pcriddle Posted December 18, 2015 Share Posted December 18, 2015 Windows defender keeps flashing this up has a Trojan, any idea if it's a false positive!! Phil Quote Link to comment
MGIMATTY Posted December 18, 2015 Share Posted December 18, 2015 it is indeed a false positive. Use virus total https://www.virustotal.comif you're unsure about stuff ;) Quote Link to comment
UmmiQ Posted December 20, 2015 Share Posted December 20, 2015 I had that same problem a year ago or so. Problem was Chrome and Panda AV working together. Had many false positive this time.It helped if I downloaded it somewhere else (laptop for example) and then copied it to my PC to install.Now using Bitdefender and I have no false positives :) Quote Link to comment
Oen Posted December 21, 2015 Share Posted December 21, 2015 (edited) I had the exact same AV hit as OP, Trojan:Win32/Spallowz.A!plock http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?name=Trojan%3aWin32%2fSpallowz.A!plock&threatid=2147697481&enterprise=0#tab-link-4 Checked out VirusTotal.com from MGIMATTY's response, and unfortunately it did find another Trojan in the file, here's the trimmed results... SHA256: b77f6dda429a991a739ed3b011c60a6cdd27cc00829d16590f2122cf5edcbb77File name: Aslains_XVM_WoT_Modpack_Installer_v.9.13.08.exeDetection ratio: 1 / 53Analysis date: 2015-12-21 02:40:44 UTC ( 1 minute ago ) Antivirus Result UpdateJiangmin Trojan.Yakes.buad 20151220 Not sure the link to the file scan on VirusTotal.com will work for the rest of you, but here it is if it does. https://www.virustotal.com/en/file/b77f6dda429a991a739ed3b011c60a6cdd27cc00829d16590f2122cf5edcbb77/analysis/1450665644/ So, 2 things... Why do you guys think the Trojan:Win32/Spallowz.A!plock is a false positive? And what about the Trojan.Yakes.buad that VirusTotal.com found? Thank you all Edited December 21, 2015 by Oen Quote Link to comment
Moderator Quaksen Posted December 21, 2015 Moderator Share Posted December 21, 2015 Okay, so, a few things.... Why is it a false positive? Look at Virustotal... one hit. Now take that antivirus program, and Google it. Result: A Chinese antivirus company, and majority of reviews I found, give it HORRIBLE ratings. Trusting a random Chinese company, over, say, Kaspersky, is a bit crazy. And Google result for the Chinese "trojan" report is: Trojan:W32/Yakes variants attempt to connect to and download files from remote servers. False positive reason might be right there... since the installer connects to and downloads from remote servers, if you selected DLC options, and on starting, to check for a newer installer. 1 Quote Link to comment
Oen Posted December 21, 2015 Share Posted December 21, 2015 Got it. Thanks Quaksen for the clarification, I had misread that as if "Jiangmin" was a part of the file it found to be corrupt (closer to what I'm used to seeing), not as one of the many AV scans done (never heard of them). A quick scan of the rest and it was obvious, my apologies for not catching the setup. And also thanks again MGIMATTY for the tip on the website on the first place. Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.