Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Virus WHY?
#1
Hi,

I downloaded WinToUSB_Setup.exe from this web site from clicking the FREE link to try it.
I installed it and then went to make a Windows 8.1 Pro pen stick. I left it and come back to see the following message...

26.04.2016 16.17.15;Detected object (process memory) was deleted.;c:\program files\wintousb\bin\wintousb.exe;c:\program files\wintousb\bin\wintousb.exe;PDM:Trojan.Win32.Generic;Other malware;04/26/2016 16:17:15

Kaspersky then did a roll back of infected files and prompted a reboot.
Then it performed a full scan.

So has your setup file been exploited?

Thanks.
Reply
#2
Due to the information 'Trojan.Win32.Generic' it was found by heuristic scan and could also be a false/positive.
Regards,
amo001
Reply
#3
I'm pretty sure this is a false virus report, and we using nod32 and avast, there is no such problem.
Reply
#4
(04-27-2016, 09:36 PM)admin Wrote: I'm pretty sure this is a false virus report, and we using nod32 and avast, there is no such problem.

Hi,

Are you sure that the installer has not been compromised on the server?
Is it possible to get an MD5 check done on it?
Reply
#5
I think it is impossible. And the md5 of the latest version is D15C87B958605DB42BBF4E8C1A5EC68A.
Reply
#6
Hi,

Would the file that was put on the server not MD5 hashed?
That way it can be checked to ensure no one changes the file.

I'm not saying this is what HAS happened. But possibilities are better off being eliminated.
But you hear of web sites been exploited all the time. So I was curious what the original MD5 was to
check this for myself.

Where did you get the MD5 hash from? Do you have that info from the original upload or did you get it off the site now?

Thanks
Reply
#7
(04-27-2016, 11:30 PM)Lien1454 Wrote: Hi,

Would the file that was put on the server not MD5 hashed?
That way it can be checked to ensure no one changes the file.

I'm not saying this is what HAS happened. But possibilities are better off being eliminated.
But you hear of web sites been exploited all the time. So I was curious what the original MD5 was to
check this for myself.

Where did you get the MD5 hash from? Do you have that info from the original upload or did you get it off the site now?

Thanks

The MD5 ‘D15C87B958605DB42BBF4E8C1A5EC68A’ is for original setup file before uploading  to the site.
Reply


Forum Jump:


Users browsing this thread: 2 Guest(s)