Jump to content

Recommended Posts

More false Positives for AzureLauncher and some other exe I haven't been able to look into. When I attempt access the files from the following locations

C:\$RECYCLE.BIN\S-1-5-21-88235768-2257082114-4292953757-1001\$R3UTK7S\TRAILS TO AZURE - AO NO KISEKI\AZURELAUNCH.EXE

C:\$RECYCLE.BIN\S-1-5-21-88235768-2257082114-4292953757-1001\$RDI3EAJ\TRAILS TO AZURE - AO NO KISEKI\AZURELAUNCH.EXE,

E:\$RECYCLE.BIN\S-1-5-21-3344146815-2427395915-716479036-1001\$R9I1BFM.EXE,

E:\$RECYCLE.BIN\S-1-5-21-88235768-2257082114-4292953757-1001\$R0OABGP\TRAILS TO AZURE

 

I get an 'access denied' message. This is in spite of taking ownership of the files. If anybody could advise me on how I could access these files in order to provide samples, I would appreciate it

False Positive.txt

Link to post
Share on other sites

  • Staff

Hi,

This is indeed a false positive by our additional machinelearning engine we have implemented. Seems like a lot of other AVs detect this one too, probably because it uses additional scripts (Powershell) in order to use this custom loader.
This will get fixed.

As for E:\$RECYCLE.BIN\S-1-5-21-3344146815-2427395915-716479036-1001\$R9I1BFM.EXE - this is the exact same file (same MD5 as the other ones).
 

Thanks for reporting!

Link to post
Share on other sites

4 minutes ago, miekiemoes said:

Hi,

This is indeed a false positive by our additional machinelearning engine we have implemented. Seems like a lot of other AVs detect this one too, probably because it uses additional scripts (Powershell) in order to use this custom loader.
This will get fixed.

As for E:\$RECYCLE.BIN\S-1-5-21-3344146815-2427395915-716479036-1001\$R9I1BFM.EXE - this is the exact same file (same MD5 as the other ones).
 

Thanks for reporting!

Good catch on the MD5; I should have thought of that.

Yeah it does use scripts. This launcher is a temporary solution made by a videogame community while a better solution is properly developed. After 2021 at the latest, this launcher will likely be considered obsolete and no longer utilized

Thanks for the fix. Cheers!

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.