Detected item:
Trojan:Win32/Azden.A!cl
file:C:\....vbRichClient5.dll
Alert level: Severe
Attachment 163739
Says, it executes commands from an attacker.
I'm not sure if this is a false positive or not.
Printable View
Detected item:
Trojan:Win32/Azden.A!cl
file:C:\....vbRichClient5.dll
Alert level: Severe
Attachment 163739
Says, it executes commands from an attacker.
I'm not sure if this is a false positive or not.
I already removed the file, so I can't submit it to Microsoft. Can some of the members here go through the process to submit the file as a home end user?
Submit here:
https://www.microsoft.com/en-us/wdsi/filesubmission
It's a false positive (the same thing was brought up in the german NewsGroup a few weeks ago as well).
A scan on VirusTotal shows, that Windows-Defender is the only tool which marks it "red".
https://www.virustotal.com/#/file/03...dd1f/detection
Also note, that in my (fully up-to-date) Win10 - a direct scan with the Windows-Defender shows "no Problem".
That's, as long as you didn't have activated the new "Cloud-Scan feature" (where the "AI" is apparently "over-eager" to "sanctify its existence").
FWIW - here's the SHA256 values for the latest (downloadable):
- vbRC5BaseDlls.zip: 03ba3103b21e0ade16fe2063a188d7dce9bda28c9f5b85af96a80f2e9764dd1f
- vbRichClient5.dll: 4017a8eda514593cc1b8439a2e421d170dd91f07d02748058e5b317a0a158bf9
(In case one wants to verify the file-contents of those files oneself on his machine).
HTH
Olaf
AV companies often mark a VB6-PE-file as a virus, we have become accustomed.
To avoid such behavior one could sign the image.
FWIW - I've reported the file now - over the link TTn provided in #3...
And (after an hour or so) they have now "finished their analysis" and "removed the detection":
https://www.microsoft.com/en-us/wdsi...e-b4c0f9f59307
That probably means, that the (Cloud-based) part of the Windows-Defender will not "cry woolf" anymore in the next rolled out signature updates.
Olaf
It is unfortunate indeed that VB6 has acquired such a poor reputation from computer security firms, but we can't really blame them because VB6 (and VBA macros) are still being (ab)used by bad actors to deliver malware. Here is one such recent example:
Quote:
Originally Posted by Amanda Rousseau, Lucien Brule