bitdefender and windows edge detects vistumber as virus?
Opened this issue · 11 comments
bitdefender and windows edge detects vistumber as virus?
Is this false positive or release backdoored?
Eero
https://raw.github.com/acalcutt/Releases/master/Vistumbler/VistumblerMDB/v10/Vistumbler_v10-7.exe this is the detected url
and
Unfortunately autoit, which vistumbler is written in, gets flagged as a false positive a lot. Vistumbler has struggled with this since the beginning.
I recently submitted the 10.7 release files to microsoft for false detection and they removed the false detection, so i think these files are fine. However I have also just submitted a false positive report to bitdefender, so we can see if they remove it too.
If vistumbler gets flagged by your AV company, my suggestion is to submit it as a false positive to them. I really don't have the time to chase down all these AV companies.
-Andrew
Submission 1006356816 (exe) and 1006356785 (zip)
Dear Andrew Calcutt,
Thank you for your file submission.
The file has been automatically sent to our laboratories for specialized analysis. If the file is indeed a False Positive, the detection will be removed in the next 72 hours and the modification will be implemented in the product through a Signature Update. Please keep your Bitdefender up-to-date.
Please be informed that this is an automated process. Reply to this email if you have any other issues regarding your Bitdefender product and one of our engineers will take over.
Have a nice day!
I think this means that raw.github.com has given out at least three
different versions of this file.
Not quite correct, the URL https://raw.github.com/acalcutt/Releases/master/Vistumbler/VistumblerMDB/v10/Vistumbler_v10-7.exe 09809c38129bd5ec94289969d9c35e97f5867f67b0a35d2acd9e811d34f8d89a serves the file Vistumbler_v10-7.exe eca2ace14102f623e1c2490257fb645611314c918e45a845ae7337cefa6ffd01 as noted on the virustotal page. This file is the installer for Vistumbler as expected.
The Vistumbler.exe you linked above 071921ede559082a14d54ba7f7f5cea2f6abced8f1747b245efff5d092a1aae4 is the actual program file as extracted from the zip (either the regular or portable, they are identical).
The zip is 7cc806b74131bcca5ae11ee81e39152dbc61f1477108ffde7e416927c196dba0 and the portable f729b9bbaeadff288d78655b996102cc4274cb2d5527f58a1464eef3be9d636c
There are three downloads available for 10.7 The SHA256 of those files should be
Vistumbler_v10-7.exe - ECA2ACE14102F623E1C2490257FB645611314C918E45A845AE7337CEFA6FFD01
Vistumbler_v10-7.zip - 7CC806B74131BCCA5AE11EE81E39152DBC61F1477108FFDE7E416927C196DBA0
Vistumbler_v10-7_Portable.zip - F729B9BBAEADFF288D78655B996102CC4274CB2D5527F58A1464EEF3BE9D636C
All 3 should contain the same files.
- the non portable zip is just vistumbler with default settings (storing data in your profile temp directory and documents folder)
- the exe file is just the zip file packed into an installer with NSIS ( https://nsis.sourceforge.io/Main_Page )
- the portable version has different settings which cause temp files and save files to be stored inside the same directory as the program (better for portable use) instead of inside your windows profile.
I went and reanalyzed the file you submitted to virus total and it looks like bitdefender no longer considers them viruses, so it seems they consider it a false positive. You can see if you go to the link you posted above, https://www.virustotal.com/gui/file/7cc806b74131bcca5ae11ee81e39152dbc61f1477108ffde7e416927c196dba0/detection bitdefender has removed the detection
I've submitted a few more false positive reports to ClamAV and MalwareBytes (the rest don't seem to make it easy). maybe we can at least knock a few more off the list...
Great, thanks