Page 1 of 1
MLV Update 4.1.17 seen as Trojan
Posted: Wed Jul 19, 2017 11:05 am
by Blown88GT
MLV detected update 4.1.17
Update downloaded & Windows Defender detected Trojan.
1st time ever & probably a false detection.
https://www.microsoft.com/en-us/wdsi/th ... terprise=0
Defender wanted a reboot, file has been quarantined.
MLV says it's updated to 4.1.17 & appears to be working.
OS: Windows 10-Pro 64-bit. Ver 1703 (OS Build 15063.483)
Re: MLV Update 4.1.17 seen as Trojan
Posted: Wed Jul 19, 2017 12:23 pm
by LT401Vette
Hmm, interesting...
There have been some false positives in the past with 3rd party virus detection.
This is Windows built in virus detection, correct?
I just tried a clean install of the MegaLogViewer MS 64 bit on another Windows 10 (1703 64 bit) using Windows built in virus protection and didn't have any issue.
In your screenshot it looks like it is the MegaLogViewer.exe file itself, which hasn't changed and the digital signature is in tact.
As yours is in quarantine, I guess you can't check the digital signature..
This was the 64 bit for you too?
Re: MLV Update 4.1.17 seen as Trojan
Posted: Wed Jul 19, 2017 12:52 pm
by Blown88GT
LT401Vette wrote:Hmm, interesting...
There have been some false positives in the past with 3rd party virus detection.
This is Windows built in virus detection, correct? Yes
I just tried a clean install of the MegaLogViewer MS 64 bit on another Windows 10 (1703 64 bit) using Windows built in virus protection and didn't have any issue.
In your screenshot it looks like it is the MegaLogViewer.exe file itself, which hasn't changed and the digital signature is in tact.
As yours is in quarantine, I guess you can't check the digital signature..searching C-drive for megalogviewer.exe...nothing found.
File has been stored alpha-numeric filename in C:\ProgramData\Microsoft\Windows Defender\Quarantine\ResourceData\FC
557kB
This was the 64 bit for you too? Yes
It flagged the file during the download update. Happened so fast, didn't know what was happening.
Haven't tried to run MLV on the other machines, since all have the same OS.
This file exists: MegaLogViewer(x64).exe
It is the one that is running now, it has a date of 3/14/2013 & has no digital signature. Version is 4.1.17, shown after program execution.
Is megalogviewer.exe the 32-bit file it was downloading?
Where is the MegaLogViewer(x64).exe 4.1.7 version?
The folder contents are significantly different from a machine which has not been updated.
Re: MLV Update 4.1.17 seen as Trojan
Posted: Wed Jul 19, 2017 1:30 pm
by Blown88GT
Did a 2nd machine & it worked without issue.
Even ran a virus scan...nothing found.
Folder contents are different...no 64bit filename.
The folder has today's date, the files inside the folder have old dates.
Don't know what files have been updated.
Re: MLV Update 4.1.17 seen as Trojan
Posted: Wed Jul 19, 2017 1:43 pm
by LT401Vette
Where is the MegaLogViewer(x64).exe 4.1.7 version?
That no longer exists... That is probably just there from years back. It is from before I had executable files digitally signed. Since I started bundling the JRE it has 1 32 bit exe that kicks off the JRE whether it is 32 or 64 bit.
Re: MLV Update 4.1.17 seen as Trojan
Posted: Wed Jul 19, 2017 1:53 pm
by Blown88GT
Maybe should uninstall & reinstall 4.1.12 on the "virus" machine, then see what happens?
I did it & it now works as it should.
It must have been something in the old folder Defender didn't like.
Noticed that UAC settings had changed, I always have it set to "never notify". It was on 1 level above.
Re: MLV Update 4.1.17 seen as Trojan
Posted: Wed Jul 19, 2017 2:44 pm
by LT401Vette
I tried on another computer installing .12, then updating. Seemed fine.
With an auto update from 12 it should be fine as the .exe isn't part of the update so that file isn't downloaded or updated.
Hmm, let's see if anyone else sees this.
There are other factors here too... I suppose virus definition version is probably more important.
Also the windows versions are quite confusing these days... Everything is Windows 10, but then you have the version number, then the build number.
I have 3 computers on 1703, but very different build numbers.
Re: MLV Update 4.1.17 seen as Trojan
Posted: Wed Jul 19, 2017 4:24 pm
by whittlebeast
As a side note, I always try to get TS and MLV directly from the
www.tunerstudio.com website. I have seen issues from versions from thumb drives over the years.
Re: MLV Update 4.1.17 seen as Trojan
Posted: Thu Jul 20, 2017 6:15 am
by Blown88GT
LT401Vette wrote:...There are other factors here too... I suppose virus definition version is probably more important.
Also the windows versions are quite confusing these days... Everything is Windows 10, but then you have the version number, then the build number.
I have 3 computers on 1703, but very different build numbers.
All mine have the same Build. Could be different virus defs, although all builds said "up to date".
MLV versions downloaded directly from EFIAnalytics.
Just chalk it up to another Windows 10 anomaly.
Re: MLV Update 4.1.17 seen as Trojan
Posted: Tue Jul 25, 2017 10:58 am
by LT401Vette
I tracked down the culprit...
It turns out that there hasn't been an update in to the MegaLogViewer.exe file since 4.0.06 which was before it was digitally signed. So if you updated from something that had 4.0.5 or older, you would get the exe, otherwise you wouldn't.
That file is the one that seems to be coming up as a false positive by Widows Defender.
I added the digitally signed exe to the 4.1.17 auto update, so this shouldn't happen again.