Author Topic: Trojan in Server Download?  (Read 683 times)

Offline ve6ao

  • Remote Enthusiast
  • ***
  • Posts: 15
Trojan in Server Download?
« on: December 26, 2017, 10:11:30 am »
Downloaded RCForb_0.7.6532.exe today and Windows Defender reports it has a severe level trojan Fuerboox.A!cl and removed the file. Here is the report...


Category: Trojan

Description: This program is dangerous and executes commands from an attacker.

Recommended action: Remove this software immediately.

Items:
file:C:\Users\...\Downloads\RCForb_0.7.6532.exe

« Last Edit: December 26, 2017, 10:13:23 am by ve6ao »

Offline w8rj

  • Moderator
  • Remote Master
  • *****
  • Posts: 2352
Re: Trojan in Server Download?
« Reply #1 on: December 26, 2017, 11:22:54 am »
Looks like a false positive.

Here is a TotalVirus report:
https://www.virustotal.com/en/url/5f6feb8c87d1bbf83b839043076fb5eb3439e57886ba74a598eca514295f8f67/analysis/

You will need to add an exclusion to Windows Defender. I find adding a folder to the exclusion list and downloading into that folder the easiest.
73
Roger
W8RJ

Offline ve6ao

  • Remote Enthusiast
  • ***
  • Posts: 15
Re: Trojan in Server Download?
« Reply #2 on: December 27, 2017, 02:07:13 am »
Thanks for the reply. The new version 6532 is giving the alert but not the previous one. I noticed software developers can submit files that they feel are false positives to Microsoft. Might be worth doing since Windows Defender is so widely used:
https://www.microsoft.com/en-us/wdsi/filesubmission

« Last Edit: December 27, 2017, 06:06:27 am by ve6ao »

Offline w8rj

  • Moderator
  • Remote Master
  • *****
  • Posts: 2352
Re: Trojan in Server Download?
« Reply #3 on: December 27, 2017, 11:58:05 am »
We have submitted the file for Microsoft to evaluate. Below is a link to a pre-release version of definitions for Windows Defender and it looks like the false positive is gone or will be gone on the next definition update.

https://www.microsoft.com/en-us/wdsi/definitions/prerelease-antimalware-definitions
« Last Edit: December 27, 2017, 12:10:32 pm by w8rj »
73
Roger
W8RJ

Offline ve6ao

  • Remote Enthusiast
  • ***
  • Posts: 15
Re: Trojan in Server Download?
« Reply #4 on: December 27, 2017, 02:54:18 pm »
Thanks Roger, good news that it appears to be corrected in the next definition update.