New version of Uninstalr 2.6 falsely claimed to be a trojan by Kaspersky

Topic

[satrow]

https://uninstalr.com/download/

https://uninstalr.com/changelog/

Event: Object deleted
User: DESKTOP-6OS0VQ1\USER
User type: Initiator
Application name: explorer.exe
Application path: C:\Windows
Component: File Anti-Virus
Result description: Deleted
Type: Trojan
Name: Trojan-PSW.Win32.Stealer.cmon
Precision: Exactly
Threat level: High
Object type: File
Object name: Uninstalr_Portable.exe
Object path: C:\Users\USER\Desktop
MD5 of an object: 739140C90D2558F72A1712266CB99D14

* Couldn’t upload to virustotal as the file has been deleted immediately

• This topic was modified 2 months, 1 week ago by satrow. Reason: Correcting title to claimed from found
• This topic was modified 2 months, 1 week ago by PKCano.
• This topic was modified 2 months, 1 week ago by PKCano.

Replies

Alex5723 wrote:

* Couldn’t upload to virustotal as the file has been deleted immediately

Only 2/71:

https://www.virustotal.com/gui/file/b97cde762c1b82a1c8ce251d4799ca1a11f084a7fab6c4a90e8bf4e26bc58e69

https://www.virustotal.com/gui/file/d9b167ee62b59293553edc21cb211c680736420ed4d8693d6da7d84261806ec0

2 users thanked author for this post.

Alex5723, satrow

Thanks.
As Kaspersky is my default a/v and I don’t intent to switch, I will skip.

So why do you bother checking with Virustotal?

The file flagged is the portable version Uninstalr_Portable.exe

satrow wrote:

So why do you bother checking with Virustotal?

Just to check if any other a/v flag the app.

You might want to check again so we can delete this topic.

@Alex5723 –

As of four hours ago when I first checked the links in @B’s post, the results were as he indicates, 2 out of 71, with one of the hits being from Kaspersky. This statement is true for both links @b provided, so both files.

As of just a few minutes ago, the scanner has been rerun on the file, and it now indicates that only 1 of 71 is positive (from AliCloud), and the positive result for both files from Kaspersky has been changed from a positive result to “undetected” for both files.

In other words, Alex, it looks like Kaspersky decided that it was a false positive that you experienced. To be sure, manually update the definition file(s) of your Kaspersky installation and try re-downloading the portable version of Uninstalr and see what Kaspersky says about it.

1 user thanked author for this post.

satrow

Alex5723 wrote:

* Couldn’t upload to virustotal as the file has been deleted immediately

Alex, for future reference the MD5 is sufficient to check with. Also perhaps you should report to/check with Kaspersky before making such claims here.

It might be time to modify the title to include “False Positive” now.

Done.

 

1 user thanked author for this post.

satrow

satrow wrote:

before making such claims here.

I didn’t claim. Kaspersky did.

Downloaded again. This time the file passed Kaspersky a/v checks.

Thanks.

Alex5723 wrote:

satrow wrote:

before making such claims here.

I didn’t claim. Kaspersky did.

You deliberately ignored the results from 69 other VT tests to create your original Title. Kaspersky didn/t.

Resolved