Hello,
Yesterday I installed WINRAR (downloaded from the official site). Today i did a full scan on my pc and it detected this file as Trojan. ProgramFiles\WINRAR\Default.SFX. The file is now in quarantaine. Is this a false positive?
Im pretty surprised because Winrar is a common used program. And I used it many years before.
thanks in advance.
[SOLVED] [04439300] Trojan WINRAR, false positive?
-
- Registered user
- Posts: 28
- Joined: Tue, 24 Sep 2013, 11:16
- VirusBuster
- Official moderator
- Posts: 7595
- Joined: Mon, 02 Apr 2012, 18:53
- Location: Panda HQ - Bilbao
Re: Trojan WINRAR, false positive?
What Winrar version did you install?
I have Winrar 5.40 (64 bits) installed and have scanned its installation folder and the file itself and nothing is being detected
Can you post a copy of the antivirus report?
I have Winrar 5.40 (64 bits) installed and have scanned its installation folder and the file itself and nothing is being detected
Can you post a copy of the antivirus report?
Regards,
Jorge Torre
TechSupport Department - Panda Security
I don't reply to private messages unless I have previously requested them
Jorge Torre
TechSupport Department - Panda Security
I don't reply to private messages unless I have previously requested them
-
- Registered user
- Posts: 28
- Joined: Tue, 24 Sep 2013, 11:16
Re: Trojan WINRAR, false positive?
EDIT: My bad, the file in the report which i said i scanned is the old winrar exe file which was still on my pc. I decided to download the newest version 5.40 from rarlabs and installed it. 5.40 is the version which give me the Trojan detection.VirusBuster wrote:What Winrar version did you install?
I have Winrar 5.40 (64 bits) installed and have scanned its installation folder and the file itself and nothing is being detected
Can you post a copy of the antivirus report?
-------
Thank you for the quick reply. Sorry for posting this in the wrong thread though, i just noticed it.
I've installed version 5.40 (64 bits) downloaded from rarlab.com As attachment the report. You can see i scanned the winrar.exe file yesterday after downloading and before installing winrar. Nothing found.
When installed it now says theres a trojan in the folder.
- Attachments
-
- panda.jpg (89.77 KiB) Viewed 12128 times
- VirusBuster
- Official moderator
- Posts: 7595
- Joined: Mon, 02 Apr 2012, 18:53
- Location: Panda HQ - Bilbao
Re: Trojan WINRAR, false positive?
We have created the case 04439300 for this issue
It seems to be language dependant as my Spanish version is not detected but your Dutch one is
We'll keep you updated
It seems to be language dependant as my Spanish version is not detected but your Dutch one is
We'll keep you updated
Regards,
Jorge Torre
TechSupport Department - Panda Security
I don't reply to private messages unless I have previously requested them
Jorge Torre
TechSupport Department - Panda Security
I don't reply to private messages unless I have previously requested them
-
- Registered user
- Posts: 28
- Joined: Tue, 24 Sep 2013, 11:16
Re: [04439300] Trojan WINRAR, false positive?
Thank you for making a case for this issue. I look forward to the results.
For now as it is nearly weekend, can i make the conclusion that this probably is a false Positive? (Are you 50%, 90% or 100% sure?)
For now as it is nearly weekend, can i make the conclusion that this probably is a false Positive? (Are you 50%, 90% or 100% sure?)
- VirusBuster
- Official moderator
- Posts: 7595
- Joined: Mon, 02 Apr 2012, 18:53
- Location: Panda HQ - Bilbao
Re: [04439300] Trojan WINRAR, false positive?
I would say 90% false positive
Regards,
Jorge Torre
TechSupport Department - Panda Security
I don't reply to private messages unless I have previously requested them
Jorge Torre
TechSupport Department - Panda Security
I don't reply to private messages unless I have previously requested them
-
- Registered user
- Posts: 28
- Joined: Tue, 24 Sep 2013, 11:16
Re: [04439300] Trojan WINRAR, false positive?
Ok so this evening (friday) i got a popup message from Panda saying that file 4c06138..... was removed from Quarantine. See attachment for log, but this is the english translation
Event: blocking item undone
Status: Panda Antivirus Pro has determined the file can be used
Panda renamed the file to a strange name with numbers and letters, is this really the default.sfx file from Winrar? I'm a bit worried and not sure because Panda changed the name.
So if the answer is yes the issue is basically solved but i've still a couple of questions.
1. In the Panda interface it says 0 files in quarantine, but the physical file is still in de Quarantine folder on my PC (ProgramData\PandaSecurityProtection\Quarantine) with the strange filename. Panda didnt move it to the original location in the Winrar folder.
2. Can I rename it to Default.sfx and move it to Winrar Folder in Program Files?
OR
3. Do I need to reinstall Winrar to check if the issue is solved, if i do this what do i need to do with the file with the strange name
Event: blocking item undone
Status: Panda Antivirus Pro has determined the file can be used
Panda renamed the file to a strange name with numbers and letters, is this really the default.sfx file from Winrar? I'm a bit worried and not sure because Panda changed the name.
So if the answer is yes the issue is basically solved but i've still a couple of questions.
1. In the Panda interface it says 0 files in quarantine, but the physical file is still in de Quarantine folder on my PC (ProgramData\PandaSecurityProtection\Quarantine) with the strange filename. Panda didnt move it to the original location in the Winrar folder.
2. Can I rename it to Default.sfx and move it to Winrar Folder in Program Files?
OR
3. Do I need to reinstall Winrar to check if the issue is solved, if i do this what do i need to do with the file with the strange name
- Attachments
-
- panda2.jpg (91.22 KiB) Viewed 12062 times
Re: [04439300] Trojan WINRAR, false positive?
Hi,
the file has been reclasified.
Regards,
the file has been reclasified.
Regards,