Jump to content


Photo

Immunet 5 Installation File Is A Sality File Infector Virus!?

virus malware infection file infector immunet 5 immunet installation virus.win32.sality.at immunet ImmunetSetup-5.0.0.exe ImmunetSetup.exe

  • Please log in to reply
3 replies to this topic

#1 Master_Kaina

Master_Kaina

    Newbie

  • Members
  • Pip
  • 3 posts
  • LocationU.S.A.

Posted 10 September 2016 - 03:19 AM

Hello,

 

Perhaps I should have posted here instead? Please refer to my Immunet Security Advisory post in this forum. In a nutshell, the ImmunetSetup-5.0.0.exe installation file is flagged as a virus.win32.sality.at as well as the current downloadable upgrade file ImmunetSetup.exe . . . My research shows this is an EXTREMELY DANGEROUS file infector! Please advise . . . I have not uninstalled Immunet yet in hopes that this is a false positive, but I may do so anyway just in case. My old Immunet 3 installation file does not get flagged by any scanners so I may resort back to that.

 

Thank you in advance for replying to my concerns!

 

Sincerely,

Mike

 

P.S.

Ok so this post is allowing files to be attached (the post I made in the Security Advisory forum did not). Below are screenshots (however it would not allow me to attach the two infected Immunet 5 setup files in question, reading "Error You aren't permitted to upload this kind of file").

 

 

Attached File  Immunet Virus.JPG   32.5KB   0 downloads

 

Attached File  Immunet Virus 2.JPG   40.23KB   0 downloads

 

Here is the most recent:

 

Attached File  Capture.JPG   38.67KB   0 downloads

 

 


Edited by Master_Kaina, 10 September 2016 - 03:31 AM.


#2 ritchie58

ritchie58

    Staff Member

  • Moderators
  • 1,833 posts
  • LocationOil City, Pa. U.S.A.

Posted 12 September 2016 - 03:03 AM

"If a security company issued malicious installers they certainly wouldn't be in business for very long!" Obviously these are false positives Kaina. That's one of the main reasons why we rely on a boot-strapper installer for Immunet and don't normally issue off-line installers. Off-line installers can be changed by a hacker or other nefarious entity to include malicious code.

Cheers, Ritchie...


* Immunet Global Forum Moderator *


#3 Master_Kaina

Master_Kaina

    Newbie

  • Members
  • Pip
  • 3 posts
  • LocationU.S.A.

Posted 12 September 2016 - 09:42 AM

"If a security company issued malicious installers they certainly wouldn't be in business for very long!" Obviously these are false positives Kaina. That's one of the main reasons why we rely on a boot-strapper installer for Immunet and don't normally issue off-line installers. Off-line installers can be changed by a hacker or other nefarious entity to include malicious code.

Cheers, Ritchie...

 

Thanks for your reply Ritchie,

 

Not saying Immunet is purposely issuing "malicious installers" as you say, far from it. This of course is not to be taken for granted though, we both know that there are indeed "security" companies who have bundled unwanted components into their antivirus software (or worse). I like Immunet as a lightweight second layer of protection and I enjoy doing my part in allowing it to collect my data in order to benefit others in the community (and I don't mind contributing to Immunet's profits by doing so).

 

I of course presumed these must be "false positives" which is I way I posted here rather than shredding the files, posting to outside blogs on a rampage to boycott Immunet but I don't get why the Immunet 5 installer(s) are setup differently than the most recent Immunet 3 installer before it. Just seems to me that non-expert power users such as myself would have more peace of mind not having to worry about any positives rather than having to decide whether or not to risk it.

 

Why was the Immunet 5 installer created in such a way that it flags potential positives from scans rather than just keeping with the same as the Immunet 3 installer which is safe according to every scan? What's different about Immunet 5 which is causing this?

 

I'm back to using Immunet 3 . . . The reminder pop-up I keep getting again to show Immunet 5 is available is fine, that's what made me upgrade to begin with, but why can't it just upgrade via an update rather than forcing the user to download a false positive installer? I'm obviously not a professional programmer but it seems strange to risk positives of any kind . . . Just seems logical to make the upgrade in a way so that there are no positives!

 

Thanks again Ritchie!

 

-Mike



#4 ritchie58

ritchie58

    Staff Member

  • Moderators
  • 1,833 posts
  • LocationOil City, Pa. U.S.A.

Posted 13 September 2016 - 02:29 AM

Hi Mike, I certainly understand your concerns about the false positives. I find that rather disconcerting myself and would also like an explanation as to why the installer is being flagged as malicious. That would have to come from someone in the development department.

 

You're also right about software vendors bundling other products into their installers these days. Most do it for the extra revenue it creates. If installing new software one has to be careful what one clicks on during the install process or you may end up with stuff you didn't want.

 

Best wishes, Ritchie...


* Immunet Global Forum Moderator *






Also tagged with one or more of these keywords: virus, malware, infection, file infector, immunet 5, immunet installation, virus.win32.sality.at, immunet, ImmunetSetup-5.0.0.exe, ImmunetSetup.exe

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users