Jump to content

VirusTotalUploader2.exe trying to modify trusted programs


Recommended Posts

Yesterday, I downloaded and installed the VirusTotal uploader app from:

http://www.virustotal.com/advanced.html#uploader

The sha256 checksum of the VTUploader2.0Setup.exe is:

f5b31335fefa7d46bab89c6985d7c097eaf8a6b29ac990b5bf63c75e0499a3b6

The sha256 checksum of the installed VirusTotalUpload2.exe is:

0c3bbca54c19d81a3df2229d09bff373b61f7ddb495ac6f247ba15b074b5fc63

It worked fine overall, even though Online Armor flagged it as a screen logger (and maybe keylogger too, I can't quite remember). I decided to trust it and let Online Armor allow its screen logging, as it didn't seem to work otherwise. So, after I allowed it, it seemed to work fine, and I used it to check and upload a bunch of files, which it did without a hitch.

Today, however, when I tried to upload a file, Online Armor came up with a bunch of warnings that the VT uploader was trying to "modify trusted programs", and also that it wanted to terminate "verclsid.exe". See these screenshots:

http://img842.imageshack.us/img842/9392/44682796.png

http://img269.imageshack.us/img269/5853/47388025.png

http://img64.imageshack.us/img64/7320/10818155.png

http://img600.imageshack.us/img600/1687/35345481.png

What's going on here? Why was it able to work just fine before and now it wants to do all of this really suspicious stuff?

Link to post
Share on other sites

Looking at your screenshots, VirusTotalUpload2.exe is not trusted and this is why you are getting these alerts. I don't know why it's no longer trusted as I know you said you'd trusted it but it doesn't seem to have set the trust status correctly. It does seem quite strange as the trusted checkbox is also greyed out in your screenshots.

I'd suggest you delete all entries related to this program from the Programs list and then rerun it and attempt to Trust it from the first "a program wants to run" prompt that you get and see if this sorts it out. Alternatively, you could try locating VirusTotalUpload2.exe in the Program's list, and clicking the Untrust button, and then clicking the Trust button again.

Link to post
Share on other sites

Looking at your screenshots, VirusTotalUpload2.exe is not trusted and this is why you are getting these alerts. I don't know why it's no longer trusted as I know you said you'd trusted it but it doesn't seem to have set the trust status correctly. It does seem quite strange as the trusted checkbox is also greyed out in your screenshots.

I'd suggest you delete all entries related to this program from the Programs list and then rerun it and attempt to Trust it from the first "a program wants to run" prompt that you get and see if this sorts it out. Alternatively, you could try locating VirusTotalUpload2.exe in the Program's list, and clicking the Untrust button, and then clicking the Trust button again.

Sorry, there seems to be a bit of miscommunication here.

When I said "I decided to trust it and let Online Armor allow its screen logging", I did not use the term "trust" in the the OA sense of hitting the OA "Trust" button. I "trusted" the application in the more informal, and limited sense, just in so far as telling OA to allow it to act as a screen logger. I did not "trust" it any further than that -- precisely because I wanted to see what else it would try to do, and stop it if need be.

So my question really isn't why OA gave me those alerts. I understand that it alerted me because I didn't "Trust" the app fully (in the OA sense of "Trust"), and the app tried to do precisely what OA detected.

My question is, rather, why this app, which is supposed to merely checksum and upload a file to the VirusTotal website, is trying to modify other programs -- and why it needs to do that now all of a sudden, when it was checksumming and uploading many programs to the VT site without exhibiting any of this modification behavior yesterday. It just seems really suspicious, like something malware might do.

Link to post
Share on other sites

Okay sorry, I get what you mean now :)

My question is, rather, why this app, which is supposed to merely checksum and upload a file to the VirusTotal website, is trying to modify other programs -- and why it needs to do that now all of a sudden, when it was checksumming and uploading many programs to the VT site without exhibiting any of this modification behavior yesterday. It just seems really suspicious, like something malware might do.

I do not know what exactly the program might need to do in order to complete it's functions. It doesn't seem in the least bit likely to me that VirusTotal would provide a utility that is malware though.

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...