Hope this is the right subforum; I did not see an area for cloud-scan.
I tried to install the client for my vpn service on my Windows 8.1 laptop.
Cloud scan declared a trojan during the install and stopped it.
Manual viruscan on the identified file, vpn-unlimited_2.4.exe, passes.
Tried to submit for analysis, but submit fails.
(something about file too big I think–window cannot be expanded to read it all)
Now I am in a fix—VPN I bought is useless if I cannot install the client.
I could exit CIS for the install, but what if the ID is real!
What to do?
What was the specific virus signature that the cloud scan alert say? Can you post a screenshot of the antivirus event logs? Where did you download the application from was it from the official website or a third-party offering the download?
See image for 1st 2 questions
2nd 2 questions–yes, downloaded from the VPN provider’s page
I received an answer to ticket created for this–they gave me a link that would accept the upload for test…results–
• File Info
Name Value
Size 8949296
MD5 333e0770afc08b9d8293d032387a0670
SHA1 0afaccbafa50995e38ed65c7fcc322e3c0a2aed2
SHA256 e48d7e13b2b09be6fcc9439b0cb47655853342f252f1b548c7c8359374d9f43f
Process Active
• Keys Created: None
• Keys Changed: None
• Keys Deleted: None
• Values Created: None
• Values Changed: None
• Values Deleted: None
• Directories Created
Name Last Write Time Creation Time Last Access Time Attr
C:\Documents and Settings\User\Local Settings\Temp\is-IQM7G.tmp 2009.01.09 10:37:31.781 2009.01.09 10:37:31.765 2009.01.09 10:37:31.781 0x10
C:\Documents and Settings\User\Local Settings\Temp\is-V40AP.tmp 2009.01.09 10:37:32.828 2009.01.09 10:37:32.781 2009.01.09 10:37:32.828 0x10
C:\Documents and Settings\User\Local Settings\Temp\is-V40AP.tmp\_isetup 2009.01.09 10:37:32.843 2009.01.09 10:37:32.828 2009.01.09 10:37:32.843 0x10
• Directories Changed: None
• Directories Deleted: None
• Files Created
Name Size
Last Write Time Creation Time Last Access Time Attr
C:\Documents and Settings\User\Local Settings\Temp\is-IQM7G.tmp\sample.tmp 760968
2009.01.09 10:37:32.062 2009.01.09 10:37:31.781 2009.01.09 10:37:31.781 0x20
C:\Documents and Settings\User\Local Settings\Temp\is-V40AP.tmp\_isetup\_shfoldr.dll 23312
09.01.09 10:37:32.843 2009.01.09 10:37:32.843 2009.01.09 10:37:32.843 0x20
• Files Changed: None
• Files Deleted: None
• Directories Hidden: None
• Files Hidden: None
• Drivers Loaded: None
• Drivers Unloaded: None
• Processes Created
PId Process Name Image Name
0x4c0 sample.tmp C:\DOCUME~1\User\LOCALS~1\Temp\is-IQM7G.tmp\sample.tmp
• Processes Terminated: None
• Threads Created
PId Process Name TId Start Start Mem Win32 Start Win32 Start Mem
0x2b0 lsass.exe 0x4b4 0x7c810856 MEM_IMAGE 0x77e76bf0 MEM_IMAGE
0x4c0 sample.tmp 0x4b0 0x7c810867 MEM_IMAGE 0x4990e8 MEM_IMAGE
• Modules Loaded: None
• Windows Api Calls: None
• DNS Queries: None
• HTTP Queries: None
• Verdict
Auto Analysis Verdict
Undetected
• Events Created or Opened
PId Image Name Address
Event Name
0x4c0 C:\DOCUME~1\User\LOCALS~1\Temp\is-IQM7G.tmp\sample.tmp 0x769c4ec2
Global\userenv: User Profile setup event
…which leaves the question of why, if this tests clean, did the cloud scan burp?
[attachment deleted by admin]