Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Junkware Removal Tool flagged as a Trojan ?


  • Please log in to reply
4 replies to this topic

#1 jholland1964

jholland1964

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:14 AM

Posted 16 August 2013 - 11:56 PM

Beginning this evening, August 16, 2013, is being flagged and removed by many programs as TR/Rogue.1184898 Trojan

 

. Has it been hacked or something? I was contacted by a friend whose anti-virus program had blocked and quarantined it when she downloaded it.

 

I know it is used very often here, and is one of your most popular downloads. It is in removal instructions on many, many forums on the internet.

 

I decided to check it myself but when I downloaded it from your web site it was blocked and quarantined by Avira Free 2013

When I check on Virus Total I see that Avira is not the only program finding it a trojan.

 

Here is report page from Virus Total.

 

 

https://www.virustotal.com/en/file/b95348c64c56a7bde7ef2cbcbe84c2976be414a3e98f4a2fcc9d35a454578697/analysis/1376713396/

 

With this many scanners finding the file to be infected, no matter what name is given this certainly can't be a False Positive.

 

What happened?

 

 



BC AdBot (Login to Remove)

 


#2 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,085 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:08:14 AM

Posted 17 August 2013 - 12:07 AM

Actually these are all false positives. The genetic part of the name confirms what I know. Junkware Removal Tool is not infected, it is actually that the way it works means it is detected by a few antiviruses.

The best thing to do is to contact your anti-virus and report it as a false positive.

xXToffeeXx~

~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#3 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:14 AM

Posted 17 August 2013 - 01:43 AM

Hi, the tool was never compromised. I have been experimenting with different file compressors for a week or so and I suspect AV companies were flagging it for this reason.

 

I just uploaded a new version which uses a more AV-friendly compressor. Here are the VirusTotal results of the latest version (5.4.7) : https://www.virustotal.com/en/file/d371a963c4420aad782531e47e63a9f1680f74d356299d831a46416a4d1fe694/analysis/

 

Thank you for the report though and sorry for any inconvenience this may have caused.

 

Best regards,

Thisisu



#4 jholland1964

jholland1964
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:14 AM

Posted 17 August 2013 - 08:57 AM

Thisisu

 

Thanks so much for the very rapid response. In this case I was helping a friend but I also help on two forums with malware removal and I am so pleased to know that this indeed was a false positive. This tool is so valuable in these days when the infection writers seem to be working at top speed to cripple such valuable tools it is so good to know that ones like this one that really works is also continually being adapted and re-worked to try to stay one step ahead of these "crooks". Thank YOU and bleepingcomputer for the rapid responses and actions.



#5 thisisu

thisisu

  • Malware Response Team
  • 2,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:14 AM

Posted 17 August 2013 - 01:40 PM

My pleasure :)






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users