Jump to content
NomadicVoxel

7+ Taskbar Tweaker

Recommended Posts

I keep getting this alert.
7tt_setup.exe has been detected as W32.4AA13D0FA8-95.LP.RET.SBX.TG.

I've used Taskbar Tweaker for years without issue, I have no idea what it's going on about... What's weirder is that it's going after the installer instead of any components of the app itself. Any idea what's going on?

File source: https://rammichael.com/downloads/7tt_setup.exe

Share this post


Link to post
Share on other sites

I submitted the file to VirusTotal. Three scanners found the file was infected as follows:

BitDefender Theta --  Gen:NN.ZexaCO3.31176.dq0@ayV5l0ii

McAfee-GW-Edition -- BehavesLike.Win32.Dropper.tc

Ikarus -- Trojan.Crypt

NOTE: Virus Total uses ~35 independent antivirus scanners. Of these only 3 scanners (as listed above) reported the file as being infected. I also ran scans with my 2 on-board scanners (Zemana AntiMalware, & HitmanPro). Both scanners reported the file is clean.

MY CONCLUSION: I believe this file is a False Positive (FP) because:

1) Only a very small minority of scanners flagged the file as infected. The great majority of scanners reported it as okay.

2) This file does a lot of tweaks to Windows settings that are not usually tweakable by an average user.  Thus, its behavioral capabilities somewhat resemble capabilities of certain types of malware. This may account for the few *infected flags* that were raised.

3) You have used this app for a long time and (I assume) you have not encountered any of the usual evidences of computer infection.
 

Bottom Line: Personally, I would clear this file from Immunet's Quarantine and use it. But that's me, and not you. You have to decide for yourself. 

Share this post


Link to post
Share on other sites

Great FP Analysis BellGamin,  I came to all the same points you did.  I'm m submitting this to  our internal virus analysis team for further review , only because it's a  perfect trojan, and it's a smaller /lesser known/used app (that being said I do remember using a taskbar tweaker back in the windows XP days.    Now I use classic start menu, though  I do note taskbar tweaker has more features than classic start menu, and all it's features work - another point in favor of it being a FP

 

That being said, there has been a growing trend of hacking source code access  to older indy projects,  injecting malware into them. And I want to make sure that isn't the case here as I vaguely remember using taskbar tweaker back in the windows XP days.    Now I use Classic start menu,  And it doe swht I ned but I also note taskbar tweaker has more features;

 

 

  • Thanks 1

Share this post


Link to post
Share on other sites

10Q for the additional info, Rob. Your course of follow-up action is quite prudent -- it further grows my confidence in Immunet.  By the way, I found it interesting that BitDefender was among the many scanners that gave the file a clean bill of health, whereas BitDefender Theta said it's malware. I had never before heard of BD's Theta fork. Do you know anything about it?

Share this post


Link to post
Share on other sites

10Q for the VT blog link. Verrry interesting! BitDefender (BD) is one of the better antiviruses but tends to be buggy  at times and has a fairly heavy footprint.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...