Two days ago I received a support request from one of my clients, he said:

“Hi , KIS 2009 is detecting IPMS as rootkit. I have copied the file through KIS send option. I am attaching the same for your perusal.”

He sent the the executable file of iPMS to Kaspersky Lab for analysis and forwarded their response to me....

They said:
iPMS21.exe – Rootkit.Win32.Podnuha.bwl
This file is already detected, please update your database

He replied:
It can be a false positive. I have downloaded it from www.sergiwa.com the site is having Kaspersky logo!

They replied:
Hello,
This is not false alarm.

My client worried, actually he has been scared off iPMS, perhaps he even thought that my software is made to spy on his activities and my small company is nothing but an Internet Scam!

He asked for an explanation, he was among the rare computer users who ask for an explanation because most of them believe what Kaspersky says even if its not true, especially when some other most used security solutions followed Kaspersky in its mistake and started to detect iPMS as rootkit too!

Needless to say that iPMS is not a rootkit, it's a pure programming code packed by UPX and it's only purpose is to scan the file system of a personal computer for malware to remove them. When I upload iPMS to ViruseTotal I was shocked by 13 different antivirus software that detect iPMS as rootkit too, and this is the virus total Report-March.18.2009

I knew that NONE would believe me if I said that this is a false positive as not many users will believe 13 AV's have a false positive even if it's true, so I decided to make Kaspersky say the magic word because Kaspersky is the only security company I trust, also, it's one of the big companies users will believe what they say for it's being an Industry-leading Antivirus Software vendor, once Kaspersky say this is a False Positive it will mean that all the other AVs that blindly followed Kaspersky in it's mistake -and pardon me- like a Sheep Herd will be my joke of the week!

I emailed newvirus@kaspersky.com and convinced them they are doing a big technical mistake and asked them to correct this mistake, it didn't take more than one email for the guy to say:

Sorry, this is a false positive and will be fixed in the next update.

Yesterday, March, 20th 2009 at 2:42 GMT I updated my Kaspersky database and bingo, no more rootkit thing detection, I uploaded iPMS to VirusTotal again and found that Kaspersky has no more complains about iPMS, here's the virustotal Report-March.20.2009.

Well, during those 48 hours of this false positive alarm I received tons of complains, my website visitors fell back, my sales fell back, many of my potential customers ran away, I and my programs' reputation was about to be doomed.

Now I wonder...

- How could the big security companies blindly follow each others without even thinking?! and do they still trust worthy doing so?!

- Who is responsible for my loss?! Is he the first one who did the mistake or the ones who blindly followed him?!

- Who should compensate me and compensate all the fresh companies like mine for this?!

- Is the apology enough?!

- I can't believe how big companies have the power to tarnish any fresh company reputation and send it to it's doom in less than one minute!! this idea scares me to death, it means:

Hey fresh security company, be good, stay fresh as you are and don't even think you can compete us, otherwise we will send you to your doom!

Thank you

Update on 23-03-2009 4:00 GMT
Avira fixed the FP - Thank you Avira
F-Secure fixed the FP - Thank you F-Secure

Update on 24-03-2009 11:00 GMT
Avast fixed the FP - Thank you Avast