lordvirus 0 Posted July 18, 2019 Report Share Posted July 18, 2019 Hey guys. When I try to install Brave browser, Emsisoft shows warning and tries to quarantine it . Is it possible Brave's setup.exe contains virus? Quote Link to post Share on other sites
JeremyNicoll 78 Posted July 18, 2019 Report Share Posted July 18, 2019 Where - tell us the URL - did you find the installer for this? And what did EAM say about it? Quote Link to post Share on other sites
lordvirus 0 Posted July 18, 2019 Author Report Share Posted July 18, 2019 I've installed it from official website. https://brave.com/ EAM said: Behavior Blocker detected suspicious behavior "CryptoMalware" of C:\Users\Username\AppData\Local\Temp\CR_0D7F2.tmp\setup.exe (SHA1: 2464A40A0FEFD6F569B015F68E57E99DAB147C58) Quote Link to post Share on other sites
JeremyNicoll 78 Posted July 18, 2019 Report Share Posted July 18, 2019 (edited) Ok. I plugged that SHA1 hash into the search option at the VirusTotal website, which then displays what various anti-virus & anti-malware utilities think about a file (regardless of what it's been named) that contains the same thing as your file did. See: https://www.virustotal.com/gui/file/d0864f12625afab65a023d1231dd518113d0d867ac4e9d275d62636a9ef0696d/details When VT looked at an instance of that file - 11 hours ago - none of the 72 utilities they used thought it was infected. However, those results are all checks of the file itself. EAM's Behaviour Blocker looks at what the file does when it is run. Although the VT website lists some of the things that this program is known to do - files it opens, registry keys it sets etc (on the "Details" tab at the VT results page), neither you nor I have any idea what the Behavior Blocker didn't like. It occurs to me that this file is pretty small - only a couple of MB - so probably what it does is contact the Brave server and download the actual browser. That might look a lot like a piece of malware trying to contact its command & control server. On the other hand lots of installers do that sort of thing. I wouldn't take the risk - Crypto Malware is extremely bad news. I think you will need to wait until someone from Emsisoft can say if the EAM warning is a mistake or genuine. Edited July 18, 2019 by JeremyNicoll added comment on file size Quote Link to post Share on other sites
lordvirus 0 Posted July 18, 2019 Author Report Share Posted July 18, 2019 I thought maybe it’s the TOR browsing feature of Brave Browser. Quote Link to post Share on other sites
JeremyNicoll 78 Posted July 18, 2019 Report Share Posted July 18, 2019 Just now, lordvirus said: I thought maybe it’s the TOR browsing feature of Brave Browser. It's the installer that got the EAM warning though, not the Brave browser itself. Unless the installer also uses TOR to grab the full program? You will need to wait for Emsisoft to comment. Quote Link to post Share on other sites
Kevin Zoll 309 Posted July 18, 2019 Report Share Posted July 18, 2019 It's a Behavioral alert on the part of or Behavior Blocker. Behavior Blocker detected suspicious behavior "CryptoMalware" of C:\Users\*******\AppData\Local\Temp\CR_4D200.tmp\setup.exe (SHA1: 2464A40A0FEFD6F569B015F68E57E99DAB147C58) I've reported it to our lab. They should fix it shortly. Quote Link to post Share on other sites
lordvirus 0 Posted July 19, 2019 Author Report Share Posted July 19, 2019 So I shouldn't worry about and keep using Brave Browser? Quote Link to post Share on other sites
GT500 854 Posted July 19, 2019 Report Share Posted July 19, 2019 14 hours ago, lordvirus said: So I shouldn't worry about and keep using Brave Browser? The issue was more than likely that they forgot to digitally sign something. At least assuming you downloaded the installer from the official Brave Browser website. Quote Link to post Share on other sites
Teahead 0 Posted November 15, 2019 Report Share Posted November 15, 2019 The exact same thing happend today. I tried to install the Brave browser and Emsisoft blocked the installation: ID Object 0 C:\Users\root\AppData\Local\Temp\CR_0C64B.tmp\setup.exe Behavior.CryptoMalware I downloaded the setup file from the official website: https://brave.com/ Is there a fix? How can I install the browser? Quote Link to post Share on other sites
GT500 854 Posted November 16, 2019 Report Share Posted November 16, 2019 14 hours ago, Teahead said: Is there a fix? How can I install the browser? You can temporarily disable the Behavior Blocker in Emsisoft Anti-Malware while you install Brave. Just right-click on the little Emsisoft icon in the lower-right corner of the screen (to the left of the clock), go to Protection status, and select Disable Behavior Blocker. Just be sure to turn it back on again when you're done. Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.