Jump to content

Apparent False Positive for ImgBurn v2.5.8.0 Installer


Recommended Posts

Hello,

ImgBurn has been installed, from this installer, on my machine for quite a while now, and Malwarebytes hasn't detected any malware that a truly compromised installer would presumably install in the meantime - just this installer that's been a static file ever since, and just now.

Log file and zipped installer attached below (let me know if you have any trouble with the zip file).

MBAM_Scan_Report_3_July_2018.txt

SETUPIMGBURN_2.5.8.0.zip

Link to post
Share on other sites
  • Staff

Hi,

This is detected by our machinelearning engine, where false positives are possible.

However, this one isn't a false positive as it's wrapped by InstallCore/Fusioncore. Also see here: https://virustotalcloud.appspot.com/nui/index.html#/file/d7dea2819edc77bc44db637cd324e61942b54930cb3034f8f1a417b7dd27b514/detection

So the detection will remain.

Link to post
Share on other sites

OK, thanks for the quick reply.

Since the program's website provides a number of mirrors, I grabbed them all and ran them through VirusTotal, to see if it was just one compromised mirror. Turns out that the installer I originally sent to you was the version from the website itself (!), but the files from the mirrors were only flagged by 2/67 engines on VirusTotal (and weren't flagged by my local Malwarebytes copy), so I don't know if those are false positives or if they just contain a new variant of InstallCore/Fusioncore. I'll attach one of the mirrored files, so you can run your own analysis on it if you want:

Setup_ImgBurn_Techspot_2.5.8.0.zip

Link to post
Share on other sites
  • 3 months later...

I just installed this software and although the installed tried to install some search software, it was easy to avoid by unchecking the installation agreement. I don't condone this elusive and deception programming, but it's not malware. Not the kind that should be automatically deleted and labeled as malware at least. Please consider the abuse of your power that may result in your product not being trusted if you insist there is a "virus".

Link to post
Share on other sites
  • 1 year later...
  • 6 months later...
On 11/12/2019 at 6:05 AM, miekiemoes said:

Hi,

You can create an exclusion for it: https://support.malwarebytes.com/docs/DOC-1130 

Just browsing this topic because MBAM has ground my work to a halt for the very same reason and I'm not at all pleased!

Having submitted a ticket and log files, I found these instructions you link to totally impossible to follow.

The wheels fall off at instruction No 2:- Click Settings, then click the Exclusions tab.

Instruction No1 was:- Open Malwarebytes for Windows., ...that actually was possible, but I am still unable to get on with my task because of this false positive.

Grrr!

Link to post
Share on other sites
40 minutes ago, Hexeta said:

Just browsing this topic because MBAM has ground my work to a halt for the very same reason and I'm not at all pleased!

So you are getting imgburn warnings?

Link to post
Share on other sites
  • Staff

@Hexeta

Given you posted in an older thread (where MB3 still applied), you might want to refer to this article to add exclusions, as you are most probably on MalwareBytes v4 now.

https://support.malwarebytes.com/hc/en-us/articles/360038479234

Nevertheless, please let me know if you are still getting a detection and if so, please zip and attach the exact file that is detected.

Link to post
Share on other sites
40 minutes ago, Porthos said:

So you are getting imgburn warnings?

No, I'm being prevented from downloading the software, first from the owner's mirror and a second attempt, after attempting to create an exclusion,  from Major Geeks Mirror.

Link to post
Share on other sites
24 minutes ago, miekiemoes said:

@Hexeta

Given you posted in an older thread (where MB3 still applied), you might want to refer to this article to add exclusions, as you are most probably on MalwareBytes v4 now.

https://support.malwarebytes.com/hc/en-us/articles/360038479234

Nevertheless, please let me know if you are still getting a detection and if so, please zip and attach the exact file that is detected.

I already did that after the first attempt was thwarted, it evidently made no difference since I was also prevented from downloading from Major Geeks at the second attempt.

Link to post
Share on other sites
34 minutes ago, miekiemoes said:

@Hexeta

if so, please zip and attach the exact file that is detected.

 

Have just returned to the machine I was attempting to download this software and tried once more to download and install, failed oncemore at the install stage.

Not sure how to achieve what you ask, since each time I attempt to install is the point when MBAM blocks it, and at the same time it disappears from the Downloads Folder.

Here's a shot of the MBAM Detection list.

Detection List.PNG

Link to post
Share on other sites
  • Staff

Most of the links at their site to download are ad-supported, redirects or bundled installers, hence why these are blocked by Malwarebytes. It's either being blocked by the Malwarebytes browser extension or Malwarebytes program itself

Always be careful where you click to download from these sites.

Eg, for majorgeeks, better to use this link to download:

483597024_2020-05-1923_29_25-DownloadImgBurn-MajorGeeksennog7anderepaginas-Persoonlijk-Microsoft.png.57bf2913e3931128803b9cd24c167c7f.png

On the Imgburn official site, use it from the imgburn mirror itself:

133138009_2020-05-1923_29_50-TheOfficialImgBurnWebsite.png.dd71253b96a2e5b25cb0d542497a4c04.png

Link to post
Share on other sites
  • Staff

Looks like you have an ad-supported/bundled version downloaded, which is why we detect (so this is not a false positive, but a valid detection)

If you would check this on Virustotal, you'll see this will also be detected there by most Antivirus

Link to post
Share on other sites

Point taken, but my first port of call was the owners site which you have shown.

That should be a clean download but was blocked.

My second try was Major Geeks, where I think I did used the Link you point to.

just tried ImgBurn's own D/L link and was oncemore blocked from attempting to install the exe file

Link to post
Share on other sites
9 minutes ago, miekiemoes said:

Looks like you have an ad-supported/bundled version downloaded, which is why we detect (so this is not a false positive, but a valid detection)

If you would check this on Virustotal, you'll see this will also be detected there by most Antivirus

 I can't do that because I can't access the file after attempting to run the ".exe", it is confiscated by MBAM! 

Link to post
Share on other sites
  • Staff

The one from the owners site is bundled as well.

The one that appeared to be "clean" (at least, not bundled in my case) was the one via majorgeeks, but please use the download-link I provided here instead of the "Download Now" button one, as that one is also bundled.

So this should give a "clean" version: 483597024_2020-05-1923_29_25-DownloadImgBurn-MajorGeeksennog7anderepaginas-Persoonlijk-Microsoft.png.57bf2913e3931128803b9cd24c167c7f.png

Link to post
Share on other sites
35 minutes ago, Hexeta said:

Interesting, but I really think I have a problem relinquishing control. 😄

Ninite can be used for one program from the list or several. Ninite is famous for getting just the program and not the bundled items on install.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.