Author Topic: Found Trojan Gen.Variant.Kazy.563984 in Advanced System Tweaker (RESOLVED)  (Read 11364 times)

0 Members and 1 Guest are viewing this topic.

Offline dfreyer

  • Newbie
  • *
  • Join Date: Mar 2015
  • Posts: 4
  • Karma: 0
    • View Profile
This issue has been investigated, with professional action, by Shane, taken to determine its root cause. However, any user relying on Bitdefender may see this issue, and therefore should be aware that it is a false positive as Shane explained below.


Shane,

I have used your utilities for quite some time to keep my system in top shape.  So I am not angry over having to put up with the hassle of removing the Gen.Variant.Kazy.563984 Trojan from my system.  However, this Trojan has a reputation of not being easily discovered by most anti-virus and anti-malware applications, while doing quite a bit of damage to its host system. Recommend you verify, by your own means, the infestation within your own system; remove Advanced System Tweaker from your file server, preventing further downloads; and put a large banner notification on tweaking.com's Home page telling of the infestation, with a link to instructions for its removal from a Windows bases system, so your users can uninstall Advanced System Tweaker and remove Gen.Variant.Kazy.563984 from their systems.   

The Trojan is embedded in the Advanced System Tweaker's close_process.exe file, and hope you can effectively clean close_process.exe then release a new version of the Advanced System Tweaker soon thereafter.

Wishing you continued success, I remain

A Loyal User,

David
« Last Edit: March 03, 2015, 05:45:01 am by dfreyer »

Offline Shane

  • Administrator
  • Hero Member
  • *****
  • Join Date: Sep 2011
  • Posts: 9281
  • Location: USA
  • Karma: 137
  • "Knowledge should be shared not hidden."
    • View Profile
Re: Found Trojan Gen.Variant.Kazy.563984 in Advanced System Tweaker
« Reply #1 on: March 02, 2015, 10:06:18 am »
Its not a virus and my site hasn't been hacked. It is a false positive :wink:

As you can see here
https://www.virustotal.com/en/file/09992d0152ff7111c86883e13a0c432696cdb959fc864b72b8c694c89e8a1b71/analysis/1425319190/

The 7 that are reporting it ALL use bitdefenders virus defs, and so once bitdefender flags something those other 6 do as well. I have just sent the file to bitdefender so they can remove the false positive from their virus defs :wink:

Most of the time a file is flagged with a "GEN" it is a false positive. GEN stands for generic, and is one of the biggest problems with antiviruses is the amount of false positives they give.

Shane

Offline dfreyer

  • Newbie
  • *
  • Join Date: Mar 2015
  • Posts: 4
  • Karma: 0
    • View Profile
Re: Found Trojan Gen.Variant.Kazy.563984 in Advanced System Tweaker
« Reply #2 on: March 03, 2015, 05:38:47 am »
 :smiley: Thank you for acting so quickly to determine the cause of the subject issue. Your action of, sending the file to Bitdefender so they can remove the false positive from their Virus  Definitions, was the right thing to do, and hope Bitdefender acts quickly to correct their error.

Your action also tells of your high level of professionalism, which is not really surprising given the exceptional quality of each tool on Tweaking.com and PCWinTech.

I take all reported threats seriously, and prefer to report them as quickly as possible, rather than "letting them slide," and hope you did not suffer too much of an inconvenience in finding the actual reason for the false positive.

I consider this issue RESOLVED, but ask if you would keep me in the loop with Bitdefender's reply? 

Offline Shane

  • Administrator
  • Hero Member
  • *****
  • Join Date: Sep 2011
  • Posts: 9281
  • Location: USA
  • Karma: 137
  • "Knowledge should be shared not hidden."
    • View Profile
It normally takes them about 72 hours to fix it. I get an automated email that they got the file and I will get an automated email from them once they fix it.

I program in old school VB6 and for some reason bit defender always flags small vb6 exe files. Every time I even make a change to it they will start flagging it again and I have to send it to them again. So I try not to have to update the smaller exe files. But the bigger exe files I make, such as the main programs themselves never get flagged by them, go figure lol

One time as a test I opened up a new project in vb6, just 1 form and not a single line of code. I then complied it and uploaded it to virus total and 30 of them flagged it. This was a empty exe with not a single line of code. But yet it was flagged as a "GEN" generic virus by all kinds of them.

