I've been using the old 0.44 version of winISD, and thought to get the last one - 0.7.950 from the linear team.org website.
Upon downloading, Windows Defender flagged the file with a virus warning, claiming it contained the Win32/Pocyx.B!cl trojan. https://www.microsoft.com/security/...pedia/Entry.aspx?Name=Trojan:Win32/Pocyx.B!cl
I downloaded the file on my mac and sendt it through some online virus checkers.
Most of them are clearing the file. However the virustotal checker are reporting positives from Aegislab, Bkav, McAfee, Rising and Symantec.
Now, with the exception of the Microsoft site, most of the writeups I can find on this trojan are from the "free malware removal" sites with a distinctly hysterical tone.
So the question is - is this what I think it is - a totally bogus false positive? That is - the file is safe to use?
Johan-Kr
Upon downloading, Windows Defender flagged the file with a virus warning, claiming it contained the Win32/Pocyx.B!cl trojan. https://www.microsoft.com/security/...pedia/Entry.aspx?Name=Trojan:Win32/Pocyx.B!cl
I downloaded the file on my mac and sendt it through some online virus checkers.
Most of them are clearing the file. However the virustotal checker are reporting positives from Aegislab, Bkav, McAfee, Rising and Symantec.
Now, with the exception of the Microsoft site, most of the writeups I can find on this trojan are from the "free malware removal" sites with a distinctly hysterical tone.
So the question is - is this what I think it is - a totally bogus false positive? That is - the file is safe to use?
Johan-Kr
Hi, most probably a FP !
Here's the checksums for my copy of WinISD v0.7.950
SH1 = FF3AB5E7335D3FD010013B9B5BC56AEB6FE53DAF
MD5 = C54FF716A52C4715DF5FCB34B2719992
Upload again to VirusTotal & ensure the checksums match. If they do then 🙂 If not email linearteam & let them know 😉
Here's the checksums for my copy of WinISD v0.7.950
SH1 = FF3AB5E7335D3FD010013B9B5BC56AEB6FE53DAF
MD5 = C54FF716A52C4715DF5FCB34B2719992
Upload again to VirusTotal & ensure the checksums match. If they do then 🙂 If not email linearteam & let them know 😉
I downloaded my copy from their fascbook page back before they updated the website with link to the new version. Maybe you can still download from FB?
The hashes i've just obtained from VT are EXACTLY the same as my WinISD file i've been using for over a year !
As i have my PC Extremely locked down, & with a number of high quality security programs in place, plus Lots of security software tools/apps installed, if there was Anything even slightly dodgy with Any file, i would know immediately & it would be blocked.
Therefore that WinISD file is 100% safe for Sure. Those few detections on VT out of All the other clean ones = FP's = False Positives. It happens all the time, even from well know AV etc companies, has done since day one for AV's etc. They are Not perfect or foolproof 😛
HornResponse also gets FP's often from AV's 😡
As i have my PC Extremely locked down, & with a number of high quality security programs in place, plus Lots of security software tools/apps installed, if there was Anything even slightly dodgy with Any file, i would know immediately & it would be blocked.
Therefore that WinISD file is 100% safe for Sure. Those few detections on VT out of All the other clean ones = FP's = False Positives. It happens all the time, even from well know AV etc companies, has done since day one for AV's etc. They are Not perfect or foolproof 😛
HornResponse also gets FP's often from AV's 😡
- Status
- Not open for further replies.