New: HomeBank (Sep 03, 2023), Platform 26.2.1 (Sep 17, 2023)
450+ real apps (49GB), 1.1 billion downloads, Please donate.
Jack Haller, Advisor and Father of Our Founder, Has Passed Away
Worked fine on Wednesday at work. This morning, I ran the program and got:
VirusScan Alert!
Date and Time: ...
Pathname: C:\Documents and Settings\ACMarsh\Local Settings\Temp\nsj126.tmp\registry.dll
Detected As: Generfic StartPage.r
State: Deleted
Any ideas why this is happening?
1. Your antivirus client is having an issue and throwing a false positive
2. You didn't follow the instructions at the top of the support page that tell you to verify this with another antivirus client before posting here.
Sorry for not double checking... when I launch ClamWin Portable I get a similar error. I guess my real question is if the application is portable, why does launching it either access or create the file C:\Documents and Settings\ACMarsh\Local Settings\Temp\nsj126.tmp\registry.dll?
Thanks!
Has to back up local settings, copy portable settings into place, then when you close the portable version it restores your local settings for that app.
Most programs create temporary files. It is generally faster (and harmless) to put temporary files in the OS-designated temporary files folder, especially if you clean them up when you are done (though not every program is good about cleaning up).
One could put the temporary files on the USB storage device, but that can be slow, and especially on Flash devices, very slow. Since there can be a lot of temporary file activity, having the temporary file on a Flash device can reduce its expected life. It could be worth it, however, if you need to keep temporary files off the host computer's hard drive.
I just used the SuperDAT for 5149 (sdat5149.exe) along with the -f commandline option to force the use of the files in the SuperDAT to revert from 5150 back to 5149. No more Virus Alerts everytime you start or shutdown FirefoxPortable. Hopefully McAfee will get this fixed in the next DAT update.
Today's .DAT (5151) no longer flags/removes registry.dll
I would like to thank the OP for this information.
Personally I think it is appropriate to bring "false positives" to the attention of the group for the app in question.
Please note that I am distinguishing between:
"Help, XYZ found a virus on my machine!!!!!!"
and
"I would like to report what I believe is a False Positive found in Portable App ABCportable so that you may be aware and prepared".
As a result of todays postings [this one and https://portableapps.com/node/9834 ] I am going to tell McAfee VirusScan to exclude files called "registry.dll" from on access scans before I update [as opposed to not updating, which I consider too risky]. Doing this might involve some risk as well I realize, but I am willing to take that chance as I think it is unlikely McAfee will update over the weekend.
[Note that according to http://virusscan.jotti.org/ AND http://www.virustotal.com/ AVG Antivirus is detecting a virus as well]
Personally I think PA.com should be appreciative of these False Positive Alerts and proactive in establishing a quick and effective means of communicating with the larger, established Antimalware companies rather than rely on the end user to know what to do and how.
e.g.
"Hi this is Sam from Portable Apps.com AGAIN. You product is producing a FP in attached file "abcdef.dll" . Please look into this and update your definitions according. Thanks as always, Sam, your contact here at PortableApps.com As always, if you have questions or concerns feel free to contact me at our prearranged contact number/address."
I think this would expedite the process greatly and be of benefit to all involved. After all, who looks bad if I try to run FFP on someones machine and the first thing they see is their Antivirus protection go off, first me, than FFP.
Can you just hear it?,
"No, really your Norton/AVG/McAfee is wrong! I downloaded this free version of Firefox from a site you never heard of, but it's safe, really it is, trust me."
In the same situation I would rip that flash drive out of my computer so fast that my usb port would break and I would never let that person near it again 
So, again I thank the OP and If anyone has quick access to the AntiVirus companies in question could you please notify them.
Tim
//I am gonna get so flamed for this aren't I? //
Personally I think PA.com should be appreciative of these False Positive Alerts and proactive in establishing a quick and effective means of communicating with the larger, established Antimalware companies rather than rely on the end user to know what to do and how.
Well, having a bunch of Virus Alerts! show up in the support forums can be alarming to novices, even if they are false and not PA's fault.
Perhaps there could be a forum just for Virus reports, to keep them out of the Support forums... Maybe someone could keep a tally in an AV Provider hall of shame to show which is throwing the most false positives on Nullsoft components or other common and harmless files -- give them an incentive to be more careful.
I still think it would be good on AV reports to include an MD5sum or confirm that the code signature is intact, so we can be sure we're all talking about the same file.
MC,
I think you are correct, a forum for reporting FPs would be a good idea. I think the check sum idea is a good idea as well for established users [Though in fact we are always talking about the same file 
]
It is unlikely that "novices" will be using a check sum app [or even know what we're talking about].
Tim
I started getting the same messages Friday and thought I was crazy for a second...
I even backed up my bookmarks, removed the firefox version i had and reinstalled the latest version but McAfee still comes up with a virus alert...
It's doing the same darn thing for thunderbird also...
None of these steps will help.
The problem is with the file "registry.dll" which is created by every launch of FFP [and apparently other PA's programs as well.
Until McAfee and the AVG remove this detection from their database the only thing you can do is tell your AV program to not scan/ignore files called "registry.dll"
Unfortunately you can't give a path to the file as differently named directory is created each time you launch the program.
By excluding all occurrences of "registry.dll" this should stop the detection for all PA's that create that file.
Warning, it is possible that there could be a "registry.dll" out there that is NOT from PA.com and therefore not safe. If you take these measures no file with this name will be scanned. There is a risk in doing this. Use your best judgment.
{EDIT: Lurking_Biohazard recommends turning off Heuristic scanning as another option. Again, use your best judgement.}
Tim
I recognized this as a false positive almost immediately but the problem is my workplace uses McAfee and I can't use a file that they recognize as a virus.
I can just see it now "Oh, It's OK guys it's not a real virus I know what I am doing." My IT department won't let me get away with that.
So that creates a problem where I can't use the portable product at work and I can just use the full version of Firefox at home. I have not tried installing the full version of Firefox on a work computer so I don't know if the problem existed there or not.
Visit the Community page
Join our forums
Follow us on BlueSky