This has been a problem for years, in fact here is an article from 2010 from this happening to an actual anti virus company as well lol

http://www.pandasecurity.com/mediacenter/malware/automated-false-positives/

Shane

Offline Sandro

  • Newbie
  • *
  • Join Date: Nov 2014
  • Posts: 14
  • Karma: 0
    • View Profile
I do believe nothing is resolved here coz Shane still have not showed an official answer from Bitdeffender! I am suspicious that there no any and there is really a threat in Windows Repair Tool! I found a few deeply hidden Trojan roots in my wife´s P, which I was technically taking care of. I had a topic here in the forum with a name: "Still can not repair windows update error 80245001" and I was trying to solve the issue with a help of technicians of Tweakings, but I was going only more "deep in the woods" with them!!! No solutions of this error you can find in Google either! Please note that my topic was without any notice in advance closed up and when I was 2 times asking Shane to re-open it, it was still not re-opened despite Shaneś promises! Whatevere, I found out that this windows update error was directly involved with a deeply hidden Trojan malware! You can not imagine, but all the system became corrupted step-by-step... DVD and USB drives, Error reporting services and so on... So I definitely was not able to use any of user Boggin´s advises as my DVD was just switched off by malware! It makes the hole thing more weird is that I had one of the best "claimed" antiviruses in the world ESET Smart Security 8 - all updated! I understood when my hole system became sorrupted that ESET is holding nothing! I disabled ESET for the best chinese product in the world Qihoo and it cleaned up my laptop, it also automatically downloaded and installed the Windows vulnerabilities my PC was missing! Anyway, this is how I got to the next step... Killing the problems step by step when malware problem was eliminated. I would like to pint out that Qihoo is a really the best chinese AV, where other lets say "western" antivirus software is just "flushed out of the waters" - this is really my deapest opinion in solution of my problem... Only through good job of Qihoo I could start effectively killing the problems in my PC... So the final - I could not repair DVD drive ad I had to search for other solutions how to repair my Windows w/o using USB or DVD drives and I found that PowerISO virtual disc can do the job and it did by mounting the Windows ISO file to the virtual disc! Further, it opened up Windows Update service, but I still had a problem with installing most of the updates! As I remember it was showing me an error such as 80030001 (I can be wrong with some numbers), but I solved this by deleting all files in C: Windows Software Distribution Data Store and Download folders... So you just have to go and delete all files in DAta Store and Download folders! After this all Windows Updates started to work! So, finally, an error  80245001 was involved in deeply hidden virus, which "western type" of antivirus software was providing its backdoors and othervise, sophisticated viruses are using the backdoors what are "western type" antiviruses providing for government´s targets to spy on each of everyone of us! I can not find any other explanation for my problem! Alternative Qihoo antivirus, which did not provide any backdoors to anyone was staying strong for my PC safety! This is real from my experience! I do beleive that Shane´s stuff might really be infected and this is the reason of what has happened to me and why Shane was not really providing me any chance to speak within a topi of my forum! Sorry for the straight text, but I had this problem since October last year after I have decided to try out Windows All in one repair!

Offline Sandro

  • Newbie
  • *
  • Join Date: Nov 2014
  • Posts: 14
  • Karma: 0
    • View Profile
I would like to point out that this topic is not RESOLVED anything until Shane provided an official answer from Bitdefender!!!

Offline Shane

  • Administrator
  • Hero Member
  • *****
  • Join Date: Sep 2011
  • Posts: 9281
  • Location: USA
  • Karma: 137
  • "Knowledge should be shared not hidden."
    • View Profile
Bud, you have got to use some line breaks in your post, trying to read all that with all the lines together was really hard, I kept going to the wrong line when trying to read it lol

Bitdefender only sends me an email saying they will remove the false positive within 72 hours, after that I don't hear from them. Just upload the file to virustotal.com to have it rescanned and you can see that they removed the false positive :wink:

None and I repeat, none of my programs have a virus. :artist:

Shane