ShellfishBustard Posted October 6, 2021 Report Share Posted October 6, 2021 (edited) I am using Immunet 7.4.4.20633 on Windows 10 Pro 64-Bit 1904. I ran a full scan and it detected a lot of files from LibreOffice (Installed using Choco) supposedly being infected so I want to check if they're false positive. Here is a list of all detected files with their virus signatures. C:\Program Files\LibreOffice\program\gengal.exe: Win.Malware.Dqan-9897603-0 FOUND C:\Program Files\LibreOffice\program\minidump_upload.exe: Win.Malware.Dqan-9897603-0 FOUND C:\Program Files\LibreOffice\program\odbcconfig.exe: Win.Malware.Dqan-9897603-0 FOUND C:\Program Files\LibreOffice\program\opencltest.exe: Win.Malware.Dqan-9897603-0 FOUND C:\Program Files\LibreOffice\program\python.exe: Win.Malware.Dqan-9897603-0 FOUND C:\Program Files\LibreOffice\program\quickstart.exe: Win.Malware.Dqan-9897603-0 FOUND C:\Program Files\LibreOffice\program\regmerge.exe: Win.Malware.Dqan-9897603-0 FOUND C:\Program Files\LibreOffice\program\regview.exe: Win.Malware.Dqan-9897603-0 FOUND C:\Program Files\LibreOffice\program\sbase.exe: Win.Malware.Dqan-9897603-0 FOUND C:\Program Files\LibreOffice\program\scalc.exe: Win.Malware.Dqan-9897603-0 FOUND C:\Program Files\LibreOffice\program\sdraw.exe: Win.Malware.Dqan-9897603-0 FOUND C:\Program Files\LibreOffice\program\senddoc.exe: Win.Malware.Dqan-9897603-0 FOUND C:\Program Files\LibreOffice\program\simpress.exe: Win.Malware.Dqan-9897603-0 FOUND C:\Program Files\LibreOffice\program\smath.exe: Win.Malware.Dqan-9897603-0 FOUND C:\Program Files\LibreOffice\program\soffice.bin: Win.Malware.Dqan-9897603-0 FOUND C:\Program Files\LibreOffice\program\soffice.com: Win.Malware.Dqan-9897603-0 FOUND C:\Program Files\LibreOffice\program\soffice.exe: Win.Malware.Dqan-9897603-0 FOUND C:\Program Files\LibreOffice\program\soffice_safe.exe: Win.Malware.Dqan-9897603-0 FOUND C:\Program Files\LibreOffice\program\spsupp_helper.exe: Win.Malware.Dqan-9897603-0 FOUND C:\Program Files\LibreOffice\program\sweb.exe: Win.Malware.Dqan-9897603-0 FOUND C:\Program Files\LibreOffice\program\swriter.exe: Win.Malware.Dqan-9897603-0 FOUND C:\Program Files\LibreOffice\program\twain32shim.exe: Win.Malware.Dqan-9897603-0 FOUND C:\Program Files\LibreOffice\program\ui-previewer.exe: Win.Malware.Dqan-9897603-0 FOUND C:\Program Files\LibreOffice\program\uno.exe: Win.Malware.Dqan-9897603-0 FOUND C:\Program Files\LibreOffice\program\unoinfo.exe: Win.Malware.Dqan-9897603-0 FOUND C:\Program Files\LibreOffice\program\unopkg.bin: Win.Malware.Dqan-9897603-0 FOUND C:\Program Files\LibreOffice\program\unopkg.com: Win.Malware.Dqan-9897603-0 FOUND C:\Program Files\LibreOffice\program\unopkg.exe: Win.Malware.Dqan-9897603-0 FOUND C:\Program Files\LibreOffice\program\xpdfimport.exe: Win.Malware.Dqan-9897603-0 FOUND The files themselves are in a compressed 7z file attached here in this link. https://use03.thegood.cloud/s/2T4kyePX2JSQNHZ You will be prompted for a password to access it, which is in a text file attached to this post. Password.txt Edited October 6, 2021 by ShellfishBustard I was going to attach my files directly on the post but the upload limit is too unforgiving. Link to comment Share on other sites More sharing options...
ritchie58 Posted October 6, 2021 Report Share Posted October 6, 2021 Immunet does have it's own False Positive reporting site here. https://www.immunet.com/false_positive It wouldn't be a bad idea to also submit your FP data at that link. Don't forget to mention that you already created this topic at this section of the forum in your FP report in case a dev would like to view it. I did some investigating and could find no evidence that LibreOffice is malicious in any way & it is legitimate software that's been around for years so I would concur it is a False Positive. After submitting your FP report but still wish to use the document program now might I suggest you create a custom Exclusion rule with Immunet for LibreOffice. Use this file path for the Exclusion. C:\Program Files\LibreOffice\program That should work but you may have to exclude the entire 7zip folder as well. Let me know if these exclusions don't work. If you're not sure how to create a custom Exclusion rule with Immunet feel free to add another thread to this topic & I can give you detailed instructions on how accomplish this. Link to comment Share on other sites More sharing options...
Recommended Posts
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now