Jump to content

false positive? gvim.exe Malware.AI.3043391

holmegm

By holmegm
in File Detections

 Share

Recommended Posts

holmegm

holmegm

Posted
Posted

Tried to use GVIM on Windows today and it got quarantined as malware. No recent updates to the gvim program that I am aware of.

Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 2/12/21
Protection Event Time: 8:43 AM
Log File: 4cc65c44-6d38-11eb-a8c3-8cec4bd24b02.json

-Software Information-
Version: 4.3.0.98
Components Version: 1.0.1157
Update Package Version: 1.0.37015
License: Premium

-System Information-
OS: Windows 10 (Build 19041.746)
CPU: x64
File System: NTFS
User: System

-Blocked Malware Details-
File: 1
Malware.AI.3043391, C:\Program Files (x86)\Vim\vim81\gvim.exe, Quarantined, 1000000, 0, 1.0.37015, 647197131A567E17002E703F, dds, 01113876, BDAAAC3FA3F6796825A51EF1C0E5B3FD, 45429C164365C093F1F6BB5A59B0DC83E33505DE3A1355B32F478491C0A1BCF6


(end)

Link to post
Share on other sites
Fwkion

Fwkion

Posted
Posted

Hi,

I got a similar detection. The file has been there for quite some time and the file hash matches the one provided by vim on the website.

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 15/02/2021
Scan Time: 02:00
Log File: 259fe6d8-6f29-11eb-98fb-c49ded91eb87.json

-Software Information-
Version: 4.3.0.98
Components Version: 1.0.1157
Update Package Version: 1.0.37139
Licence: Premium

-System Information-
OS: Windows 10 (Build 19041.804)
CPU: x64
File System: NTFS
User: System

-Scan Details-

File: 1
Malware.AI.4294464096, C:\USERS\User\DOWNLOADS\GVIM81.EXE, No Action By User, 1000000, 0, 1.0.37139, C220091BDDAD977FFFF85260, dds, 01117404, 14391C74929552DB62ACC6BCA9EFBE1B, 0F613497E909F7140061A0AFA309B5E11A9FF9036B1DEB01CE708987FDB708B9

(end)

Link to post
Share on other sites
zdooder

zdooder

Posted
Posted

Similarly, I got a Malware Detection, so upgraded to gVim 8.2 and now am getting a detection on that installer:

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 2/17/21
Scan Time: 2:47 AM
Log File: 2c810c60-7105-11eb-9c5e-84fdd1a5963b.json

-Software Information-
Version: 4.3.0.98
Components Version: 1.0.1173
Update Package Version: 1.0.37217
License: Premium

-System Information-
OS: Windows 10 (Build 19041.804)
CPU: x64
File System: NTFS
User: System

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Scheduler
Result: Completed
Objects Scanned: 370124
Threats Detected: 1
Threats Quarantined: 0
Time Elapsed: 6 min, 19 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Warn

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 1
Malware.AI.257717160, C:\USERS\TROY\DOWNLOADS\GVIM82.EXE, No Action By User, 1000000, 0, 1.0.37217, F356B2108D9EC1960F5C73A8, dds, 01120406, AA84543492CD8260F44A5ACF1EC35641, D63AAC8799C516D30725C27716BBDB6439F02833C80B091423CE95EC592C19C3

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.