Homepage › Forums › Installation and Registration Support › Installer contains Trojan?
- This topic has 10 replies, 4 voices, and was last updated Feb 5, 2017 2:04am by
Ralf.
-
AuthorPosts
-
Jan 8, 2015 at 6:29am #27094
Zerogrifter
ParticipantI just bought vorpX and as I was installing it Bit Defender reported that Animation Labs\vorpX\is-FSPMR.tmp is infected with Gen:Variant.Kazy.392739
I tried a second time and it came back with Animation Labs\vorpX\is-JA4JL.tmp is infected with Gen:Variant.Kazy.392739
I’m not implying that you guys wrote a Trojan but is it possible that one has snuck into your delivery network? Have you guys seen this report before?
Jan 8, 2015 at 12:25pm #27097Ralf
KeymasterThis is a false positive. vorpX hooks into other programs, which some av-programs unfortunately seem to classify as malicious behaviour per se without being sure about it. In layman’s terms: They are guessing, and their guess is wrong. Happens from time to time after the release of a new version.
Please add an exception to your av-program. You may also report this as a false positive to your av-vendor, which would be a great help. They will then check the file and whitelist it.
Sorry for the inconvenience. This is as annoying for us as it is for you.
Jun 30, 2015 at 6:21am #88284Nitelgt2000
ParticipantI just had same problem. Microsoft Security Essentials identified VorpControl.exe kept getting identified as Trojan:Win32/Gheugent.A!plock, I added the whole directory to the exclude list but it keeps going in and quarantining just that file.
Jul 1, 2015 at 4:26pm #88320Ralf
KeymasterThis is a false positive.
1. Make sure to get the latest virus definition file for your scanner.
2. If that does not help, disable your scanner or exclude the vorpX program folder AND your temp folder from scanning. Also please report the issue as a false positive to your av vendor, so they can fix the issue.
Jan 31, 2017 at 3:50am #125588sendrr
ParticipantHello,
Even the installer is detected as a malware PDM:Trojan.Win32.Truebadur.a
I guess the installer shouldn’t “hook into other programs”?Kaspersky Internet Security 2017 + latest definition base
I will report to Kaspersky and I hope they will help to confirm the false positive status of the installersome details:
Malicious program detected;PDM:Trojan.Win32.Truebadur.a;vorpX Setup;c:\users\andrey\appdata\local\temp\vxs-5ee7fcc9-0\vorpx_setup.exe;01/31/2017 05:38:15screenshot:
http://prntscr.com/e2i3xdJan 31, 2017 at 11:29am #125599Ralf
KeymasterThis is a false positive. Your AV program is guessing, and its guess is wrong. Happens from time to time after the release of a new version.
Please add an exception to your av-program. You should also report this as a false positive to your av-vendor, so they can fix the issue.
In general I would recommend to use Windows Defender, which finds a good balance between protection and invasiveness.
Sorry for the inconvenience. This is as annoying for us as it is for you.
Feb 4, 2017 at 1:29am #125712sendrr
ParticipantHello again,
Today I tried the web installer again
I didn’t see any alerts or warnings, no more :)Kaspersky Internet Security 2017 + latest definition base
Screenshot:
http://prntscr.com/e48dvjThanks )
PS. I would recommend you to sign all your files with digital signature so av providers could make sure that the file has legal owner and it is not a “modified” version of the original product
Feb 4, 2017 at 1:45am #125713sendrr
ParticipantI didn’t mention …
There was a problem with downloading the file with web installer
because the download link is still in black list of the Kaspersky Internet SecurityI had to open the WebSetup on Linux (my sandbox) with Wine and then I copied the downloaded file to my PC and then everything was fine
so guys … add the vorpx.com website to trusted websites to avoid situations like this
“If” there is a virus your AV software will catch it after it has been downloaded anyway, so don’t worry, add the vorpx.com website to trusted websitesAndrey
Feb 4, 2017 at 7:42am #125720Ralf
KeymasterNot even signing software really helps with invasisve AV software. The main problem is that these programs guess without telling their users when they are just guessing.
Please first and foremost report such issues to your AV vendor. The problem is their software, they need to fix it. At least that they usually do quite fast when being told about false positives.
Better: use Windows Defender (respectively Security Essentials on Win7), Microsoft has worked hard on it. It provides a good level of protection without the hardly bearable invasiveness of some other “security” programs.
Feb 4, 2017 at 8:29pm #125736sendrr
ParticipantHello, Ralf
It is true, but look at this option (screenshot)
I think the option will helpAndrey
Feb 5, 2017 at 2:04am #125750Ralf
KeymasterIf you encounter something similar with a future vorpX version, please report the issue as a false positive to your AV vendor, so they can fix the problem with their software.
As said above I can also highly recommend Windows Defender, which provides a very good level of protection without the overzealous invasiveness of some other “security” programs.
-
AuthorPosts
- You must be logged in to reply to this topic.