Tigzy

From Adlice
Developer
Verified
@Tigzy The detection as keylogger for Winja, phrozen.io, is a false-positive, or not?

Winja v5.1 - Phrozen



https://www.reverse.it/sample/9125a57ac05a055393ff3bb9847822281a391ab7f4b8c90a10501c4980f06395/5c7ca8760388382a0f9f1f19

Not sure about this Threat Description - Adlice Software

I saw that the developer of Winja probably made a keylogger, but also other things I think?

Thank you.
Hey, no it's not. We are aware here's a great dev and such, but still this is a keylogger and having it installed on a machine may be for bad purposes so we've chosen to detect. You can add exclusion if you want :)

EDIT: I see what you mean, we'll try to modify the rule to only detect Keylogger.
 

Mr.Wave

Level 17
Hi tigzy. Thanks for your awesome work! Really like the program, good to have as an extra in the on demand scanner Arsenal. The only thing that is a little annoying is the fact that you will need to download definitions as a standalone pack from the website each time and integrate them manually. I hope this process can / will be available automatically in the future?
 

Tigzy

From Adlice
Developer
Verified
Hi tigzy. Thanks for your awesome work! Really like the program, good to have as an extra in the on demand scanner Arsenal. The only thing that is a little annoying is the fact that you will need to download definitions as a standalone pack from the website each time and integrate them manually. I hope this process can / will be available automatically in the future?
Hey, this is automatic when you get a Premium license ;)
 

rockstarrocks

Level 18
Verified
I want to report a FP. War Thunder is a cross platform vehicular combat multiplayer video game and not an an adware/malware. Clean results on VT for C:\Users\user_name\AppData\Local\WarThunder\win64\Aces.exe
Another one for C:\Users\user_name\AppData\Local\WarThunder\Launcher.exe VT results
Threat: Suspicious Path
Detected items are registry keys linked to these two .exe files.
 
Last edited:
  • Like
Reactions: stefanos

Andrew999

Level 22
Verified
Hey, no it's not. We are aware here's a great dev and such, but still this is a keylogger and having it installed on a machine may be for bad purposes so we've chosen to detect. You can add exclusion if you want :)

EDIT: I see what you mean, we'll try to modify the rule to only detect Keylogger.
Oh very interesting. So it has a keylogger in it? That's pretty bad. I did a scan and it detected it so I removed it.

It detected Auslogics Disk defrag as PUP but I kept it.

Also, it detected this so I removed it. It definitely seems like a good tool. Good job! :)
212788
 

Tigzy

From Adlice
Developer
Verified
I want to report a FP. War Thunder is a cross platform vehicular combat multiplayer video game and not an an adware/malware. Clean results on VT for C:\Users\user_name\AppData\Local\WarThunder\win64\Aces.exe
Another one for C:\Users\user_name\AppData\Local\WarThunder\Launcher.exe VT results
Threat: Suspicious Path
Detected items are registry keys linked to these two .exe files.
Thanks, we will add.

Oh very interesting. So it has a keylogger in it? That's pretty bad. I did a scan and it detected it so I removed it.

It detected Auslogics Disk defrag as PUP but I kept it.

Also, it detected this so I removed it. It definitely seems like a good tool. Good job! :)View attachment 212788
I have a doubt about the INCA Shared file, can you share the hash ? It's weird that it has EICAR signature in it, that would be a nonsense for them :)
 

Andrew999

Level 22
Verified
I have a doubt about the INCA Shared file, can you share the hash ? It's weird that it has EICAR signature in it, that would be a nonsense for them :)
Ok, here is the hash
a2a5cc6b5232b8e29e722dbc507785b3

Please tell me if I can remove it or not? Or is it safe?

Also you said that Winja, phrozen.io was a keylogger right?
 
  • Like
Reactions: harlan4096

Mops21

Level 26
Content Creator
Trusted
Verified
Hi all

RogueKiller v13.1.10


V13.1.10 04/24/2019
=================
- Added notifications setting
- Updated to core 3.0.8
* Bug fixes
* Updated signatures


With best Regards
Mops21
 

Tigzy

From Adlice
Developer
Verified
Ok, here is the hash
a2a5cc6b5232b8e29e722dbc507785b3

Please tell me if I can remove it or not? Or is it safe?

Also you said that Winja, phrozen.io was a keylogger right?
As you can see on Virustotal, eGambit is also detecting EICAR code. It's probably because they are exposing EICAR test code in their file, that's a poor design... But it's safe, you can leave it alone.

As for Winja, no. Phrozen has made a keylogger, it's a separate product; Don't worry too much, this detection will adjusted on our side.
 

Mops21

Level 26
Content Creator
Trusted
Verified
Hi all

RogueKiller v13.2.0.0


V13.2.0 05/14/2019
=================

- Updated to core 3.0.9
* Bug fixes
* Updated signatures
* UCheck engine update
- Fix for hidden.proc
- Free users can now download signatures package automatically

With best Regards
Mops21
 
Last edited: