Jump to content
cgmc

Apparent False Positive for ImgBurn v2.5.8.0 Installer

Recommended Posts

Hello,

ImgBurn has been installed, from this installer, on my machine for quite a while now, and Malwarebytes hasn't detected any malware that a truly compromised installer would presumably install in the meantime - just this installer that's been a static file ever since, and just now.

Log file and zipped installer attached below (let me know if you have any trouble with the zip file).

MBAM_Scan_Report_3_July_2018.txt

SETUPIMGBURN_2.5.8.0.zip

Share this post


Link to post
Share on other sites

Hi,

This is detected by our machinelearning engine, where false positives are possible.

However, this one isn't a false positive as it's wrapped by InstallCore/Fusioncore. Also see here: https://virustotalcloud.appspot.com/nui/index.html#/file/d7dea2819edc77bc44db637cd324e61942b54930cb3034f8f1a417b7dd27b514/detection

So the detection will remain.

Share this post


Link to post
Share on other sites

OK, thanks for the quick reply.

Since the program's website provides a number of mirrors, I grabbed them all and ran them through VirusTotal, to see if it was just one compromised mirror. Turns out that the installer I originally sent to you was the version from the website itself (!), but the files from the mirrors were only flagged by 2/67 engines on VirusTotal (and weren't flagged by my local Malwarebytes copy), so I don't know if those are false positives or if they just contain a new variant of InstallCore/Fusioncore. I'll attach one of the mirrored files, so you can run your own analysis on it if you want:

Setup_ImgBurn_Techspot_2.5.8.0.zip

Share this post


Link to post
Share on other sites

Hi,

Looks like they are hosting different installers. Some with the InstallCore/Fusioncore installwrapper and without this installwrapper.

Share this post


Link to post
Share on other sites

I just installed this software and although the installed tried to install some search software, it was easy to avoid by unchecking the installation agreement. I don't condone this elusive and deception programming, but it's not malware. Not the kind that should be automatically deleted and labeled as malware at least. Please consider the abuse of your power that may result in your product not being trusted if you insist there is a "virus".

Share this post


Link to post
Share on other sites

Installing an optional search engine would classify it as a pup optional detection which means it up to you if you want to install it. Do you have a scan log showing the detection?

PUP means Potentially unwanted program.

 

Share this post


Link to post
Share on other sites
On 11/12/2019 at 6:05 AM, miekiemoes said:

Hi,

You can create an exclusion for it: https://support.malwarebytes.com/docs/DOC-1130 

Just browsing this topic because MBAM has ground my work to a halt for the very same reason and I'm not at all pleased!

Having submitted a ticket and log files, I found these instructions you link to totally impossible to follow.

The wheels fall off at instruction No 2:- Click Settings, then click the Exclusions tab.

Instruction No1 was:- Open Malwarebytes for Windows., ...that actually was possible, but I am still unable to get on with my task because of this false positive.

Grrr!

Share this post


Link to post
Share on other sites
40 minutes ago, Hexeta said:

Just browsing this topic because MBAM has ground my work to a halt for the very same reason and I'm not at all pleased!

So you are getting imgburn warnings?

Share this post


Link to post
Share on other sites

@Hexeta

Given you posted in an older thread (where MB3 still applied), you might want to refer to this article to add exclusions, as you are most probably on MalwareBytes v4 now.

https://support.malwarebytes.com/hc/en-us/articles/360038479234

Nevertheless, please let me know if you are still getting a detection and if so, please zip and attach the exact file that is detected.

Share this post


Link to post
Share on other sites
40 minutes ago, Porthos said:

So you are getting imgburn warnings?

No, I'm being prevented from downloading the software, first from the owner's mirror and a second attempt, after attempting to create an exclusion,  from Major Geeks Mirror.

Share this post


Link to post
Share on other sites
24 minutes ago, miekiemoes said:

@Hexeta

Given you posted in an older thread (where MB3 still applied), you might want to refer to this article to add exclusions, as you are most probably on MalwareBytes v4 now.

https://support.malwarebytes.com/hc/en-us/articles/360038479234

Nevertheless, please let me know if you are still getting a detection and if so, please zip and attach the exact file that is detected.

I already did that after the first attempt was thwarted, it evidently made no difference since I was also prevented from downloading from Major Geeks at the second attempt.

Share this post


Link to post
Share on other sites
34 minutes ago, miekiemoes said:

@Hexeta

if so, please zip and attach the exact file that is detected.

 

Have just returned to the machine I was attempting to download this software and tried once more to download and install, failed oncemore at the install stage.

Not sure how to achieve what you ask, since each time I attempt to install is the point when MBAM blocks it, and at the same time it disappears from the Downloads Folder.

Here's a shot of the MBAM Detection list.

Detection List.PNG

Share this post


Link to post
Share on other sites

Most of the links at their site to download are ad-supported, redirects or bundled installers, hence why these are blocked by Malwarebytes. It's either being blocked by the Malwarebytes browser extension or Malwarebytes program itself

Always be careful where you click to download from these sites.

Eg, for majorgeeks, better to use this link to download:

483597024_2020-05-1923_29_25-DownloadImgBurn-MajorGeeksennog7anderepaginas-Persoonlijk-Microsoft.png.57bf2913e3931128803b9cd24c167c7f.png

On the Imgburn official site, use it from the imgburn mirror itself:

133138009_2020-05-1923_29_50-TheOfficialImgBurnWebsite.png.dd71253b96a2e5b25cb0d542497a4c04.png

Share this post


Link to post
Share on other sites

Looks like you have an ad-supported/bundled version downloaded, which is why we detect (so this is not a false positive, but a valid detection)

If you would check this on Virustotal, you'll see this will also be detected there by most Antivirus

Share this post


Link to post
Share on other sites

Point taken, but my first port of call was the owners site which you have shown.

That should be a clean download but was blocked.

My second try was Major Geeks, where I think I did used the Link you point to.

just tried ImgBurn's own D/L link and was oncemore blocked from attempting to install the exe file

Share this post


Link to post
Share on other sites
9 minutes ago, miekiemoes said:

Looks like you have an ad-supported/bundled version downloaded, which is why we detect (so this is not a false positive, but a valid detection)

If you would check this on Virustotal, you'll see this will also be detected there by most Antivirus

 I can't do that because I can't access the file after attempting to run the ".exe", it is confiscated by MBAM! 

Share this post


Link to post
Share on other sites

The one from the owners site is bundled as well.

The one that appeared to be "clean" (at least, not bundled in my case) was the one via majorgeeks, but please use the download-link I provided here instead of the "Download Now" button one, as that one is also bundled.

So this should give a "clean" version: 483597024_2020-05-1923_29_25-DownloadImgBurn-MajorGeeksennog7anderepaginas-Persoonlijk-Microsoft.png.57bf2913e3931128803b9cd24c167c7f.png

Share this post


Link to post
Share on other sites

That worked, thanks.

Very surprised that the owner corrupts his own creation with that digital dog mess!

Share this post


Link to post
Share on other sites
1 hour ago, Porthos said:

I use Ninite to install that program.

Interesting, but I really think I have a problem relinquishing control. 😄

Share this post


Link to post
Share on other sites
35 minutes ago, Hexeta said:

Interesting, but I really think I have a problem relinquishing control. 😄

Ninite can be used for one program from the list or several. Ninite is famous for getting just the program and not the bundled items on install.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.