Virus flagged in windows client

by **Stoikva** » Thu Jan 17, 2019 2:14 pm

Via two AVs, Immunent (Clam powered) reporting Ratenjay backdoor. Cylance however is an artificial intelligence based analyiser and does not say what reason it suspects malicious intent but that didn't like it either.

This is what I have found on Ratenjay, which appears to be a RAT tool https://www.symantec.com/security-cente ... 12-1617-99

Posting this as a responsibiliy incase it is a virus but not making direct claim that it is one

by **Rapsey** » Thu Jan 17, 2019 2:29 pm

I'm pretty sure that's a false positive.

https://www.virustotal.com/#/url/06979b ... /detection

EDIT 1: One or two of them do seem to detect something on the file but most don't. Will continue digging.

EDIT 2: Those 2 positives only happen on the windows installer and on the portable client. The one things these clients have in common that the other clients don't have is that they have a Windows Java Runtime Environment packed in. Best guess: those 2 virus scanners are mistakenly identifying the core Java files as a virus.

EDIT 3: Further tests that all came up 100% clean:

https://virusscan.jotti.org/en-US/files ... s39v3jrks1
https://metadefender.opswat.com/results ... l/overview

by **Lysa arryn** » Thu Jan 17, 2019 3:20 pm

Rapsey wrote:https://virusscan.jotti.org/en-US/files ... s39v3jrks1

Ty now i can order gfuel with a discount code because of the ads on that site

by **Rapsey** » Thu Jan 17, 2019 5:44 pm

Fungamer wrote:
Rapsey wrote:https://virusscan.jotti.org/en-US/files ... s39v3jrks1

Ty now i can order gfuel with a discount code because of the ads on that site

What ads?

Spoiler: show

Maybe you should run a virus scan of your own.

by **Adam corrupt** » Thu Jan 17, 2019 6:02 pm

Fungamer wrote:
Rapsey wrote:https://virusscan.jotti.org/en-US/files ... s39v3jrks1

Ty now i can order gfuel with a discount code because of the ads on that site

Imagine not using an adblocker in 2019

by **Slap a ho** » Thu Jan 17, 2019 6:08 pm

Rapsey wrote:Maybe you should run a virus scan of your own.

I just spit out my fucking coffee :lol:

by **Lysa arryn** » Thu Jan 17, 2019 6:57 pm

Rapsey wrote:
Fungamer wrote:
Rapsey wrote:https://virusscan.jotti.org/en-US/files ... s39v3jrks1

Ty now i can order gfuel with a discount code because of the ads on that site

What ads?

Spoiler: show

Maybe you should run a virus scan of your own.

I legit got an ad for gfuel - an actual ad though, nothing malicious.

I'll screenshot the ad I'm getting if you want. Changes every time you reload (And no, I don't have any adware etc, just made sure prior to making this post :lol:

)

@adam not on my phone man

by **Rapsey** » Fri Jan 18, 2019 1:22 am

Fungamer wrote:(And no, I don't have any adware etc, just made sure prior to making this post )

You "just made sure" did ya. With superpowers like those I wouldn't worry about your future IT career.

by **Lysa arryn** » Fri Jan 18, 2019 2:08 am

Rapsey wrote:
Fungamer wrote:(And no, I don't have any adware etc, just made sure prior to making this post )

You "just made sure" did ya. With superpowers like those I wouldn't worry about your future IT career.

It's more or less being consistent not downloading much on my phone and running a few scans every now and then. Such IT, many wows. Guess I'll take a lengthy hiatus now that I've done something IT related and bamboozle everyone when I'm coming with stuff promised a couple of years ago. How did that overruling after years of disconnect with the community work out btw? Heard he saw the light and cashed out. :troll: