Trojan:Win32/Fuerboos.B!cl

Homepage Forums Technical Support Trojan:Win32/Fuerboos.B!cl

Viewing 9 posts - 1 through 9 (of 9 total)
  • Author
    Posts
  • Dec 25, 2017 at 3:30pm #169102
    nilez
    Participant

    getting this immediately after updating, can you confirm this is false flag or not?

    3 install files got flagged and quarantined and setup file got flagged.

    Dec 25, 2017 at 3:37pm #169103
    Ralf
    Keymaster

    Yes, trojan/virus messages with vorpX always are a false positive.

    Probably due to vorpX injecting other program some AV-programs notoriously flag each new version as malicious when they do their apparently less than perfect guesswork.

    Ideally please report the issue to your AV vendor as false positive so they can address the problem.

    In the meantime please exclude the vorpX program folder from scanning if it allows you to do so.

    If you use anything else than Windows Defender, consider to switch. While that isn’t a 100% guarantee for avoiding false vorpX positives (happened once there too so far), it’s a lot less likely than experiencing this with some of the more invasive AV programs like BitDefender, Kaspersky etc.

    Dec 25, 2017 at 3:39pm #169105
    nilez
    Participant

    Affected items:

    startup: C:\ProgramData\Microsoft\Windows\Start Menu\vorpX ….
    vorpX.ink
    file: C:\Program Files (x86)\Animation Labs\vorpX\vorpControl.exe
    file: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\vorpX\Sta …
    vorpX.Ink

    (the 2x … -> somehow the windows threat report cuts off a tiny part of the right side of filepath so I don’t know whats in the …)

    Dec 25, 2017 at 3:40pm #169106
    nilez
    Participant

    its windows defender that flagged it
    thanks for quick reply

    Dec 25, 2017 at 3:42pm #169107
    Ralf
    Keymaster

    Add the C:\Program Files (x86)\Animation Labs\vorpX\ folder to the exclusion list and see whether that helps.

    The better contact in such a case is your AV vendor. They should have some procedure in place to report false positives for their users.

    Brief update: no issue with the latest Windows Defender definitions (1.259.764.0) here. If you don’t have that yet, try to update manually, that will probably suffice to solve the issue.

    Dec 26, 2017 at 10:20pm #169216
    quisutdeus
    Participant

    I just had Windows Defender recognizing vorpControl.exe as infected with Win32/Fuerboos.B!cl trojan.
    Didn’t happen before update.

    I just added vorpx to exclude list.

    I trust you Ralf, but don’t mess with my cryptos :D

    Dec 26, 2017 at 10:59pm #169227
    Ralf
    Keymaster

    That can happen with a new release unfortunately. Judging from prior releases it should be gone soon. Microsoft is usually fast fixing false positives.

    Until then excluding the vorpX program folder from scanning is the right thing to do.

    Dec 27, 2017 at 12:35am #169240
    sumvorpx
    Participant

    I am having the same problem. I am going to wait until Windows defender clears it as a false positive. Thanks!

    Dec 27, 2017 at 12:39am #169242
    Ralf
    Keymaster

    You can also report the issue as false positive to MS.

    https://www.microsoft.com/en-us/wdsi/filesubmission

    Until they fix it, excluding the vorpX program folder is the right thing to do.

  • Author
    Posts
Viewing 9 posts - 1 through 9 (of 9 total)
  • You must be logged in to reply to this topic.

Spread the word. Share this post!