Solved

False Positive - Rufus!!

  • 20 January 2014
  • 12 replies
  • 182 views

Userlevel 4
This is a very well known USB image creator that you can use to create a bootable Windows 7or 8 or any other OS bootable USB
 
Can't believe how in th world it is detected as malware
 
please whitelist it it was just detected as a virus by WSA Antivirus:
 
http://www.majorgeeks.com/files/details/rufus.html
icon

Best answer by Shran 20 January 2014, 21:22

View original

12 replies

Userlevel 7
Hi Max (is it okay to call you Max?)

The file you listed is being detected as a PUA - potentially unwanted application. This means that it might install toolbars, or other annoyances such as adds, popups, or redirects. It's isn't being detected as inherently malicious, simply as potentially unwanted. If you downloaded and know that you want to use it, you can tell WSA to ignore it.

Hope this helps,
Shran 😃
Userlevel 4
thanks for the super speedy reply
 
it has no toolbar bro, its a portable exe thatdoes what it says
 
how can I ignore it? WSA deleted it on the spot?
 
please whitelist it it's a very well known utility
 
PS: sure you can call me Max, everyone calls me that 🙂
Userlevel 7
Badge +56
That's normal with some updated programs that most users don't use as I see it was updated today so if you can Save a Scan log and post the relevant lines with the MD5 to the programs files and support will get them corrected. Or you can Submit a Support Ticket and they can get all your unknown files whitelisted.
 
TH
Userlevel 4
can you guide me how to save the scan log bro?
 
and what utility is best for getting the Md5 hashtag?
Userlevel 7
I haven't personally used the file or program myself, so I can't say from firsthand experience if it does perform PUMs (potentially unwanted modifications), I just downloaded the file myself and ran a scan on it. If you want to exclude it, you can open your Webroot interface by either clicking on the tray icon or the desktop icon (if you told the installer to create a desktop icon). Then, you can click on the gear at the end of the "PC Security" tab. Then, click on the "Block/Allow files" tab, and click on "Allow" for the rufus_v1.4.2.exe file. You can then redownload the file and Webroot should allow it.

Please post back and let us know if this works :D
 
EDIT: I see that our friendly DNA already posted another response. To save the scan log, right click on the Webroot tray icon, then click on "Save a scan log". It will then ask you where you want to save it. Regarding getting the MD5, Webroot does this itself, and should list it in the scan log. If you want to get the MD5 yourself however, without looking through the scan log, you can upload the file to Virustotal.com, and it will calculate the MD5, SHA256, and SHA1 hashes for the file. Just click on the "Additional information" tab after it finishes.

Shran
Userlevel 7
Badge +56
@MaXimus wrote:
can you guide me how to save the scan log bro?
Right Click on the Webroot Tray Icon and click Save a Scan log and post the lines that show the FP of that Program or you can do what I suggested above in my edited post.
 
Thanks,
 
TH
Userlevel 4
WSA Scan Log download link:
 
http://www.datafilehost.com/d/02de4288
 
File Info:

 
MD5 02c0bbd1b72d69bbe8ae746df9c7776eSHA1 9aa10e7bce1f30c4c6e35e000fe6e70a20a64702SHA256 cb24294eddf4cf968c7ede107f0b9e9674caab9cefe4106a0e39357db728dac0ssdeep12288:QIAu/4/6UpsTeTzkEJxOdWWzgEuQ9vkt5oSW:QIANCCsTeTwEJxbeviiFile size 566.9 KB ( 580528 bytes )File type Win32 EXEMagic literalPE32 executable for MS Windows (GUI) Intel 80386 32-bitTrID UPX compressed Win32 Executable (42.3%)
Win32 EXE Yoda's Crypter (36.7%)
Win32 Dynamic Link Library (generic) (9.1%)
Win32 Executable (generic) (6.2%)
Generic Win/DOS Executable (2.7%)
 
Please forward to support for whitelisting
Userlevel 7
Badge +35
This was a False Positive and has been corrected.
 
-Dan
Userlevel 4
Wow! I am simply shocked in awe at the speed and helpfulness of these forums!
 
you never ever find this kind of support anywhere! I am a very happy new customer
 
and today I convinced my friend to switch from BullGuard Internet Security and he bought a 3 year WSA Complete license! 🙂
Userlevel 7
@ wrote:
That's normal with some updated programs that most users don't use as I see it was updated today so if you can Save a Scan log and post the relevant lines with the MD5 to the programs files and support will get them corrected. Or you can Submit a Support Ticket and they can get all your unknown files whitelisted.
 
TH
Hi Max,
 
Our friendly DNA posted the link where you can send the log to support and request that it be changed :D
 
Edit: It seems we are all posting at the same time! Looks like it's already been fixed!
 
Shran
Userlevel 4
Yes I just checked and it is indeed not detected anymore! love how I didn't have to update any definitions and everything happend instantly on the fly!
Userlevel 7
That's one of the great things about Webroot that we all love 😃

Reply