MLV Update 4.1.17 seen as Trojan

Questions specific to Megalogviewer

Moderator: LT401Vette

MLV Update 4.1.17 seen as Trojan

Postby Blown88GT » Wed Jul 19, 2017 11:05 am

MLV detected update 4.1.17
Update downloaded & Windows Defender detected Trojan.
1st time ever & probably a false detection.
https://www.microsoft.com/en-us/wdsi/th ... terprise=0

Defender wanted a reboot, file has been quarantined.
MLV says it's updated to 4.1.17 & appears to be working.
OS: Windows 10-Pro 64-bit. Ver 1703 (OS Build 15063.483)
Attachments
MLV_Trojan.jpg
MLV_Trojan.jpg (58.62 KiB) Viewed 276 times
1988 Mustang GT, 57k miles, Orig. Owner
ProCharger 600B I/C, 12psi, FRPP Hdrs, Flwmstr F2, 3G Alt, Mk8 Fan & DCC ctl, 3.55's, Prog Sprng, Subfrms, UCA, LCA, FCA, Tokico 5-ways, CSA 16x8, Bridgestone RE760 225/50R16, Crane HI-6, Kirban FPR, DIYPNPF60, LC2, C&L76mm blo-thru MAF, 30lb FRPP
User avatar
Blown88GT
Master MS/Extra'er
 
Posts: 574
Joined: Sun Dec 15, 2013 7:53 pm
Location: South Florida

Re: MLV Update 4.1.17 seen as Trojan

Postby LT401Vette » Wed Jul 19, 2017 12:23 pm

Hmm, interesting...

There have been some false positives in the past with 3rd party virus detection.

This is Windows built in virus detection, correct?

I just tried a clean install of the MegaLogViewer MS 64 bit on another Windows 10 (1703 64 bit) using Windows built in virus protection and didn't have any issue.

In your screenshot it looks like it is the MegaLogViewer.exe file itself, which hasn't changed and the digital signature is in tact.

As yours is in quarantine, I guess you can't check the digital signature..

This was the 64 bit for you too?
Phil Tobin
EFI Analytics, helping to simplify EFI
Next Generation tuning software.
Supporting all MegaSquirt versions and firmwares.
http://www.TunerStudio.com
http://www.efiAnalytics.com/MegaLogViewer/
Support the firmware running your engine:
http://www.msextra.com/doc/donations.html
User avatar
LT401Vette
Super MS/Extra'er
 
Posts: 10302
Joined: Sat Jul 16, 2005 8:07 am
Location: Moorseville, NC

Re: MLV Update 4.1.17 seen as Trojan

Postby Blown88GT » Wed Jul 19, 2017 12:52 pm

LT401Vette wrote:Hmm, interesting...

There have been some false positives in the past with 3rd party virus detection.

This is Windows built in virus detection, correct? Yes

I just tried a clean install of the MegaLogViewer MS 64 bit on another Windows 10 (1703 64 bit) using Windows built in virus protection and didn't have any issue.

In your screenshot it looks like it is the MegaLogViewer.exe file itself, which hasn't changed and the digital signature is in tact.

As yours is in quarantine, I guess you can't check the digital signature..searching C-drive for megalogviewer.exe...nothing found.
File has been stored alpha-numeric filename in C:\ProgramData\Microsoft\Windows Defender\Quarantine\ResourceData\FC
557kB


This was the 64 bit for you too? Yes


It flagged the file during the download update. Happened so fast, didn't know what was happening.
Haven't tried to run MLV on the other machines, since all have the same OS.
This file exists: MegaLogViewer(x64).exe
It is the one that is running now, it has a date of 3/14/2013 & has no digital signature. Version is 4.1.17, shown after program execution.
Is megalogviewer.exe the 32-bit file it was downloading?
Where is the MegaLogViewer(x64).exe 4.1.7 version?

The folder contents are significantly different from a machine which has not been updated.
Attachments
2017-07-19_155817.jpg
Screen shot of MLV folder
2017-07-19_155817.jpg (141.29 KiB) Viewed 258 times
1988 Mustang GT, 57k miles, Orig. Owner
ProCharger 600B I/C, 12psi, FRPP Hdrs, Flwmstr F2, 3G Alt, Mk8 Fan & DCC ctl, 3.55's, Prog Sprng, Subfrms, UCA, LCA, FCA, Tokico 5-ways, CSA 16x8, Bridgestone RE760 225/50R16, Crane HI-6, Kirban FPR, DIYPNPF60, LC2, C&L76mm blo-thru MAF, 30lb FRPP
User avatar
Blown88GT
Master MS/Extra'er
 
Posts: 574
Joined: Sun Dec 15, 2013 7:53 pm
Location: South Florida

Re: MLV Update 4.1.17 seen as Trojan

Postby Blown88GT » Wed Jul 19, 2017 1:30 pm

Did a 2nd machine & it worked without issue.
Even ran a virus scan...nothing found.
Folder contents are different...no 64bit filename.

The folder has today's date, the files inside the folder have old dates.
Don't know what files have been updated.
1988 Mustang GT, 57k miles, Orig. Owner
ProCharger 600B I/C, 12psi, FRPP Hdrs, Flwmstr F2, 3G Alt, Mk8 Fan & DCC ctl, 3.55's, Prog Sprng, Subfrms, UCA, LCA, FCA, Tokico 5-ways, CSA 16x8, Bridgestone RE760 225/50R16, Crane HI-6, Kirban FPR, DIYPNPF60, LC2, C&L76mm blo-thru MAF, 30lb FRPP
User avatar
Blown88GT
Master MS/Extra'er
 
Posts: 574
Joined: Sun Dec 15, 2013 7:53 pm
Location: South Florida

Re: MLV Update 4.1.17 seen as Trojan

Postby LT401Vette » Wed Jul 19, 2017 1:43 pm

Where is the MegaLogViewer(x64).exe 4.1.7 version?


