BitComet 1.47 Antivirus warning

[lemmon]

I would like to report a problem I encountered with the BitComet 1.47 setup.exe.

It was auto-downloaded by my 1.46 BitComet client. My antivirus (NAV) flagged it.

I then scanned the EXE on virustotal. The link for the full report is below.

Summary :

17 engines detected this file

SHA-256 c043ab042fd0e07f2b5ff84a0ebc402e7bba4b85d0607535b6fc3263f51fde58

File name BitComet_1.47_setup.exe

File size 15.96 MB

Last analysis 2017-09-03 05:27:45 UTC

Community score -34

 

I then tried to fetch the setup EXE from the link given in the 'News/Announcements' post.

The SHA 256 value was the same and I got the same error report from virustotal.

 

Could someone please have a look and shed some light on this matter.

Virustotal report:

https://www.virustotal.com/#/file/c043ab042fd0e07f2b5ff84a0ebc402e7bba4b85d0607535b6fc3263f51fde58/detection

Thank you.

 

Edited September 3, 2017 by lemmon (see edit history)

[Rhubarb]

First of all, there is no virus in the app - you have a 'false positive'  (which is not uncommon).

Secondly, that 'report' only shows nine 'detections' (the remainder showed it clean). Additionally, about half of the detections flag it as 'adware' (simply because it actually 'advertises'  in the start page). The remaining flags concern the fact that it writes to the Windows registry and then is flagged as 'trojan'. A LOT of apps write to the registry which is why a standard instruction on installation is to 'close down all running apps' and this does mean ALL (including the A/V).

I'm involved in support work with some other application software and that 'problem' happens more often than you would think

[The UnUsual Suspect]

we've had these same false positives in other versions, they detect installcore  https://www.installcore.com

which allows BitComet to be bundled with other app, and as long as it's used properly and doesn't allow malware to install, and allows you to decline, then it is not malware, rather a legitimate tool used by developers to fund freeware apps like Bitcomet. 

To save yourself a lot of hassle, if kaspersky and malwarebytes say it's clean, it is.

 

If you still have doubts,, scan your system, install bitcomet, delete the install exe, then scan your system again. Also note that you can decline the recommended software.

[lemmon]

Thank you very much to both of you.

 

The explanation on 'installcore' was useful. I understand now why it was flagged.

This is the first time it has happened with a BitComet update. Hence I began to wonder.

Thank you very much for the tip on interpreting virustotal reports viz., check Kaspersky and Malwarebytes.

I'll move to 1.47 sometime soon.

Thank you. :-)

[S1Niz7el2]

It may not be malware but Windows Defender has blocked the download on Windows 10. It allowed it a couple months ago on the same computer and Windows version. This sucks.  I went from 1,500,000 to 7800 in the rankings.  I thought I could go higher but not of I can't install it.  lol.

[Rhubarb]

You can exclude or 'white list' it in any anti-virus apps it doesn't get affected.

Personally I wouldn't use Defender but a third party app instead. There are numerous free ones out there, some better than others. I would advise against Webroot though as this has been known to be overly aggressive (and does cause problems in things like Second Life.

[S1Niz7el2]

I don't use any of em.  I didn't have a choice with Defender.  I quit using Anti virus when every app was a false positive....lol.  But seriously, for the last dozen years or so I've been repeating the same pattern of installing, using, and repeat.  It's only natural that I develop a working solution.  And since I' haven't modified my habits, I've modified the installation process.

[Rhubarb]

And that's what you're getting again - a false positive