Discogs Batch Tagger 2.51 (Updated: 2018-04-07)

Post a reply


In an effort to prevent automatic submissions, we require that you complete the following challenge.
Smilies
:D :) :( :o :-? 8) :lol: :x :P :oops: :cry: :evil: :roll: :wink:

BBCode is ON
[img] is ON
[flash] is OFF
[url] is ON
Smilies are ON

Topic review
   

Expand view Topic review: Discogs Batch Tagger 2.51 (Updated: 2018-04-07)

Re: Discogs Batch Tagger 2.51 (Updated: 2018-04-07)

by Peke » Thu Nov 01, 2018 5:42 pm

crap_inhuman wrote:
Thu Nov 01, 2018 4:23 pm
Our Virus Lab has informed us that the submitted file is currently detected by our scanners as Trojan.GenericKD.31301662 (Engine A).

Regarding first analysis, the file contains multiple malicious indicators. Some examples, can be found below:

1. Iterates over running process.
2. Opens Memory allocation for a specific process.
3. Changes the process' Privilege.
4. Gets the Account Name.
5. Creates a custom process.
6. Writes into values into a running process.

For this reason, the detection will be maintained.
:evil:
This is what Peke said about heuristic alarms.
If that was my app internally in my mind I would be more like bellow smiley regarding their ignorance. (Link to my post is when you click on Image)
Image

FYI Latest results Details just confirm my point of that they do not show right results, but like tests it is inconclusive

Re: Discogs Batch Tagger 2.51 (Updated: 2018-04-07)

by Peke » Thu Nov 01, 2018 5:14 pm

wahidovic123 wrote:
Thu Nov 01, 2018 2:09 pm
Peke wrote:
Mon Oct 22, 2018 8:53 am
Also if anyone never used https://www.binisoft.org/usbc you should try and stop any Virus execute on USB or find out if you have one installed on your PC that spread over usb.
I tried binsoft but no result for stopping viruses on usb I do not know where the problem is exactly
Setting USB Flash Drives Control to disable Write and execute should stop 99.99% USB spread viruses that I had come in contact past two decades.

Re: Discogs Batch Tagger 2.51 (Updated: 2018-04-07)

by crap_inhuman » Thu Nov 01, 2018 4:23 pm

JackFrost wrote:
Thu Oct 18, 2018 7:13 pm
I'd really rather know that it's NOT INFECTED first. Especially as trojan.bluteal is pretty nasty.
And since @tonygeee is confirming TWO hits, I think it might be best if you go grab the download and maybe check it at VT yourself. You might be spreading malware without knowing it. I don't know who is hosting the actual file but it's possible the server was compromised or maybe your machine was infected last time you compiled or ..... (any number of things, use your imagination :wink: )

Screenshots of the VT results would be great.
I'd do it myself but like I said Defender keeps deleting it and I'm not finding the "setting" to tell it to leave it alone so easily.
I got respond from the MS viruslab. They removed the detection after checking the file, some others antivir companys, too. But 16 engines at virustotal.com still "found" something in the file.... This companies didn't check the file yet, or haven't a email address to receive false positive submissions or answer my inquiry with the following email:
Our Virus Lab has informed us that the submitted file is currently detected by our scanners as Trojan.GenericKD.31301662 (Engine A).

Regarding first analysis, the file contains multiple malicious indicators. Some examples, can be found below:

1. Iterates over running process.
2. Opens Memory allocation for a specific process.
3. Changes the process' Privilege.
4. Gets the Account Name.
5. Creates a custom process.
6. Writes into values into a running process.

For this reason, the detection will be maintained.
:evil:
This is what Peke said about heuristic alarms.

Re: Discogs Batch Tagger 2.51 (Updated: 2018-04-07)

by Peke » Mon Oct 22, 2018 8:53 am

Hi,
I had no doubt that it was false positive. I am only sorry that great small products are bought from big companies to make them worse and unusable.

Examples:
Clean and simple ZoneAlarm firewall https://www.zonealarm.com/software/free-firewall/ history https://www.zonealarm.com/software/rele ... afree.html before bought by Checkpoint
Latest that made me so so sad is https://www.binisoft.org/ small application 3.5MB https://www.binisoft.org/wfc.php that was bought by McAfee to be integrated into their bigger solutions that I do not want nor need :(

Also if anyone never used https://www.binisoft.org/usbc you should try and stop any Virus execute on USB or find out if you have one installed on your PC that spread over usb.

Re: Discogs Batch Tagger 2.51 (Updated: 2018-04-07)

by crap_inhuman » Mon Oct 22, 2018 5:55 am

Thank you for your good Explanation.

I just received the first answer from symantec, confirming the false positive Report. The detection will be removed from their products. :D

...now waiting for the other av companys.. :wink:

Re: Discogs Batch Tagger 2.51 (Updated: 2018-04-07)

by Peke » Sun Oct 21, 2018 4:02 pm

Hi,
heuristic virus/trojan alarms are usually nice words to say we do not know what it is, but similar file by size and hashtag is found in our database so we better report is as virus/trojan in case it is found true we can brag that we already detected it. Blah, Blah, Blah :D 8) :roll: :wink:

We fight(read report) with Norton for years, as occasionally they decide MMW development is too fast and they can't update their white list fast enough.

Today Viruses/Trojans wants to steel your sensitive data and send it to someone that can sell it to someone that can use it or use ransomeware to take your money. Making Viruses and being a hacker today is a very good paid job like any other we surpassed the time when hackers had code and decency when all is done for fame and innovation. Except for maybe Spectre/Meltdown Exploits that force both Intel and AMD to invest bit more into R&D.

To conclude in today terms only real antivirus is Hardware Firewall tightly set, period.

