piriformfriend Posted August 14, 2014 Share Posted August 14, 2014 I just downloaded Recuva from https://www.piriform.com/recuva/download/standard. I checked the file for viruses and malware in virustotal.com, and one of the scan turned out to be positive. In particular: VBA32 finds “Malware-Cryptor.Win32.General.4” in the downloaded Recuva. I don’t know what I should do. Could please someone help? Link to comment Share on other sites More sharing options...
Moderators Nergal Posted August 15, 2014 Moderators Share Posted August 15, 2014 1-4 hits is usually a false positive, in this case likely triggered by the google offer in the standard build. Is the hit, by any chance eset or clamwin ADVICE FOR USING CCleaner'S REGISTRY INTEGRITY SECTION DON'T JUST CLEAN EVERYTHING THAT'S CHECKED OFF. Do your Registry Cleaning in small bits (at the very least Check-mark by Check-mark) ALWAYS BACKUP THE ENTRY, YOU NEVER KNOW WHAT YOU'LL BREAK IF YOU DON'T. Support at https://support.ccleaner.com/s/?language=en_US Pro users file a PRIORITY SUPPORT via email support@ccleaner.com Link to comment Share on other sites More sharing options...
piriformfriend Posted August 15, 2014 Author Share Posted August 15, 2014 1-4 hits is usually a false positive, in this case likely triggered by the google offer in the standard build. Is the hit, by any chance eset or clamwin Nergal, I get 2 hits, the first from ESET is negligible – “Win32/Bundled.Toolbar.Google.D” – which is a false positive referring to the google toolbar bundled with Recuva (I get this also scanning Ccleaner). The second, which I reported, is more worrisome. Why should Recuva turn out positive for a known trojan such as “Malware-Cryptor.Win32.General.4”? Link to comment Share on other sites More sharing options...
Moderators Nergal Posted August 15, 2014 Moderators Share Posted August 15, 2014 What engine grabbed it. Have you scanned it locally? I'm still going to say, likely a FP ADVICE FOR USING CCleaner'S REGISTRY INTEGRITY SECTION DON'T JUST CLEAN EVERYTHING THAT'S CHECKED OFF. Do your Registry Cleaning in small bits (at the very least Check-mark by Check-mark) ALWAYS BACKUP THE ENTRY, YOU NEVER KNOW WHAT YOU'LL BREAK IF YOU DON'T. Support at https://support.ccleaner.com/s/?language=en_US Pro users file a PRIORITY SUPPORT via email support@ccleaner.com Link to comment Share on other sites More sharing options...
piriformfriend Posted August 15, 2014 Author Share Posted August 15, 2014 The engine that grabbed it is called VBA32. I must admit I have never heard of this engine before but is one of those listed in virustotal.com, as well as virscan.org. Recuva gives the same results in either scans. I scanned locally with Norton and Malwarebytes and I get no positives. Link to comment Share on other sites More sharing options...
Moderators Nergal Posted August 15, 2014 Moderators Share Posted August 15, 2014 Ok so here's an info page on what was detected. http://www.mcafee.com/threat-intelligence/malware/default.aspx?id=459817 I would say since the other engines listed didn't grab it it's a false positive and should be uploaded/reported-to VBA32 http://anti-virus.by/en/ (I couldn't find a report email but am mobile so might've missed it) ADVICE FOR USING CCleaner'S REGISTRY INTEGRITY SECTION DON'T JUST CLEAN EVERYTHING THAT'S CHECKED OFF. Do your Registry Cleaning in small bits (at the very least Check-mark by Check-mark) ALWAYS BACKUP THE ENTRY, YOU NEVER KNOW WHAT YOU'LL BREAK IF YOU DON'T. Support at https://support.ccleaner.com/s/?language=en_US Pro users file a PRIORITY SUPPORT via email support@ccleaner.com Link to comment Share on other sites More sharing options...
piriformfriend Posted August 15, 2014 Author Share Posted August 15, 2014 Thanks Nergal, so you think I should go ahead and use Recuva with no danger for my computer. Am i correct? Link to comment Share on other sites More sharing options...
Moderators Andavari Posted August 15, 2014 Moderators Share Posted August 15, 2014 The engine that grabbed it is called VBA32. I must admit I have never heard of this engine before but is one of those listed in virustotal.com, as well as virscan.org. Recuva gives the same results in either scans. Most installers that include something bundled with them (in this case Google software) will get flagged by 1 or more of the scanners. That and supposedly Piriform uses NSIS which itself will sometimes produce an FP. If you wish to avoid FP's, etc., use the Portable versions which are available in a ZIP archive. ______________ Onto Nergal's asking of ClamWin -- it triggers mostly on files compressed with UPX, it triggers so often I began to completely ignore its results. Funny thing is using ClamWin Portable (Windows) it doesn't give an FP against the same files it gives an FP on multiple scanning sites, but those scanning sites are using the Linux version. Link to comment Share on other sites More sharing options...
piriformfriend Posted August 15, 2014 Author Share Posted August 15, 2014 Thanks Andavari, I appreciate your help. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now