Hasleo Software Forums
Virus WHY? - Printable Version

+- Hasleo Software Forums (https://www.easyuefi.com/forums)
+-- Forum: Hasleo Software (formerly called EasyUEFI Development Team) (https://www.easyuefi.com/forums/forumdisplay.php?fid=1)
+--- Forum: WinToUSB (Best Windows To Go Creator) (https://www.easyuefi.com/forums/forumdisplay.php?fid=2)
+--- Thread: Virus WHY? (/showthread.php?tid=268)



Virus WHY? - Lien1454 - 04-27-2016

Hi,

I downloaded WinToUSB_Setup.exe from this web site from clicking the FREE link to try it.
I installed it and then went to make a Windows 8.1 Pro pen stick. I left it and come back to see the following message...

26.04.2016 16.17.15;Detected object (process memory) was deleted.;c:\program files\wintousb\bin\wintousb.exe;c:\program files\wintousb\bin\wintousb.exe;PDM:Trojan.Win32.Generic;Other malware;04/26/2016 16:17:15

Kaspersky then did a roll back of infected files and prompted a reboot.
Then it performed a full scan.

So has your setup file been exploited?

Thanks.


RE: Virus WHY? - amo001 - 04-27-2016

Due to the information 'Trojan.Win32.Generic' it was found by heuristic scan and could also be a false/positive.
Regards,
amo001


RE: Virus WHY? - admin - 04-27-2016

I'm pretty sure this is a false virus report, and we using nod32 and avast, there is no such problem.


RE: Virus WHY? - Lien1454 - 04-27-2016

(04-27-2016, 09:36 PM)admin Wrote: I'm pretty sure this is a false virus report, and we using nod32 and avast, there is no such problem.

Hi,

Are you sure that the installer has not been compromised on the server?
Is it possible to get an MD5 check done on it?


RE: Virus WHY? - admin - 04-27-2016

I think it is impossible. And the md5 of the latest version is D15C87B958605DB42BBF4E8C1A5EC68A.


RE: Virus WHY? - Lien1454 - 04-27-2016

Hi,

Would the file that was put on the server not MD5 hashed?
That way it can be checked to ensure no one changes the file.

I'm not saying this is what HAS happened. But possibilities are better off being eliminated.
But you hear of web sites been exploited all the time. So I was curious what the original MD5 was to
check this for myself.

Where did you get the MD5 hash from? Do you have that info from the original upload or did you get it off the site now?

Thanks


RE: Virus WHY? - admin - 04-28-2016

(04-27-2016, 11:30 PM)Lien1454 Wrote: Hi,

Would the file that was put on the server not MD5 hashed?
That way it can be checked to ensure no one changes the file.

I'm not saying this is what HAS happened. But possibilities are better off being eliminated.
But you hear of web sites been exploited all the time. So I was curious what the original MD5 was to
check this for myself.

Where did you get the MD5 hash from? Do you have that info from the original upload or did you get it off the site now?

Thanks

The MD5 ‘D15C87B958605DB42BBF4E8C1A5EC68A’ is for original setup file before uploading  to the site.