7+ Taskbar Tweaker

[NomadicVoxel]

I keep getting this alert.
7tt_setup.exe has been detected as W32.4AA13D0FA8-95.LP.RET.SBX.TG.

I've used Taskbar Tweaker for years without issue, I have no idea what it's going on about... What's weirder is that it's going after the installer instead of any components of the app itself. Any idea what's going on?

File source: https://rammichael.com/downloads/7tt_setup.exe

[bellgamin]

I submitted the file to VirusTotal. Three scanners found the file was infected as follows:

BitDefender Theta --  Gen:NN.ZexaCO3.31176.dq0@ayV5l0ii

McAfee-GW-Edition -- BehavesLike.Win32.Dropper.tc

Ikarus -- Trojan.Crypt

NOTE: Virus Total uses ~35 independent antivirus scanners. Of these only 3 scanners (as listed above) reported the file as being infected. I also ran scans with my 2 on-board scanners (Zemana AntiMalware, & HitmanPro). Both scanners reported the file is clean.

MY CONCLUSION: I believe this file is a False Positive (FP) because:

1) Only a very small minority of scanners flagged the file as infected. The great majority of scanners reported it as okay.

2) This file does a lot of tweaks to Windows settings that are not usually tweakable by an average user.  Thus, its behavioral capabilities somewhat resemble capabilities of certain types of malware. This may account for the few *infected flags* that were raised.

3) You have used this app for a long time and (I assume) you have not encountered any of the usual evidences of computer infection.
 

Bottom Line: Personally, I would clear this file from Immunet's Quarantine and use it. But that's me, and not you. You have to decide for yourself. 

[Rob.T]

Great FP Analysis BellGamin,  I came to all the same points you did.  I'm m submitting this to  our internal virus analysis team for further review , only because it's a  perfect trojan, and it's a smaller /lesser known/used app (that being said I do remember using a taskbar tweaker back in the windows XP days.    Now I use classic start menu, though  I do note taskbar tweaker has more features than classic start menu, and all it's features work - another point in favor of it being a FP

 

That being said, there has been a growing trend of hacking source code access  to older indy projects,  injecting malware into them. And I want to make sure that isn't the case here as I vaguely remember using taskbar tweaker back in the windows XP days.    Now I use Classic start menu,  And it doe swht I ned but I also note taskbar tweaker has more features;

 

 

[bellgamin]

10Q for the additional info, Rob. Your course of follow-up action is quite prudent -- it further grows my confidence in Immunet.  By the way, I found it interesting that BitDefender was among the many scanners that gave the file a clean bill of health, whereas BitDefender Theta said it's malware. I had never before heard of BD's Theta fork. Do you know anything about it?

[Rob.T]

only from what I just read on  https://blog.virustotal.com/2019/10/virustotal-bitdefender-theta.html

 

tldr; Theta is bitDefenders  automated malware analysis engine.  all AVav companies, including Immunet, have  a few.  Some are better than others, but newer ones are always prone to FP's.     

[bellgamin]

10Q for the VT blog link. Verrry interesting! BitDefender (BD) is one of the better antiviruses but tends to be buggy  at times and has a fairly heavy footprint.