Jump to content

Unsigned file


guy12
 Share

Recommended Posts

Yes that one gets plenty hits, as the file is unsigned maybe is worthwhile uploading to VirusTotal to be analysed...

Go to http://www.virustotal.com/
 
  • Click the Choose file button
  • Navigate to the file in question
  • Click the Scan it tab
  • If you get a message saying File has already been analyzed: click Reanalyze file now
  • Copy and paste the URL address back here please.

Thanks,

Kevin

Link to post
Share on other sites

Note.  Any file can be named anything.

What is the URL of the Virus Total Report requested in Post #4 ?

You can submit this as a malicious suspect in; Newest Malware Threats  referencing the following on how to provide sample submissions.

Malware Hunters group
Purpose of this forum

 

 

 

Link to post
Share on other sites

Hello again guy12,

Try this first.....

Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Be aware FRST must be run from an account with Administrator status...

Run FRST then continue with the following:

Type the following in the edit box after "Search:".

IAStorIconLaunch.exe

Click Search Files button and post the log (Search.txt) it makes to your reply.
 
Thanks,
 
Kevin...
Link to post
Share on other sites

  • Staff

Just FYI, I too have Intel Rapid Storage installed and have a file by the same name and mine isn't signed either.  Here's the VT scan of my copy (Windows 7 x64 SP1):

https://www.virustotal.com/#/file/36725d37b2aa2d3aeebedc2af48c42e0b7b42ada66357c88d6c892d44db453d4/detection

The version of IRST I have installed is 15.9.0.1015 from November 2017.  The installer is digitally signed, the executable mentioned by the OP is not.  There appears to be at least one version newer from Intel, but they don't offer it directly on their site and require you to either use their driver updater tool or to try Windows Update (they don't want people patching drivers with their generic ones and prefer users go to their OEM's/system manufacturers for customized drivers; unfortunately most OEM's are pretty bad about patching drivers, especially for legacy models/systems).

Link to post
Share on other sites

  • Staff

You're welcome :)

It is weird.  They signed all their other executables in that folder, but not that one for whatever reason.  My guess is that it was probably just an oversight.  It isn't the first time I've noticed an issue with Intel's digital signing practices lately; in one of their recent chipset INF utility updates, all of the dates on their digital signatures/driver INF files were wonky, showing dates from the pre-20th century (like the 1500's, 1600's and 1700's) which really threw Windows for a loop as to determining the most recent INF for each component.  It took me forever to get that issue sorted, but thankfully the chipset INF's aren't too important anyway since they're really only identifiers for the hardware, not actual drivers that determine functionality (they just update how the devices are identified in Device Manager by name/description etc.).

Link to post
Share on other sites

  • Staff

By the way, I just double checked to make absolutely certain by extracting the original digitally signed IRST installer from Intel (thanks to UniExtract; very handy tool, highly recommended ;)), and sure enough, that file is not digitally signed out of the box so my IRST installation has not been tampered with; Intel just didn't sign that file when they compiled the installer.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.