Author Topic: 7zip x64 v1801 - detected by VirusScope as Generic.Trojan  (Read 911 times)

Offline justin_smith

  • Comodo Family Member
  • ***
  • Posts: 75
7zip x64 v1801 - detected by VirusScope as Generic.Trojan
« on: March 11, 2018, 05:31:22 PM »
I don't know if it's a false positive or not. Please let me know!

I downloaded this latest version of 7zip x64 from 7-zip.org site and when installing I got a VirusScope event saying it has a Generic.Trojan [at] 137 [at] 1.

Attached zip file contains the executable.

TotalVirus page link:
https://www.virustotal.com/#/file/86670d63429281a4a65c36919ca0f3099e3f803e3096c3a9722d61b3d31e4a9f/detection

Comodo VirusScope version details:
    recognizerCryptolocker.dll 1.11.0.135
    recognizer_v10.1.0.6476.dll  10.1.0.6476

Offline Deepak PV

  • Comodo Staff
  • Comodo Member
  • *****
  • Posts: 37
Re: 7zip x64 v1801 - detected by VirusScope as Generic.Trojan
« Reply #1 on: March 11, 2018, 10:48:50 PM »
Hi justin_smith,

Thank you for reporting this.
We'll check them and get back to you soon.

Regards,
Deepak PV

Offline Deepak PV

  • Comodo Staff
  • Comodo Member
  • *****
  • Posts: 37
Re: 7zip x64 v1801 - detected by VirusScope as Generic.Trojan
« Reply #2 on: March 12, 2018, 12:10:42 AM »
Hi justin_smith,

The sample you have submitted as false-positive is Not Detected by Comodo Internet Security version 10.2.0.6514 with database version 28664
Please make sure the Antivirus database is updated and check again. If detection is still present, please submit the file to
http://www.comodo.com/home/internet-security/submit.php.
SHA1:0a5059aaf7f0006c09632ebe39abae37cd739011  7z1801-x64.exe

Regards,
Deepak PV

Offline justin_smith

  • Comodo Family Member
  • ***
  • Posts: 75
Re: 7zip x64 v1801 - detected by VirusScope as Generic.Trojan
« Reply #3 on: March 12, 2018, 08:24:32 PM »
Deepak, please note that it's the VirusScope that flags this item, not AV. Is that the same thing? Sorry if a dumb question.

Offline futuretech

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 4308
Re: 7zip x64 v1801 - detected by VirusScope as Generic.Trojan
« Reply #4 on: March 13, 2018, 01:47:32 PM »
Deepak, please note that it's the VirusScope that flags this item, not AV. Is that the same thing? Sorry if a dumb question.
No, VirusScope is comodo's behavior blocker which monitors for suspicious activities by unknown applications, the 7zip installer is trusted so I'm not sure why VirusScope was monitoring it. Make sure the installer is rated trusted in the file list.

Offline justin_smith

  • Comodo Family Member
  • ***
  • Posts: 75
Re: 7zip x64 v1801 - detected by VirusScope as Generic.Trojan
« Reply #5 on: March 14, 2018, 04:57:55 PM »
The install file (7z1801-x64.exe) and all the (7-z*exe) files it installed into Program Files and Program Files (x86) are Unrecognized in File List.

Offline qmarius

  • Star Group
  • Comodo's Hero
  • *****
  • Posts: 3843
  • making simple things complicated
Re: 7zip x64 v1801 - detected by VirusScope as Generic.Trojan
« Reply #6 on: March 14, 2018, 05:02:36 PM »
Lookup probably failed for some reason. Try performing a lookup in File List. Provided hash is the correct one... it's trusted.

Offline justin_smith

  • Comodo Family Member
  • ***
  • Posts: 75
Re: 7zip x64 v1801 - detected by VirusScope as Generic.Trojan
« Reply #7 on: March 15, 2018, 05:06:33 PM »
Ahh! Thank you! That's was it. I was offline I bet when I was installing it.

Now I tried the Lookup feature (did not know it existed!) and they got cleared up.

Questions:

1. I noticed C:\Windows\system32\cscript.exe is Untrusted too (the only one remaining!) and Lookup for it shows Trusted rating but for some reason it does not get changed to being trusted and remains Untrusted with Orange question mark next to it (not the regular gray question mark)

2. I wanted to remove some of the older files from the list. When I click Purge however, it shows not just selected but ALL files it wants to purge. It says they are NOT valid files but I see many of them still exist on the system. Anyway, I later found "Remove" option and used that instead of Purge to purge some older non-existing files.

Thanks!

Offline futuretech

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 4308
Re: 7zip x64 v1801 - detected by VirusScope as Generic.Trojan
« Reply #8 on: March 15, 2018, 05:18:37 PM »
Ahh! Thank you! That's was it. I was offline I bet when I was installing it.

Now I tried the Lookup feature (did not know it existed!) and they got cleared up.

Questions:

1. I noticed C:\Windows\system32\cscript.exe is Untrusted too (the only one remaining!) and Lookup for it shows Trusted rating but for some reason it does not get changed to being trusted and remains Untrusted with Orange question mark next to it (not the regular gray question mark)
The file list is not dynamic, you would need to close and re-open file list to see the change.

Quote
2. I wanted to remove some of the older files from the list. When I click Purge however, it shows not just selected but ALL files it wants to purge. It says they are NOT valid files but I see many of them still exist on the system. Anyway, I later found "Remove" option and used that instead of Purge to purge some older non-existing files.
file list keeps track of each file per file hash, so if hash changes then the entry with the previous hash becomes invalid.

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek