PuloversMacroCreator icon indicating copy to clipboard operation
PuloversMacroCreator copied to clipboard

Published 20 hours ago verified publisher icon Pulover

Windows Security Threat Quarantined

Open shai opened this issue 4 years ago • 7 comments

Hello,

Why would this software, after installed be found by Windows Security to have a Trojan:Win32/Zpevdo.B

Detected: Trojan:Win32/Zpevdo.B
Status: Quarantined
Date: 9/26/2020 11:35 AM
Details: This program is dangerous and executes commands from an attacker.
Affected items:
file: C:\Program Files\MacroCreator\MacroCreator.exe
file: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pulover's Macro Creator\Pulover's Macro Creator.lnk
startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pulover's Macro Creator\Pulover's Macro Creator.lnk

shai avatar Sep 26 '20 08:09 shai

Hello, I don't know if this applies to your case but AutohotKey has been know to throw up a false positive with some antivirus software companies. If you peruse AutohotKey forums the community even kept a list of vendor companies that are known to test as false-positives. Lastly as a tip if you ever question a software you can block its telemetry via firewall rules to aid in easing your mind of malice until further resolve.

ozzhates avatar Sep 26 '20 17:09 ozzhates

I have read that AutoHotKey forum, but the previous releases from 5.0.5 to 5.2.0 are not having that "security issue" in Windows 10 Security, so it seems to me a new issue (on both, setup and portable archive). Would it be possible that something like a scan through VirusTotal can be done as a last step in the CI/CD process? There the result would be shared between scanner manufacturers. afaik, by Terms&Conds I'm not allowed to let your archive being scanned since it is not owned by me. Cheers, Dany

Dany-R avatar Sep 26 '20 19:09 Dany-R

I let VirusTotal scan the exe nevertheless and here's the result: MacroCreatorEXE_VirusTotal

Dany-R avatar Sep 26 '20 22:09 Dany-R

https://www.macrocreator.com/2020/09/28/version-update-5-2-3/

Pulover avatar Sep 28 '20 20:09 Pulover

yeah, I installed the software then it disappeared completely ! It was not found in my anti-virus quarantine either !! Downloaded a couple of times afterwards and install again and the exactly same thing happened !!

Just to be on the safe side I will have no choice but reinstall the OS

ghost avatar Jan 06 '21 19:01 ghost

@techcom78 have you tried the portable version?

Pulover avatar Jan 06 '21 19:01 Pulover

The point is I have downloaded the file and just after the installation process it disappeared. I need to know exactly what has happened to the file other wise it will have to be a clean install.

Sent from ProtonMail mobile

-------- Original Message -------- On 6 Jan 2021, 19:56, Rodolfo U. Batista wrote:

@techcom78 have you tried the portable version?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub, or unsubscribe.

ghost avatar Jan 07 '21 12:01 ghost