?

I first scanned the downloaded installer file JDast_installer.exe from where I had installed the program. Right click on the program and in the context menu, you should see some entries starting ‘Scan with…’ depending on what antimalware you have installed. I have Microsoft Security Essentials, SUPERAntiSpyware and Malwarebytes Anti-Malware installed and when I scanned the installer file, all three didn’t report any problems.

I then tried a Google search to see if anyone else had a problem with the program – I tried the search jdautospeedtester trojan and quickly found that my question was answered on the program’s website. Here’s what they said:

Some antivirus software may detect this software as a Trojan/Virus/Malware, this is just a false positive. Rest assured with the fact there are no viruses/trojans/malware etc or anything else of this nature. False positives happen because I programmed most of JDast with AutoIt which often does cause this problem. For this reason, I’ve added an alternative ZIP download which can cure the false positive problem when downloading the installation file, this does not help if you are getting a virus warning whilst installing or running JDast.

They go on to say:

As soon as I release a new version of JDast I initiate a white-listing procedure with AVG, McAfee, Symantec, Eset and a few others. It does take quite a while for them to complete their testing and to white-list JDast.
I would do the white-listing before I upload the new versions but unfortunately these companies need to be able to see and download JDast from the web site that it will be available to the public on, so I have to upload it before I can get it white-listed.

So that’s reassuring. I’ve reinstalled the program again as it’s pretty useful. I’ve rechecked the JDAST folder where the program is installed and Malwarebytes still reports the trojans, but SUPERAntiSpyware and Microsoft Security Essentials do not. I also tried some suggestions in Techsupport Alert’s post How to Tell if a File is Malicious. I uploaded jdautospeedtester.exe to Comodo Valkyrie and Virus Total. Comodo reported the file was normal while only 1 in 41 antivirus scanners in Virus Total reported a trojan.

I contacted Malwarebytes to let them know it’s probably a false positive.  They quickly agreed and will fix this in their next update. I hope my experience has given you some ideas how to go about checking out if a program is malware or not. If you have any more suggestions, please drop a comment below.

One Response

  1. deadfred Says:

    Great, just what i wanted to know. I had been looking into jdast and the false positive and believe i found your mbam post http://forums.malwarebytes.org/index.php?showtopic=117361

    Iv spoken with Jackdinn and im quite happy his software is not in any way malicious.

    Thanks.

Leave a Comment

Please note: Comment moderation is enabled and may delay your comment. There is no need to resubmit your comment. Please do not use keywords in the Name field. Comments must relate to the post topic. This website is here to help people, not for advertising purposes.

Please complete puzzle and then submit your comment *
Time limit is exhausted. Please reload CAPTCHA.

` `