MLV Update 4.1.17 seen as Trojan

Questions specific to Megalogviewer

Moderator: LT401Vette

Post Reply
Blown88GT
Super MS/Extra'er
Posts: 929
Joined: Sun Dec 15, 2013 7:53 pm
Location: South Florida

MLV Update 4.1.17 seen as Trojan

Post by Blown88GT »

MLV detected update 4.1.17
Update downloaded & Windows Defender detected Trojan.
1st time ever & probably a false detection.
https://www.microsoft.com/en-us/wdsi/th ... terprise=0

Defender wanted a reboot, file has been quarantined.
MLV says it's updated to 4.1.17 & appears to be working.
OS: Windows 10-Pro 64-bit. Ver 1703 (OS Build 15063.483)
1988 Mustang GT, 59k miles, Orig Owner
ProCharger 600B I/C, 12psi, FRP Hdrs, Flwmstr F2, 3G Alt, Contour Fan & DCC, 3.55's, Prog Sprg, Subfms, UCA, LCA, FCA, Tokico 5's, Bridgestone RE-71R 245/40R17, Crane HI-6, Kirban FPR, MS2, DIYPNPF60, Spartan 2, C&L76mm blo-thru MAF, 47lb FRP-LU47
LT401Vette
Super MS/Extra'er
Posts: 12697
Joined: Sat Jul 16, 2005 8:07 am
Location: Moorseville, NC
Contact:

Re: MLV Update 4.1.17 seen as Trojan

Post by LT401Vette »

Hmm, interesting...

There have been some false positives in the past with 3rd party virus detection.

This is Windows built in virus detection, correct?

I just tried a clean install of the MegaLogViewer MS 64 bit on another Windows 10 (1703 64 bit) using Windows built in virus protection and didn't have any issue.

In your screenshot it looks like it is the MegaLogViewer.exe file itself, which hasn't changed and the digital signature is in tact.

As yours is in quarantine, I guess you can't check the digital signature..

This was the 64 bit for you too?
Phil Tobin
EFI Analytics, helping to simplify EFI
Next Generation tuning software.
Supporting all MegaSquirt versions and firmwares.
http://www.TunerStudio.com
http://www.efiAnalytics.com/MegaLogViewer/
Support the firmware running your engine:
http://www.msextra.com/doc/donations.html
Blown88GT
Super MS/Extra'er
Posts: 929
Joined: Sun Dec 15, 2013 7:53 pm
Location: South Florida

Re: MLV Update 4.1.17 seen as Trojan

Post by Blown88GT »

LT401Vette wrote:Hmm, interesting...

There have been some false positives in the past with 3rd party virus detection.

This is Windows built in virus detection, correct? Yes

I just tried a clean install of the MegaLogViewer MS 64 bit on another Windows 10 (1703 64 bit) using Windows built in virus protection and didn't have any issue.

In your screenshot it looks like it is the MegaLogViewer.exe file itself, which hasn't changed and the digital signature is in tact.

As yours is in quarantine, I guess you can't check the digital signature..searching C-drive for megalogviewer.exe...nothing found.
File has been stored alpha-numeric filename in C:\ProgramData\Microsoft\Windows Defender\Quarantine\ResourceData\FC
557kB


This was the 64 bit for you too? Yes
It flagged the file during the download update. Happened so fast, didn't know what was happening.
Haven't tried to run MLV on the other machines, since all have the same OS.
This file exists: MegaLogViewer(x64).exe
It is the one that is running now, it has a date of 3/14/2013 & has no digital signature. Version is 4.1.17, shown after program execution.
Is megalogviewer.exe the 32-bit file it was downloading?
Where is the MegaLogViewer(x64).exe 4.1.7 version?

The folder contents are significantly different from a machine which has not been updated.
1988 Mustang GT, 59k miles, Orig Owner
ProCharger 600B I/C, 12psi, FRP Hdrs, Flwmstr F2, 3G Alt, Contour Fan & DCC, 3.55's, Prog Sprg, Subfms, UCA, LCA, FCA, Tokico 5's, Bridgestone RE-71R 245/40R17, Crane HI-6, Kirban FPR, MS2, DIYPNPF60, Spartan 2, C&L76mm blo-thru MAF, 47lb FRP-LU47
Blown88GT
Super MS/Extra'er
Posts: 929
Joined: Sun Dec 15, 2013 7:53 pm
Location: South Florida

Re: MLV Update 4.1.17 seen as Trojan

Post by Blown88GT »

Did a 2nd machine & it worked without issue.
Even ran a virus scan...nothing found.
Folder contents are different...no 64bit filename.

