Jump to content

Toolkit - Virus? (AV false positive for sure)


Go to solution Solved by shockdude,

Recommended Posts

I have been using the toolkit for a long time with no problems, but just recently my computer deleted the GUI, saying that it was a virus. I tried to re-download the toolkit, but whenever I extracted the contents, my computer again automatically deleted the GUI. I have not changed my virus/malware protection provider in years, so does anyone know what is going on?

 

*Edit: I still have the GUI .pdb file, just not the .exe

         *Classified as malware*

Link to post
Share on other sites

Just look at those results: https://www.virustotal.com/ru/file/fab66c916b205794bbebed05e7440d48d940b49db6129ed33d25c01d1741ab5e/analysis/1415449471/

 

I just uploaded my working copy of RSTK. Reason why it's classified as trojan is that toolkit checks for updates using System.Net tools. (it's just trying to connect to internet, that's enough for AV)

it's opensource and in NET. Goddammit you can check yourself if you don't trust it xD

Link to post
Share on other sites

Just look at those results: https://www.virustotal.com/ru/file/fab66c916b205794bbebed05e7440d48d940b49db6129ed33d25c01d1741ab5e/analysis/1415449471/

 

I just uploaded my working copy of RSTK. Reason why it's classified as trojan is that toolkit checks for updates using System.Net tools. (it's just trying to connect to internet, that's enough for AV)

 

it's opensource and in NET. Goddammit you can check yourself if you don't trust it xD

It's not that I don't trust it, as I said, I have used it for a long time now. I'll just try to screw around on my AV protection and see if I can get it through somehow.

Link to post
Share on other sites

Ok then, so the .zip is shown as a file, not a folder. I have to select a certain file to be allowed, but as soon as I extract the contents, it automatically deletes the file. When I turn off the automatic part and extract the files, the GUI appears as a .0xe file, not .exe

Link to post
Share on other sites

Hey guys,

Just so you know, when I'm trying to update the Toolkit to the newest build (2.6.1.0-621ca588) I get the below error message (and my AV software is going crazy) :

 

http://i.imgur.com/h2Vn8u1.png


(Click me)
 

** See my releases and WIP here **

Pink Floyd DLC list

Queen DLC list

The Beatles DLC list

Link to post
Share on other sites

Hey guys,

Just so you know, when I'm trying to update the Toolkit to the newest build (2.6.1.0-621ca588) I get the below error message (and my AV software is going crazy) :

 

http://i.imgur.com/h2Vn8u1.png

This is essentially the same problem I had. The only thing I can think of to tell you is to look at your AV setting and find some way for the file to bypass the autoscan.

Link to post
Share on other sites

  • 4 weeks later...
  • 3 months later...

Just did a reinstall and switched to free Avira instead of free Avast.  I downloaded the Toolkit installers fresh, and Avast popped back with "RocksmithToolkitUpdater.exe" reported as having "TR/Dropper.Gen2" virus.  "TR" means that they classify it as a trojan.

 

Just to be clear, I believe that this is a false positive, but it did give me a bit of pause when it came back with a specific "virus" name instead of thinking that it was "Unclassified Malware" or something.  Free Avast used to come back with some low-frequency stuff as "Unclassified Malware", and I knew to interpret that as "we haven't seen this before, so as CYA insurance we'll say that it is bad".  Avira reporting it as a supposedly "known" trojan seems ... weird.  May have to switch back to Avast.

 

--EDIT--

A little bit of reading up on that specific code/name:

TR means they classify it as "acting like a trojan"

Dropper means that it "drops potentially dangerous/unwanted files"

Gen2 means "generic", at least the "gen" part -- dunno about the 2

 

I uploaded the file (the updater) to virustotal and got a more thorough report.  It says 10/57 scanners report it as a "virus".  Almost all of those have "generic" in the description so they pretty clearly just don't know what it is.  I guess that I'm going to start being very tempted to assume that anything with a "gen" or "generic" virus report in it is likely to be a false positive, just like Avast's (in my opinion better named) "unclassified" group.

-----------------------------

Milkman Dan

My YouTube channel  (bass playthrough videos)

My Customs Download Folder  (my customs)

Link to post
Share on other sites

Yisss, we act like trojan thingy, we run ourselves, we DL files from Network we launch it! we shouldn't do this, but, that's all big ass about CA certificates and so on.. if we really want to update things w\o problems, or I don't know.

Link to post
Share on other sites

got the same virus today after updating the toolkit.

after putting it into quarantine i run another scan with Avira Free and Malwarbytes and no more virus was found.

i also send it to avira to check the file.

i will let you guys no what it is, but im pretty sure ist a false positive

 

 

 

EDIT: Just got an email from avira and ist all good. no bad coding was found

Link to post
Share on other sites

This thread is quite old. Please consider starting a new thread rather than reviving this one.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

By using this site, you agree to our Guidelines. We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue. - Privacy Policy