Jump to content
  • 0

Possible infected file in install, False Positive?


Guynamedbilly

Question

Hello,

Recently the MSIL:GenMalicious-U trojan was added to everybody's virus definitions.  After updated with the new definitions, Avast detected that the Scanner.UI.exe file was infected.  I deleted the file and downloaded the Stablebit Scanner installer again to reinstall and it detected it again.  Can anyone confirm this or is it a false detection?

Link to comment
Share on other sites

8 answers to this question

Recommended Posts

  • 0

Yes, this is DEFINITELY a false positive.

 

Also, is the newest version of StableBit Scanner? (2.5 beta)

If so, it may be an issue with how we handle the themes.

 

Also, notice the "GenMalicious". This tends to indicated that it is considered a "general" threat based on how it functions or heuristics. Not that it specifically matches a known virus.

 

 

Also, you mentioned Avast..... we seem to have all sort of issues with Avast.... They seem to flag our code a LOT. 

Link to comment
Share on other sites

  • 0

Yes, I can also confirm problems.

Also running Avast! [v2014.9.0.2021]

 

Had to disable AV to install program.

It installed and worked perfectly while Avast was disabled.

 

Once Avast was restarted, the scanner program was flagged and disabled.

StableBit.Scanner_2.5.0.3041_BETA on Win 7 Pro 64 bit

Link to comment
Share on other sites

  • 0

Hate to resurrect an old thread - but seems relevant...

 

I have been trying to install scanner version 2.5.1.3062 on my win7 box since it was released - and keeps getting flagged by Avast!.

I have submitted the info to Avast on several ocassions, but apparently has never been added to their exception listing.

The install always fails every time I retry...

 

1) Is anyone else having problems?

2) Perhaps someone else would have been luck getting this resolved with Avast. Christopher?

Link to comment
Share on other sites

  • 0

It definitely is relevant, so no worries. 

 

 

As for the file, I'm assuming that you' mean the "Scanner.Service.exe" file, as this is what usually gets flagged. As for Avast... we've submitted the file to them as a false positive already, as well. Twice for this version, now. 

 

At best, exclude the entire "C:\Program Files (x86)\StableBit\Scanner\" folder. This may help, but I've had a few people report that it doesn't help.  And in this case, uninstalling Avast does help, but it's not a good solution.

 

 

In case you're interested, VirusTotal is a good way to judge the files:

https://www.virustotal.com/en/file/7e2009b8f3ba62b3be575ba02a3127a8bb68f25223b7e0bb5ec3b7acd5e63d8c/analysis/1414263118/

That's the Scanner service. And notice how 7 use the same name, and ALL label it as a "generic" virus or trojan? It's a good indicator that it's a false positive.

 

Unfortunately, the only solution that we have is to recompile the file and hope it goes away. 

But to be blunt, it's Avast, and each new version is likely to be picked up as malware by them, sooner or later.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...