NomadicVoxel Posted November 3, 2019 Report Share Posted November 3, 2019 I keep getting this alert. 7tt_setup.exe has been detected as W32.4AA13D0FA8-95.LP.RET.SBX.TG. I've used Taskbar Tweaker for years without issue, I have no idea what it's going on about... What's weirder is that it's going after the installer instead of any components of the app itself. Any idea what's going on? File source: https://rammichael.com/downloads/7tt_setup.exe Link to comment Share on other sites More sharing options...
bellgamin Posted November 4, 2019 Report Share Posted November 4, 2019 I submitted the file to VirusTotal. Three scanners found the file was infected as follows: BitDefender Theta -- Gen:NN.ZexaCO3.31176.dq0@ayV5l0ii McAfee-GW-Edition -- BehavesLike.Win32.Dropper.tc Ikarus -- Trojan.Crypt NOTE: Virus Total uses ~35 independent antivirus scanners. Of these only 3 scanners (as listed above) reported the file as being infected. I also ran scans with my 2 on-board scanners (Zemana AntiMalware, & HitmanPro). Both scanners reported the file is clean. MY CONCLUSION: I believe this file is a False Positive (FP) because: 1) Only a very small minority of scanners flagged the file as infected. The great majority of scanners reported it as okay. 2) This file does a lot of tweaks to Windows settings that are not usually tweakable by an average user. Thus, its behavioral capabilities somewhat resemble capabilities of certain types of malware. This may account for the few *infected flags* that were raised. 3) You have used this app for a long time and (I assume) you have not encountered any of the usual evidences of computer infection. Bottom Line: Personally, I would clear this file from Immunet's Quarantine and use it. But that's me, and not you. You have to decide for yourself. Link to comment Share on other sites More sharing options...
Rob.T Posted November 4, 2019 Report Share Posted November 4, 2019 Great FP Analysis BellGamin, I came to all the same points you did. I'm m submitting this to our internal virus analysis team for further review , only because it's a perfect trojan, and it's a smaller /lesser known/used app (that being said I do remember using a taskbar tweaker back in the windows XP days. Now I use classic start menu, though I do note taskbar tweaker has more features than classic start menu, and all it's features work - another point in favor of it being a FP That being said, there has been a growing trend of hacking source code access to older indy projects, injecting malware into them. And I want to make sure that isn't the case here as I vaguely remember using taskbar tweaker back in the windows XP days. Now I use Classic start menu, And it doe swht I ned but I also note taskbar tweaker has more features; 1 Link to comment Share on other sites More sharing options...
bellgamin Posted November 5, 2019 Report Share Posted November 5, 2019 10Q for the additional info, Rob. Your course of follow-up action is quite prudent -- it further grows my confidence in Immunet. By the way, I found it interesting that BitDefender was among the many scanners that gave the file a clean bill of health, whereas BitDefender Theta said it's malware. I had never before heard of BD's Theta fork. Do you know anything about it? Link to comment Share on other sites More sharing options...
Rob.T Posted November 5, 2019 Report Share Posted November 5, 2019 only from what I just read on https://blog.virustotal.com/2019/10/virustotal-bitdefender-theta.html tldr; Theta is bitDefenders automated malware analysis engine. all AVav companies, including Immunet, have a few. Some are better than others, but newer ones are always prone to FP's. 1 Link to comment Share on other sites More sharing options...
bellgamin Posted November 5, 2019 Report Share Posted November 5, 2019 10Q for the VT blog link. Verrry interesting! BitDefender (BD) is one of the better antiviruses but tends to be buggy at times and has a fairly heavy footprint. Link to comment Share on other sites More sharing options...
Recommended Posts
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now