Q&A Mullvad 65 contains Win32.Trojan.WisdomEyes

Discussion in 'VPN and Privacy' started by Chigwells, Oct 27, 2017.

  1. Chigwells

    Chigwells Level 2

    Jan 16, 2012
    All Over
    #1 Chigwells, Oct 27, 2017
    Last edited: Oct 27, 2017
    Hi everyone, would anybody care to suggest what's going on here?

    Mullvad VPN just issued the latest update, 65, and it appears to contain WisdomEyes trojan. My AV flagged it up, which never happened before. I downloaded the Win version.

    Here's what VirusTotal has to say (and screenshot of same):


    Edit: Malwarebytes reports it can detect wisdonEyes, so possible this is a false positive?
    Trojan.WisdomEyes - Malwarebytes Labs

    mullvad 65.png

    Trojan.WisdomEyes - Malwarebytes_ Detections.png
    upnorth, Rengar and Opcode like this.
  2. Opcode

    Opcode Level 24
    Content Creator

    Aug 17, 2017
    Windows 10
    Baidu and eGambit. :unsure:

    I would assume it is a false positive detection since it is Baidu and eGambit and no vendors which I feel are "reliable" (unless generic detection specifically), but I've never heard of Mullvad VPN.

    Could you send me the executable you scanned with for VirusTotal? I'll see if I can look into it more and get back to you. I recommend you submit the file through the submission forms to a vendor or two (such as Avira, Avast, Emsisoft or Kaspersky) and see what verdict they respond with too, since they have teams dedicated to getting through submissions 24/7 haha.

    Better to be safe than sorry! (especially since VirusTotal is not the best for zero-day malware detection, so assuming it is just a FP is also a risk, but that doesn't mean it cannot just be an FP). :)
    upnorth, Anker_by, harlan4096 and 2 others like this.
  3. mlnevese

    mlnevese Level 11

    May 3, 2015
    Windows 10
    Mos probably a false positive...
    upnorth and Anker_by like this.
  4. Chigwells

    Chigwells Level 2

    Jan 16, 2012
    All Over
    Sorry I don't know how to do that lol! Couldn't find how to send you a message with attachment? You can download the file straight from Client | Mullvad if you get a moment.

    I uploaded it to Emsisoft. I'll report back their answer.

    Cheers, Chigwells.
    upnorth and Opcode like this.
  5. Chigwells

    Chigwells Level 2

    Jan 16, 2012
    All Over
    I guess it was a False Positive, here is what the Emsisoft support staff had to say:

    Emsi reply.png
    mlnevese likes this.
  6. upnorth

    upnorth Level 14

    Jul 27, 2015
    Chigwells and mlnevese like this.
  7. Chigwells

    Chigwells Level 2

    Jan 16, 2012
    All Over
    Thanks upnorth, didn't know that one!
    upnorth likes this.
  • About Us

    Our community has been around since 2010, and we pride ourselves on offering unbiased, critical discussion among people of all different backgrounds about security and technology . We are working every day to make sure our community is one of the best.
  • Need Malware Removal Help?

    If you're being redirected from a site you’re trying to visit, seeing constant pop-up ads, unwanted toolbars or strange search results, your computer may be infected with malware. We offer free malware removal assistance to our members in the Malware Removal Assistance forum.
  • Quick Tip

    Without meaning to, you may click a link that installs malware on your computer. To keep your computer safe, only click links and downloads from sites that you trust. Don’t open any unknown file types, or download programs from pop-ups that appear in your browser.