Jump to content

RBLXDev 2008 AddURI.exe detected as Trojan.Agent


khang06

Recommended Posts

  • Staff

Hello,

 

It looks like this app adds a custom URL protocol in the registry which points to a file called "systemupdate.exe" - do you have a copy of this file? (when I ran this, I was given a choice between 2008 & 2010. I chose 2010)

If you have this file - can you zip & attach it as well please?

 

Thanks!

Link to post
Share on other sites

Hi, I'm the developer of RBLXDev.

The thing is... the URI protocol adder shouldn't be present in 2008 (only 2010) because of UpdateSystem.exe. It's now automated.

 

However, I don't think that attaching it would be a good idea because it would be considered a "leak".

The update servers are currently IP whitelisted, but the entire version is currently in very private testing.

 

Sorry about that. :/

Also, I couldn't receive a validation email for the forums with Outlook.

Link to post
Share on other sites

  • Staff

Hi r4ymonf & welcome to the forums.

 

It would be irresponsible of me to remove a detection reported to be a false positive without knowing the details..otherwise I could be responsible for undoing some protection for potentially millions of customers.

Without knowing exactly what the "systemupdate.exe" does... it is difficult to put the whole picture together & come to a conclusion.

 

As you can see, several more AV vendors newly detect the file reported by the OP:

https://www.virustotal.com/en/file/e53fef7b3038a71a163c11861674d316efe1b491d4edd27286c4ea487db9f53e/analysis/1448750430/

 

Of course virustotal is not all we go by when determining something is malicious (or not) but it is one of the many factors we do look at.

Would you be willing to PM me the zipped file? This way a very limited number of staff will have access to the file and it will only be analysed internally.

 

Thank you for your patience & understanding.

Link to post
Share on other sites

Hi r4ymonf & welcome to the forums.

 

It would be irresponsible of me to remove a detection reported to be a false positive without knowing the details..otherwise I could be responsible for undoing some protection for potentially millions of customers.

Without knowing exactly what the "systemupdate.exe" does... it is difficult to put the whole picture together & come to a conclusion.

 

As you can see, several more AV vendors newly detect the file reported by the OP:

https://www.virustotal.com/en/file/e53fef7b3038a71a163c11861674d316efe1b491d4edd27286c4ea487db9f53e/analysis/1448750430/

 

Of course virustotal is not all we go by when determining something is malicious (or not) but it is one of the many factors we do look at.

Would you be willing to PM me the zipped file? This way a very limited number of staff will have access to the file and it will only be analysed internally.

 

Thank you for your patience & understanding.

Sure thing.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.