That no longer exists... That is probably just there from years back. It is from before I had executable files digitally signed. Since I started bundling the JRE it has 1 32 bit exe that kicks off the JRE whether it is 32 or 64 bit.
Phil Tobin
EFI Analytics, helping to simplify EFI
Next Generation tuning software.
Supporting all MegaSquirt versions and firmwares.
http://www.TunerStudio.com
http://www.efiAnalytics.com/MegaLogViewer/
Support the firmware running your engine:
http://www.msextra.com/doc/donations.html
User avatar
LT401Vette
Super MS/Extra'er
 
Posts: 10302
Joined: Sat Jul 16, 2005 8:07 am
Location: Moorseville, NC

Re: MLV Update 4.1.17 seen as Trojan

Postby Blown88GT » Wed Jul 19, 2017 1:53 pm

Maybe should uninstall & reinstall 4.1.12 on the "virus" machine, then see what happens?

I did it & it now works as it should.
It must have been something in the old folder Defender didn't like.
Noticed that UAC settings had changed, I always have it set to "never notify". It was on 1 level above.
1988 Mustang GT, 57k miles, Orig. Owner
ProCharger 600B I/C, 12psi, FRPP Hdrs, Flwmstr F2, 3G Alt, Mk8 Fan & DCC ctl, 3.55's, Prog Sprng, Subfrms, UCA, LCA, FCA, Tokico 5-ways, CSA 16x8, Bridgestone RE760 225/50R16, Crane HI-6, Kirban FPR, DIYPNPF60, LC2, C&L76mm blo-thru MAF, 30lb FRPP
User avatar
Blown88GT
Master MS/Extra'er
 
Posts: 574
Joined: Sun Dec 15, 2013 7:53 pm
Location: South Florida

Re: MLV Update 4.1.17 seen as Trojan

Postby LT401Vette » Wed Jul 19, 2017 2:44 pm

I tried on another computer installing .12, then updating. Seemed fine.
With an auto update from 12 it should be fine as the .exe isn't part of the update so that file isn't downloaded or updated.

Hmm, let's see if anyone else sees this.

There are other factors here too... I suppose virus definition version is probably more important.
Also the windows versions are quite confusing these days... Everything is Windows 10, but then you have the version number, then the build number.
I have 3 computers on 1703, but very different build numbers.
Phil Tobin
EFI Analytics, helping to simplify EFI
Next Generation tuning software.
Supporting all MegaSquirt versions and firmwares.
http://www.TunerStudio.com
http://www.efiAnalytics.com/MegaLogViewer/
Support the firmware running your engine:
http://www.msextra.com/doc/donations.html
User avatar
LT401Vette
Super MS/Extra'er
 
Posts: 10302
Joined: Sat Jul 16, 2005 8:07 am
Location: Moorseville, NC

Re: MLV Update 4.1.17 seen as Trojan

Postby whittlebeast » Wed Jul 19, 2017 4:24 pm

As a side note, I always try to get TS and MLV directly from the www.tunerstudio.com website. I have seen issues from versions from thumb drives over the years.
User avatar
whittlebeast
Super MS/Extra'er
 
Posts: 2111
Joined: Tue May 04, 2004 8:20 pm
Location: St Louis

Re: MLV Update 4.1.17 seen as Trojan

Postby Blown88GT » Thu Jul 20, 2017 6:15 am

LT401Vette wrote:...There are other factors here too... I suppose virus definition version is probably more important.
Also the windows versions are quite confusing these days... Everything is Windows 10, but then you have the version number, then the build number.
I have 3 computers on 1703, but very different build numbers.

All mine have the same Build. Could be different virus defs, although all builds said "up to date".
MLV versions downloaded directly from EFIAnalytics.

Just chalk it up to another Windows 10 anomaly.
1988 Mustang GT, 57k miles, Orig. Owner
ProCharger 600B I/C, 12psi, FRPP Hdrs, Flwmstr F2, 3G Alt, Mk8 Fan & DCC ctl, 3.55's, Prog Sprng, Subfrms, UCA, LCA, FCA, Tokico 5-ways, CSA 16x8, Bridgestone RE760 225/50R16, Crane HI-6, Kirban FPR, DIYPNPF60, LC2, C&L76mm blo-thru MAF, 30lb FRPP
User avatar
Blown88GT
Master MS/Extra'er
 
Posts: 574
Joined: Sun Dec 15, 2013 7:53 pm
Location: South Florida

Re: MLV Update 4.1.17 seen as Trojan

Postby LT401Vette » Tue Jul 25, 2017 10:58 am

I tracked down the culprit...

It turns out that there hasn't been an update in to the MegaLogViewer.exe file since 4.0.06 which was before it was digitally signed. So if you updated from something that had 4.0.5 or older, you would get the exe, otherwise you wouldn't.
That file is the one that seems to be coming up as a false positive by Widows Defender.

I added the digitally signed exe to the 4.1.17 auto update, so this shouldn't happen again.
Phil Tobin
EFI Analytics, helping to simplify EFI
Next Generation tuning software.
Supporting all MegaSquirt versions and firmwares.
http://www.TunerStudio.com
http://www.efiAnalytics.com/MegaLogViewer/
Support the firmware running your engine:
http://www.msextra.com/doc/donations.html
User avatar
LT401Vette
Super MS/Extra'er
 
Posts: 10302
Joined: Sat Jul 16, 2005 8:07 am
Location: Moorseville, NC


Return to Megalogviewer

Who is online

Users browsing this forum: No registered users and 2 guests