Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Norton security removed Unhide.exe as dangerous


  • Please log in to reply
1 reply to this topic

#1 purpleboo10

purpleboo10

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:11:35 PM

Posted 06 February 2017 - 10:27 PM

Hi to all,

 

Nortons removed the file after I downloaded it.

The community deemed it unsafe.

Can someone tell me why it is unsafe?

Should I include it on Nortons?

See below and thanks,

 

'Filename: unhide.exe
Threat name: WS.Reputation.1Full Path: c:\users\debs\downloads\unhide.exe
 
____________________________
 
____________________________
 
 
On computers as of 
7/02/2017 at 2:20:46 PM
 
Last Used 
7/02/2017 at 2:22:47 PM
 
Startup Item 
No
 
Launched 
No
 
Threat type: Insight Network Threat. There are many indications that this file is untrustworthy and therefore not safe
 
 
____________________________
 
 
unhide.exe Threat name: WS.Reputation.1
Locate
 
 
Many Users
Thousands of users in the Norton Community have used this file.
 
Mature
This file was released 9 months ago.
 
Medium
This file risk is medium.
 
 
____________________________
 
 
Source: External Media
 
Source File:
unhide.exe
 
____________________________
 
File Actions
 
File: c:\users\debs\downloads\ unhide.exe Removed
____________________________
 
 
File Thumbprint - SHA:
d56756e13bea596..........................       (I removed the rest of the link in case it can link to my computer)
File Thumbprint - MD5:
Not available'
 


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:35 AM

Posted 07 February 2017 - 09:32 PM

The detection is a false positive by the anti-virus. Bleeping Computer's hosted programs for download are trustworthy, safe and malware-free.

Certain embedded files that are part of legitimate programs and specialized fix tools (like Unhide.exe), may at times be detected by some anti-virus and anti-malware scanners as suspicious, a Risk Tool, Hacking Tool, Potentially Unwanted Program, a possible threat or even Malware (virus/trojan) when that is not the case. This occurs for a variety of reasons to include the tool's compiler, the files it uses, whether files are compressed, packed, or obfuscated to protect code, what behavior (routines, scripts, etc) it performs, any registry strings it may contain and the type of security engine that was used during the scan. Other legitimate files which may be encrypted or password protected in order to conceal itself so they do not allow access for scanning often trigger alerts by anti-virus software.

When flagged by an anti-virus or security scanner, it's because the program includes features, behavior or files that appear suspicious or which can potentially be used for malicious purposes. Compressed and packed files in particular are often flagged as suspicious by security software because they have difficulty reading what is inside them. These detections do not necessarily mean the file is malicious or a bad program. It means it has the potential for being misused by others or that it was simply detected as suspicious or a threat due to the security program's heuristic analysis engine which provides the ability to detect possible new variants of malware. Anti-virus scanners cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert you or even automatically remove them. In these cases the detection is a "false positive" and can be ignored.

Most of the well known specialized tools we use against malware are written by experts/Security Colleagues at various security forums like Bleeping Computer, TechSupport, GeeksToGo, Emsisoft and other similar sites so they can be trusted...this includes any program hosted by BC for download. Unfortunately, many of these tools are falsely detected by various anti-virus programs from time to time for the reasons noted above. This in turn sometimes results in an inaccurate site rating/warning of potentially dangerous software when that is not the case.

The problem is really with the anti-virus vendors who keep targeting these embedded files and NOT with the tools themselves. We can inform the developers but they have encountered this issue many times before and in most cases there isn't much they can do about it. Once the detection is reported to the anti-virus vendor, they are usually quick to fix it by releasing an updated definition database.

BTW...Unhide.exe is an older specialized tool created by Grinler (the site owner of Bleeping Computer) and designed for a very specific family of rogue security software that was prevalent several years ago. A side effect of this family of rogue software was to hide all the files on a fixed disk by adding (attrib +H) to the files. Unless you're affected by that rogue, Unhide is not needed.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users