Installer contains Trojan?

Homepage Forums Installation and Registration Support Installer contains Trojan?

Viewing 11 posts - 1 through 11 (of 11 total)
  • Author
    Posts
  • Jan 8, 2015 at 6:29am #27094
    Zerogrifter
    Participant

    I just bought vorpX and as I was installing it Bit Defender reported that Animation Labs\vorpX\is-FSPMR.tmp is infected with Gen:Variant.Kazy.392739

    I tried a second time and it came back with Animation Labs\vorpX\is-JA4JL.tmp is infected with Gen:Variant.Kazy.392739

    I’m not implying that you guys wrote a Trojan but is it possible that one has snuck into your delivery network? Have you guys seen this report before?

    Jan 8, 2015 at 12:25pm #27097
    Ralf
    Keymaster

    This is a false positive. vorpX hooks into other programs, which some av-programs unfortunately seem to classify as malicious behaviour per se without being sure about it. In layman’s terms: They are guessing, and their guess is wrong. Happens from time to time after the release of a new version.

    Please add an exception to your av-program. You may also report this as a false positive to your av-vendor, which would be a great help. They will then check the file and whitelist it.

    Sorry for the inconvenience. This is as annoying for us as it is for you.

    Jun 30, 2015 at 6:21am #88284
    Nitelgt2000
    Participant

    I just had same problem. Microsoft Security Essentials identified VorpControl.exe kept getting identified as Trojan:Win32/Gheugent.A!plock, I added the whole directory to the exclude list but it keeps going in and quarantining just that file.

    Jul 1, 2015 at 4:26pm #88320
    Ralf
    Keymaster

    This is a false positive.

    1. Make sure to get the latest virus definition file for your scanner.

    2. If that does not help, disable your scanner or exclude the vorpX program folder AND your temp folder from scanning. Also please report the issue as a false positive to your av vendor, so they can fix the issue.

    Jan 31, 2017 at 3:50am #125588
    sendrr
    Participant

    Hello,
    Even the installer is detected as a malware PDM:Trojan.Win32.Truebadur.a
    I guess the installer shouldn’t “hook into other programs”?

    Kaspersky Internet Security 2017 + latest definition base
    I will report to Kaspersky and I hope they will help to confirm the false positive status of the installer

    some details:
    Malicious program detected;PDM:Trojan.Win32.Truebadur.a;vorpX Setup;c:\users\andrey\appdata\local\temp\vxs-5ee7fcc9-0\vorpx_setup.exe;01/31/2017 05:38:15

    screenshot:
    http://prntscr.com/e2i3xd

    Jan 31, 2017 at 11:29am #125599
    Ralf
    Keymaster

    This is a false positive. Your AV program is guessing, and its guess is wrong. Happens from time to time after the release of a new version.

    Please add an exception to your av-program. You should also report this as a false positive to your av-vendor, so they can fix the issue.

    In general I would recommend to use Windows Defender, which finds a good balance between protection and invasiveness.

    Sorry for the inconvenience. This is as annoying for us as it is for you.

    Feb 4, 2017 at 1:29am #125712
    sendrr
    Participant

    Hello again,

    Today I tried the web installer again
    I didn’t see any alerts or warnings, no more :)

    Kaspersky Internet Security 2017 + latest definition base

    Screenshot:
    http://prntscr.com/e48dvj

    Thanks )

    PS. I would recommend you to sign all your files with digital signature so av providers could make sure that the file has legal owner and it is not a “modified” version of the original product

    Feb 4, 2017 at 1:45am #125713
    sendrr
    Participant

    I didn’t mention …
    There was a problem with downloading the file with web installer
    because the download link is still in black list of the Kaspersky Internet Security

    http://prntscr.com/e48jcl

    I had to open the WebSetup on Linux (my sandbox) with Wine and then I copied the downloaded file to my PC and then everything was fine

    so guys … add the vorpx.com website to trusted websites to avoid situations like this
    “If” there is a virus your AV software will catch it after it has been downloaded anyway, so don’t worry, add the vorpx.com website to trusted websites

    Andrey

    Feb 4, 2017 at 7:42am #125720
    Ralf
    Keymaster

    Not even signing software really helps with invasisve AV software. The main problem is that these programs guess without telling their users when they are just guessing.

    Please first and foremost report such issues to your AV vendor. The problem is their software, they need to fix it. At least that they usually do quite fast when being told about false positives.

    Better: use Windows Defender (respectively Security Essentials on Win7), Microsoft has worked hard on it. It provides a good level of protection without the hardly bearable invasiveness of some other “security” programs.

    Feb 4, 2017 at 8:29pm #125736
    sendrr
    Participant

    Hello, Ralf

    It is true, but look at this option (screenshot)
    I think the option will help

    http://prntscr.com/e4i7kz

    Andrey

    Feb 5, 2017 at 2:04am #125750
    Ralf
    Keymaster

    If you encounter something similar with a future vorpX version, please report the issue as a false positive to your AV vendor, so they can fix the problem with their software.

    As said above I can also highly recommend Windows Defender, which provides a very good level of protection without the overzealous invasiveness of some other “security” programs.

  • Author
    Posts
Viewing 11 posts - 1 through 11 (of 11 total)
  • You must be logged in to reply to this topic.

Spread the word. Share this post!