softdark 0 Posted July 16, 2011 Report Share Posted July 16, 2011 Yesterday, I downloaded and installed the VirusTotal uploader app from: http://www.virustotal.com/advanced.html#uploader The sha256 checksum of the VTUploader2.0Setup.exe is: f5b31335fefa7d46bab89c6985d7c097eaf8a6b29ac990b5bf63c75e0499a3b6 The sha256 checksum of the installed VirusTotalUpload2.exe is: 0c3bbca54c19d81a3df2229d09bff373b61f7ddb495ac6f247ba15b074b5fc63 It worked fine overall, even though Online Armor flagged it as a screen logger (and maybe keylogger too, I can't quite remember). I decided to trust it and let Online Armor allow its screen logging, as it didn't seem to work otherwise. So, after I allowed it, it seemed to work fine, and I used it to check and upload a bunch of files, which it did without a hitch. Today, however, when I tried to upload a file, Online Armor came up with a bunch of warnings that the VT uploader was trying to "modify trusted programs", and also that it wanted to terminate "verclsid.exe". See these screenshots: http://img842.imageshack.us/img842/9392/44682796.png http://img269.imageshack.us/img269/5853/47388025.png http://img64.imageshack.us/img64/7320/10818155.png http://img600.imageshack.us/img600/1687/35345481.png What's going on here? Why was it able to work just fine before and now it wants to do all of this really suspicious stuff? Quote Link to post Share on other sites
catprincess 19 Posted July 17, 2011 Report Share Posted July 17, 2011 Looking at your screenshots, VirusTotalUpload2.exe is not trusted and this is why you are getting these alerts. I don't know why it's no longer trusted as I know you said you'd trusted it but it doesn't seem to have set the trust status correctly. It does seem quite strange as the trusted checkbox is also greyed out in your screenshots. I'd suggest you delete all entries related to this program from the Programs list and then rerun it and attempt to Trust it from the first "a program wants to run" prompt that you get and see if this sorts it out. Alternatively, you could try locating VirusTotalUpload2.exe in the Program's list, and clicking the Untrust button, and then clicking the Trust button again. Quote Link to post Share on other sites
softdark 0 Posted July 17, 2011 Author Report Share Posted July 17, 2011 Looking at your screenshots, VirusTotalUpload2.exe is not trusted and this is why you are getting these alerts. I don't know why it's no longer trusted as I know you said you'd trusted it but it doesn't seem to have set the trust status correctly. It does seem quite strange as the trusted checkbox is also greyed out in your screenshots. I'd suggest you delete all entries related to this program from the Programs list and then rerun it and attempt to Trust it from the first "a program wants to run" prompt that you get and see if this sorts it out. Alternatively, you could try locating VirusTotalUpload2.exe in the Program's list, and clicking the Untrust button, and then clicking the Trust button again. Sorry, there seems to be a bit of miscommunication here. When I said "I decided to trust it and let Online Armor allow its screen logging", I did not use the term "trust" in the the OA sense of hitting the OA "Trust" button. I "trusted" the application in the more informal, and limited sense, just in so far as telling OA to allow it to act as a screen logger. I did not "trust" it any further than that -- precisely because I wanted to see what else it would try to do, and stop it if need be. So my question really isn't why OA gave me those alerts. I understand that it alerted me because I didn't "Trust" the app fully (in the OA sense of "Trust"), and the app tried to do precisely what OA detected. My question is, rather, why this app, which is supposed to merely checksum and upload a file to the VirusTotal website, is trying to modify other programs -- and why it needs to do that now all of a sudden, when it was checksumming and uploading many programs to the VT site without exhibiting any of this modification behavior yesterday. It just seems really suspicious, like something malware might do. Quote Link to post Share on other sites
catprincess 19 Posted July 17, 2011 Report Share Posted July 17, 2011 Okay sorry, I get what you mean now My question is, rather, why this app, which is supposed to merely checksum and upload a file to the VirusTotal website, is trying to modify other programs -- and why it needs to do that now all of a sudden, when it was checksumming and uploading many programs to the VT site without exhibiting any of this modification behavior yesterday. It just seems really suspicious, like something malware might do. I do not know what exactly the program might need to do in order to complete it's functions. It doesn't seem in the least bit likely to me that VirusTotal would provide a utility that is malware though. Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.