Some troubles

[MarcM74]

I've just downloaded the latests releases from FSUIPC and Widefs

FSUIPC4 4.949

WideFS 6.995

 

As soon as the download had finished I received a BIG warning telling me that "Install FSUIPC4.exe" had a rojan virus inside called 

Trojan:Win32/Varpes.M!plock

Alert level: Severe

 

Can anybody tell me if that's a fake or not ?

 

Marc

[ThomasAH]

ClamAV does not find problems in the download, www.metascan-online.com confirms this.

But you might want to check your whole computer, as that particular Trojan is a very nasty one.

[MarcM74]

In fact as my computer is in a domain network "with" some expensive security systems, I'm not really affraid about that.

I've done complete virus and malware scans without any alert after that.

I'd tried to download it a few times with the same result as soon as it is in my download folder : the alert is on and the file destroyed.

This "trojan" seems to be found only by Microsoft Defender, not by Symantec Endpoint for example, as we have both on our network (on different computers indeed).

I'll try to find some more informations on that.

Whatever, thanks for your reply Thomas

Marc

[MarcM74]

 

After some research, we determined that the problem was Google Chrome. We do not yet have the origin of this error but the download is consistently identified as infected if we download it with Google Chrome. If the download is made from Firefox or Edge , there is no problem. The machine itself is clean as two others on which the tests were made. These files are good as this remarkable product .

I apologize for this mistake.

Marc

[Pete Dowson]

After some research, we determined that the problem was Google Chrome. We do not yet have the origin of this error but the download is consistently identified as infected if we download it with Google Chrome. 

 

Well, I use Google Chrome all the time and it certainly is not so signalled here!

 

Pete

[MarcM74]

Hi Pete,

For Chrome, so do I for years and the problem is not with the browser. This is my mistake or may be the way I write in english. Sorry about that.

In fact I wanted to say that the Google Chrome's Downloads are not analyzed the same way than Firefox's downloads or Edge's Downloads by the Antivirus processes. I think now that the real problem was a false positives detected by the antivirus product (Windows defender) installed on the computer that I used for this download. Microsoft Defender was a little bit crazy at that time. We tried with Symantec Endpoint protection and verified with virustotal, no problem detected on the file.

After a clean uninstall of defender and a new install of Symantec Endpoint on the offending computer, we made a complete full scan without any problem. 

 

I will not go into a comparison war on antivirus systems, which is useless. Everyone finds that the antivirus software he uses is the best one but in the current context such alarms are sometimes disturbing . It is again essential to be vigilant , especially if it is to give false information . Really sorry.

However my original message asked whether it was false or not ... :???: 

Thanks for the amazing products you created and managed for years, I'm one of your fans... :razz: 

Marc

[Pete Dowson]

The package is Zipped, which produces unrecognisable binary in the first place. But before that, the Installer itself is seriously compressed -- not by any ZIP type program, and in turn the FSUIPC4.DLL it contains is also similarly compressed. In fact it runs from its compressed form and only expands in memory. There is no way any of it actually looks like a real program.

 

The occasional false positives notified by difference virus checkers with their different but ever-expanding catalogues of viruses are just that. The system on which I build my releases is kept thoroughly checked against any sort of malware.

 

The proper thing to do when a false positive occurs is to submit the file to the company involved so that they can expand their recognition pattern for  the falsely identified virus to eliminate such errors -- naturally, to keep their databases compact the many viruses are stored with the minimum differentiation they feel they can get away with.

 

Pete