To test one virus I own, I have set VM PC infected with ransomware that from time to time report Translated: "I can't encrypt your files because you do not allow me to mine hash key from ... and report it to ... to one that will take your money. So please disable firewall so that I can take your money" I need to fetch screenshot once so that you all can also laugh what ridiculous msg I get when it fails. How to do that, simple install VM PC update it till last update, block all inbound and outbound access while still leave internet available, then install ransomware and log and IP access connection on your firewall from that PC for next 24h. Then from safe PC simply filter those that are safe (Microsoft update, LAN Multicast [UPNP/DLNA], ....) and repeat till you have all safe Outbound IP addresses filtered and no new once created, then it should be easy to isolate Ransomware app and delete it yourself.

Re: Discogs Batch Tagger 2.51 (Updated: 2018-04-07)

by crap_inhuman » Sat Oct 20, 2018 3:32 pm

Peke wrote:
Fri Oct 19, 2018 8:24 pm
It is possible that huaristic search flag it falsely. Contact them and send them samples and url to file.
Hi Peke,

thanks for your post.
In the result of the scan there are mostly heuristic virus/trojan alarms...

I found a website with links to the av companys to send them samples. I will send them the code and let's see whats happening.

Re: Discogs Batch Tagger 2.51 (Updated: 2018-04-07)

by Peke » Fri Oct 19, 2018 8:24 pm

It is possible that huaristic search flag it falsely. Contact them and send them samples and url to file.

Re: Discogs Batch Tagger 2.51 (Updated: 2018-04-07)

by JackFrost » Thu Oct 18, 2018 7:13 pm

crap_inhuman wrote:
Wed Oct 17, 2018 8:02 am
JackFrost wrote:
Tue Oct 16, 2018 2:22 pm
crap_inhuman wrote:
Tue Oct 16, 2018 2:15 pm

You could upload it to virustotal.com
There it will be tested with 40 Antivir Scanner
As I said, Defender keeps deleting the file before I can grab it to submit to VT...
VT=virustotal.com :roll: As i read your post i thought, "what is VT" ??? Doesn't matter, write him that he should post it to virustotal.com :lol: :lol: :lol:

You could add an exception into Defender?
I'd really rather know that it's NOT INFECTED first. Especially as trojan.bluteal is pretty nasty.
And since @tonygeee is confirming TWO hits, I think it might be best if you go grab the download and maybe check it at VT yourself. You might be spreading malware without knowing it. I don't know who is hosting the actual file but it's possible the server was compromised or maybe your machine was infected last time you compiled or ..... (any number of things, use your imagination :wink: )

Screenshots of the VT results would be great.
I'd do it myself but like I said Defender keeps deleting it and I'm not finding the "setting" to tell it to leave it alone so easily.

Discogs Batch Tagger 2.5.1

by TonyGeee » Thu Oct 18, 2018 4:46 pm

Discogs Batch Tagger 2.5.1 is detected by two malware apps (Defender and Malwarebytes) as malware. Not sure if it's true or not, but FYI...

Re: Discogs Batch Tagger 2.51 (Updated: 2018-04-07)

by crap_inhuman » Wed Oct 17, 2018 8:02 am

JackFrost wrote:
Tue Oct 16, 2018 2:22 pm
crap_inhuman wrote:
Tue Oct 16, 2018 2:15 pm
JackFrost wrote:
Tue Oct 16, 2018 1:08 pm
Can someone verify the download please?
Defender (W10 64 b1709 (I think)) is calling it a trojan. Win32/Bluteal.B!rfn.

Keeps deleting the file before I can grab it for VT or Jotti.
Can anyone else confirm please?
You could upload it to virustotal.com
There it will be tested with 40 Antivir Scanner
As I said, Defender keeps deleting the file before I can grab it to submit to VT...
VT=virustotal.com :roll: As i read your post i thought, "what is VT" ??? Doesn't matter, write him that he should post it to virustotal.com :lol: :lol: :lol:

You could add an exception into Defender?

Re: Discogs Batch Tagger 2.51 (Updated: 2018-04-07)

by JackFrost » Tue Oct 16, 2018 2:22 pm

crap_inhuman wrote:
Tue Oct 16, 2018 2:15 pm
JackFrost wrote:
Tue Oct 16, 2018 1:08 pm
Can someone verify the download please?
Defender (W10 64 b1709 (I think)) is calling it a trojan. Win32/Bluteal.B!rfn.

Keeps deleting the file before I can grab it for VT or Jotti.
Can anyone else confirm please?
You could upload it to virustotal.com
There it will be tested with 40 Antivir Scanner
As I said, Defender keeps deleting the file before I can grab it to submit to VT...

Re: Discogs Batch Tagger 2.51 (Updated: 2018-04-07)

by crap_inhuman » Tue Oct 16, 2018 2:15 pm

JackFrost wrote:
Tue Oct 16, 2018 1:08 pm
Can someone verify the download please?
Defender (W10 64 b1709 (I think)) is calling it a trojan. Win32/Bluteal.B!rfn.

Keeps deleting the file before I can grab it for VT or Jotti.
Can anyone else confirm please?
You could upload it to virustotal.com
There it will be tested with 40 Antivir Scanner

Re: Discogs Batch Tagger 2.51 (Updated: 2018-04-07)

by JackFrost » Tue Oct 16, 2018 1:08 pm

Can someone verify the download please?
Defender (W10 64 b1709 (I think)) is calling it a trojan. Win32/Bluteal.B!rfn.

Keeps deleting the file before I can grab it for VT or Jotti.
Can anyone else confirm please?

Re: Discogs Batch Tagger 2.51 (Updated: 2018-04-07)

by crap_inhuman » Mon May 28, 2018 5:09 am

Thank you for posting the issue. I don't know what the reason was. Hopefully it don't come again. ;-)

Top