The folder has today's date, the files inside the folder have old dates.
Don't know what files have been updated.
1988 Mustang GT, 59k miles, Orig Owner
ProCharger 600B I/C, 12psi, FRP Hdrs, Flwmstr F2, 3G Alt, Contour Fan & DCC, 3.55's, Prog Sprg, Subfms, UCA, LCA, FCA, Tokico 5's, Bridgestone RE-71R 245/40R17, Crane HI-6, Kirban FPR, MS2, DIYPNPF60, Spartan 2, C&L76mm blo-thru MAF, 47lb FRP-LU47
LT401Vette
Super MS/Extra'er
Posts: 12697
Joined: Sat Jul 16, 2005 8:07 am
Location: Moorseville, NC
Contact:

Re: MLV Update 4.1.17 seen as Trojan

Post by LT401Vette »

Where is the MegaLogViewer(x64).exe 4.1.7 version?
That no longer exists... That is probably just there from years back. It is from before I had executable files digitally signed. Since I started bundling the JRE it has 1 32 bit exe that kicks off the JRE whether it is 32 or 64 bit.
Phil Tobin
EFI Analytics, helping to simplify EFI
Next Generation tuning software.
Supporting all MegaSquirt versions and firmwares.
http://www.TunerStudio.com
http://www.efiAnalytics.com/MegaLogViewer/
Support the firmware running your engine:
http://www.msextra.com/doc/donations.html
Blown88GT
Super MS/Extra'er
Posts: 929
Joined: Sun Dec 15, 2013 7:53 pm
Location: South Florida

Re: MLV Update 4.1.17 seen as Trojan

Post by Blown88GT »

Maybe should uninstall & reinstall 4.1.12 on the "virus" machine, then see what happens?

I did it & it now works as it should.
It must have been something in the old folder Defender didn't like.
Noticed that UAC settings had changed, I always have it set to "never notify". It was on 1 level above.
1988 Mustang GT, 59k miles, Orig Owner
ProCharger 600B I/C, 12psi, FRP Hdrs, Flwmstr F2, 3G Alt, Contour Fan & DCC, 3.55's, Prog Sprg, Subfms, UCA, LCA, FCA, Tokico 5's, Bridgestone RE-71R 245/40R17, Crane HI-6, Kirban FPR, MS2, DIYPNPF60, Spartan 2, C&L76mm blo-thru MAF, 47lb FRP-LU47
LT401Vette
Super MS/Extra'er
Posts: 12697
Joined: Sat Jul 16, 2005 8:07 am
Location: Moorseville, NC
Contact:

Re: MLV Update 4.1.17 seen as Trojan

Post by LT401Vette »

I tried on another computer installing .12, then updating. Seemed fine.
With an auto update from 12 it should be fine as the .exe isn't part of the update so that file isn't downloaded or updated.

Hmm, let's see if anyone else sees this.

There are other factors here too... I suppose virus definition version is probably more important.
Also the windows versions are quite confusing these days... Everything is Windows 10, but then you have the version number, then the build number.
I have 3 computers on 1703, but very different build numbers.
Phil Tobin
EFI Analytics, helping to simplify EFI
Next Generation tuning software.
Supporting all MegaSquirt versions and firmwares.
http://www.TunerStudio.com
http://www.efiAnalytics.com/MegaLogViewer/
Support the firmware running your engine:
http://www.msextra.com/doc/donations.html
whittlebeast
Super MS/Extra'er
Posts: 2221
Joined: Tue May 04, 2004 8:20 pm
Location: St Louis
Contact:

Re: MLV Update 4.1.17 seen as Trojan

Post by whittlebeast »

As a side note, I always try to get TS and MLV directly from the www.tunerstudio.com website. I have seen issues from versions from thumb drives over the years.
Blown88GT
Super MS/Extra'er
Posts: 929
Joined: Sun Dec 15, 2013 7:53 pm
Location: South Florida

Re: MLV Update 4.1.17 seen as Trojan

Post by Blown88GT »

LT401Vette wrote:...There are other factors here too... I suppose virus definition version is probably more important.
Also the windows versions are quite confusing these days... Everything is Windows 10, but then you have the version number, then the build number.
I have 3 computers on 1703, but very different build numbers.
All mine have the same Build. Could be different virus defs, although all builds said "up to date".
MLV versions downloaded directly from EFIAnalytics.

Just chalk it up to another Windows 10 anomaly.
1988 Mustang GT, 59k miles, Orig Owner
ProCharger 600B I/C, 12psi, FRP Hdrs, Flwmstr F2, 3G Alt, Contour Fan & DCC, 3.55's, Prog Sprg, Subfms, UCA, LCA, FCA, Tokico 5's, Bridgestone RE-71R 245/40R17, Crane HI-6, Kirban FPR, MS2, DIYPNPF60, Spartan 2, C&L76mm blo-thru MAF, 47lb FRP-LU47
LT401Vette
Super MS/Extra'er
Posts: 12697
Joined: Sat Jul 16, 2005 8:07 am
Location: Moorseville, NC
Contact:

Re: MLV Update 4.1.17 seen as Trojan

Post by LT401Vette »

I tracked down the culprit...

It turns out that there hasn't been an update in to the MegaLogViewer.exe file since 4.0.06 which was before it was digitally signed. So if you updated from something that had 4.0.5 or older, you would get the exe, otherwise you wouldn't.
That file is the one that seems to be coming up as a false positive by Widows Defender.

I added the digitally signed exe to the 4.1.17 auto update, so this shouldn't happen again.
Phil Tobin
EFI Analytics, helping to simplify EFI
Next Generation tuning software.
Supporting all MegaSquirt versions and firmwares.
http://www.TunerStudio.com
http://www.efiAnalytics.com/MegaLogViewer/
Support the firmware running your engine:
http://www.msextra.com/doc/donations.html
Post Reply