Jump to content
bv64

Quicksnooker qslaunch2.exe

Recommended Posts

This file is the updater for Quicksnooker from http://quicksnooker.com/

After starting it loads other files from the cloud to update the program!

Malwarebytes blocked this as MachineLearning/Anomalous 100%

please check it and put it on the white list!

qsLaunch2.zip

Share this post


Link to post
Share on other sites

Hi,

I can't reproduce detection.

Is this detection still happening on your end? (eg, rightclick the file and select to scan with Malwarebytes).

If the detection is still happening, 

Quit malwarebytes from the systemtray.

Then navigate to the following folder:

C:\ProgramData\Malwarebytes\MBAMService

In there, locate the file HubbleCache and delete it.

Restart Malwarebytes again. A new Hubblecache will then be created again, so it will properly pick it up and remember to not detect this anymore.

Share this post


Link to post
Share on other sites

Hi

I'm Nick, the author of the above program and the owner of QuickSnooker.com

One of my customers had kindly reported this .. I have also installed Malwarebytes to check the issue and can confirm that whilst I don't get a detection from the real-time protection .. the file did appear (many times as I have many versions) as anomalous in a system scan.

image.thumb.png.3285ede1d4c72ae467e1fd1021f956d9.png

The original (and permanent) download location is http://cloud.quicksnooker.com/qsLaunch2.exe

I can provide source code for the executable - if you like - or it is posted on VirusTotal

Whilst I'm here - can I congratulate you on your turnaround time and customer service - which is spectacularly better than some of your competitors. It's also great to see a product hat just seems to get better over time and doesn't appear to fall victim to it's own success.

And the forum works great, and the app is polished and logical - and seems to do what it's told - having worked with some of the others the last few days which are buggy, illogical and disobedient - it's a refreshing change.

Nick Axworthy

QuickSnooker.com

 

 

Share this post


Link to post
Share on other sites

Hi Nick,

Mind to zip and attach another qslaunch.exe file, one that is different than above that was attached?

This so we can add it to our machinelearning engine in order to have it train better on these for whitelisting.

Also, please read here about our machinelearning detections which helps to protect even better against 0day threats. Unfortunately, as this is a heuristic engine, it's possible False Positives happen. Also see here for more explanation:


 

Share this post


Link to post
Share on other sites

Hi Mieke

I have attached the last three versions of the launcher - for obvious reasons I try very hard not to change it (in fact v3 is not in the wild yet for that reason)

Would it be useful for you to have copies of the payload (QuickSnooker.exe - zipped) source code, and/or the scripts it runs ?

It shells windows scripting host - which I always knew would ring alarm bells - but I deliberately made no attempts to obfuscate any of the programs actions.

Code signing is expensive for me as an indie developer - I'm not even sure it can be done with my 'legacy' (vb6) tools  - bold new versions in GoLang and TypeScript are on the way - but probably a year off, end they won't be client-side installable anyway.

Does the (anti malware) industry have any sort of single portal where I can submit genuine programs for analysis/approval/validation - I've put it on virusTotal but the results are unconvincing.. I've had zero new customer sales for over a week now and this is killing me ..  

 

Many thanks

Nick

 

qsLaunch3.zip

 

Share this post


Link to post
Share on other sites

Hi Nick,

Thanks for these additional files. This helps to train the engine faster (if we have multiple of the same).

As for the anti-malware industry having a single portal for submitting genuine programs - Unfortunately, that doesn't exist. But Virustotal is still a good place to start, as this is also used to search for and download non malicious programs in order for the engines to train on.

In either way, for your program, this should be OK now. A next database update will help to finetune the whitelisting better for your program, so this one and future versions shouldn't be detected anymore.

Thanks for reporting, as this always helps to finetune engines!

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.