Trojan:Win32/Spursint.A

Advanced Renamer forum
#1 : 02/01-16 18:58
HackerJax
HackerJax
Posts: 1
Went to download the latest version this morning, but Microsoft Security Essentials quarantined it. The prior release scanned fine.


02/01-16 18:58
#2 : 02/01-16 22:12
Kim Jensen
Kim Jensen
Administrator
Posts: 775
Reply to #1:
Have you downloaded the program from this website? Do both the installer and the zip file have the problem? Is the file flagged prior or after the installation/unzip of the program?

I am running Windows 10, so I cannot install MS Security Essentials to check, but I have checked the files with BitDefender and Microsoft Defender and everything is reported clean. I think this is a false positive. By searching the web, I can see that this is pretty normal for MSSE and this particular trojan.

I haven't had an infected computer for more than 10 years (maybe 15). My primary operating system these days is Ubuntu Linux. My main reason for booting Windows is to work on Advanced Renamer. So I doubt this file is infected.

Is your installation of MSSE up to date?


02/01-16 22:12 - edited 02/01-16 22:14
#3 : 03/01-16 05:46
David Cook
David Cook
Posts: 1
Reply to #2:

I'm getting a trojan alert also, but in my case, Windows Defender is reporting Trojan:Win32/Spallowz.A!plock

Definition is 1.213.1600.0, last updated today.


03/01-16 05:46
#4 : 03/01-16 07:41
Cody Page
Cody Page
Posts: 2
I'm also having this issue. Got a notification from Windows Defender:
"Trojan:Win32/Spallowz.A!plock"


03/01-16 07:41
#5 : 03/01-16 11:49
Kim Jensen
Kim Jensen
Administrator
Posts: 775
I have compiled a new version with a new version of the installer program. Will you try and download it and test if you are still experiencing problems?

I will file a false positive report to Microsoft.


03/01-16 11:49
#6 : 03/01-16 19:11
Cody Page
Cody Page
Posts: 2
Reply to #5:

I downloaded the latest version as suggested. Same issue as before although the virus name is slightly different.

Here's an image: http://i.imgur.com/VKt1DHB.png


03/01-16 19:11
#7 : 04/01-16 21:23
Gary Kalwaytis
Gary Kalwaytis
Posts: 3
Reply to #2:
I'm running Windows 10 PRO. It won't even let me attempt to download the new software version. This is from the original website and not a third party's website. Is your server hacked?


04/01-16 21:23
#8 : 05/01-16 08:30
Kim Jensen
Kim Jensen
Administrator
Posts: 775
Reply to #7:
The server is not hacked and the file is not containing virus or malware or similar. This is a false positive in Windows Defender. I have filed a bugreport to Microsoft. I downloaded the file this morning without problems, maybe the problem is already fixed? A restart may be needed to confirm.

This annoys me at least as much as it annoys you. It can be very difficult to convince Microsoft that they have made a mistake. Until they fix the faulty virus definition files, you can download the portable edition instead.


05/01-16 08:30
#9 : 02/02-16 22:24
Gary Kalwaytis
Gary Kalwaytis
Posts: 3
Reply to #8:
It's not just Microsoft. Although I do agree with you, most likely this is a false positive, two anti-virus companies flagged this program as malware. I have scanned your previous releases and they had no issues.

clamav 21332 0.97.5 2016-02-01 PUA.Spyware.XPCSpyPro
fprot 4.6.2.117 6.5.1.5418 2016-02-02 W32/Felix:CO:Delphi!Eldorado

I was able to download your program using Chrome. As with any program that I download, I examine it for virus/malware using virustotal, metascan and virscan. The above is what they found.

I am not a programmer, but it seems to me that something in your new code makes the virus scanners flag your program as malware.

I think that this is a very good program and I hate to see it's reputation tarnished by these false positives.


02/02-16 22:24
#10 : 03/02-16 08:28
Kim Jensen
Kim Jensen
Administrator
Posts: 775
Reply to #9:
If you experience these false positives, it is very important to report them to the producers of these antivirus/antimalware programs, so that they can fix the problem. Otherwise they don't know.

Something else that might help, until now the installer and executable has not been digitally signed. This is primary due to the fact that signatures has been rather expensive. This has changed, so that I can optain a signature for a reasonable amount of money. This means that the next version will probably be digitally signed, which should help antivirus programs to indentify that this program is legit.


03/02-16 08:28
#11 : 03/02-16 20:57
john
john
Posts: 5
For curiosity I downloaded Advanced Renamer to a Windows 10 laptop I have just to see what would happen.

I extracted the files and ran AREN and had no issues at all.

I don't use Win10 regularly. Only got it for testing. I don't like it!
I use Win7 and there are definitely no problems there.


03/02-16 20:57