Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Actual virus from Logitech or huge false-positive?


  • Please log in to reply
4 replies to this topic

#1 BlackCurrent

BlackCurrent

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada Eh!
  • Local time:04:45 PM

Posted 04 October 2016 - 08:02 PM

The two files below were pulled down from Logitech's servers by their MyHarmony application. Their support staff uploaded File 2 to VirusTotal and they received the same result so it's definitely an "official" Logitech file. Feast your eyes on this:

 

File 1 (18/55 virus detections at VirusTotal) 

File 2 (11/55 virus detections at VirusTotal)

 

They insist the files are safe but it's hard to look at those scan results and be comfortable using the application.

 

Is it possible their systems have been infected, or are these the worst false-positives ever?



BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,610 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:45 PM

Posted 04 October 2016 - 08:09 PM

Looks like false positive to me. If you look in the additional details, you'll see that these are actually compressed archives (.zip), and some Antivirus don't like those (they see them as "packed" files) and detects them based on generic detections. Did you try extracting the content of that archive and check the files inside it?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 BlackCurrent

BlackCurrent
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada Eh!
  • Local time:04:45 PM

Posted 04 October 2016 - 08:18 PM

Did you try extracting the content of that archive and check the files inside it?

 

I did. I noticed in VirusTotal that a file called "Web.MartiniWeb.Common.Assemblies.dll" had a very high detection rate so I uploaded that file separately. The result of that scan is HERE. Not pretty  :unsure:



#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,610 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:45 PM

Posted 04 October 2016 - 08:20 PM

No idea why so many Antivirus products don't like it. Though if you were to report it to Kaspersky as a false positive and they were to remove the detection, I'm sure others would be quick to follow :)

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 BlackCurrent

BlackCurrent
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada Eh!
  • Local time:04:45 PM

Posted 04 October 2016 - 08:30 PM

I'm sure you're right. I asked Logitech to investigate some more because nobody wants a file like that on their computers ... yikes!  :crazy:






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users