New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Virus found in SubtitleEdit-3.5.2-Setup.zip? #2271

Closed
kintrupf opened this Issue Mar 6, 2017 · 11 comments

Comments

Projects
None yet
5 participants
@kintrupf

kintrupf commented Mar 6, 2017

Wenn downloading SubtitleEdit-3.5.2-Setup.zip Windows Defender on Windows 10 detects "TrojanSpy:Win32/Skeeyah.A!rfn" in the file SubtitleEdit-3.5.2-Setup.exe. I don't know if this is a false alarm, but I don't want to try ;-)

@niksedk

This comment has been minimized.

Show comment
Hide comment
@niksedk

niksedk Mar 6, 2017

Member

False positive, got this from ms: Detection will be removed with signature build 1.237.706.0 or later.

Also check #2266

Member

niksedk commented Mar 6, 2017

False positive, got this from ms: Detection will be removed with signature build 1.237.706.0 or later.

Also check #2266

@niksedk

This comment has been minimized.

Show comment
Hide comment
@niksedk

niksedk Mar 6, 2017

Member

Ah, I've only reported the "SubtitleEdit.exe" as a false positive, not the installer which also seems to annoy anti virus programs. Lets see in a few days.

Member

niksedk commented Mar 6, 2017

Ah, I've only reported the "SubtitleEdit.exe" as a false positive, not the installer which also seems to annoy anti virus programs. Lets see in a few days.

@ccrc28

This comment has been minimized.

Show comment
Hide comment
@ccrc28

ccrc28 Mar 7, 2017

I love Subtitle Edit since 3.4.1 version 2014 so is very sad to tell that by the very first time MS Essentials Security gave alert for "TrojanSpy:Win32/Skeeyah.A!rfn" right after 3.5.2 has been installed.
Detection locals:

  • file:C:\Users\Username\Desktop\Subtitle Edit.lnk
  • regkey:HKLM\SOFTWARE\Wow6532Node\Microsoft\Windows\Currentversion\Uninstall\SubtitleEdit_is1
  • uninstall:HKLM\SOFTWARE\Wow6532Node\Microsoft\Windows\Currentversion\Uninstall\SubtitleEdit_is1

I don’t know if was either positive or false alert but despite logged as adm with high level privileges this alert immediately caused annoying things as like:

  • Block access to all folders and hard disks with shortcuts placed in desktop;
  • Turns on UAC and set it to high;
  • Auto change SECPOL to revoke user permissions for backup and restore tasks and by here also has blocked all my robocopy BAT scripts.

I hope it turns out to be a false positive alert and that Microsoft be kind enough to quickly turn off such crap automatic actions for this alert in so useful software always clean since 2014.

ccrc28 commented Mar 7, 2017

I love Subtitle Edit since 3.4.1 version 2014 so is very sad to tell that by the very first time MS Essentials Security gave alert for "TrojanSpy:Win32/Skeeyah.A!rfn" right after 3.5.2 has been installed.
Detection locals:

  • file:C:\Users\Username\Desktop\Subtitle Edit.lnk
  • regkey:HKLM\SOFTWARE\Wow6532Node\Microsoft\Windows\Currentversion\Uninstall\SubtitleEdit_is1
  • uninstall:HKLM\SOFTWARE\Wow6532Node\Microsoft\Windows\Currentversion\Uninstall\SubtitleEdit_is1

I don’t know if was either positive or false alert but despite logged as adm with high level privileges this alert immediately caused annoying things as like:

  • Block access to all folders and hard disks with shortcuts placed in desktop;
  • Turns on UAC and set it to high;
  • Auto change SECPOL to revoke user permissions for backup and restore tasks and by here also has blocked all my robocopy BAT scripts.

I hope it turns out to be a false positive alert and that Microsoft be kind enough to quickly turn off such crap automatic actions for this alert in so useful software always clean since 2014.

@niksedk

This comment has been minimized.

Show comment
Hide comment
@niksedk

niksedk Mar 7, 2017

Member

MS has fixed it for SubtitleEdit.exe - see https://www.virustotal.com/en/file/88ad0af7dfe1483125c31ec29cd11fc4d3ad0ea6576b603fe65cf71bd72d28a5/analysis/

I've not reported the installer yet...

Member

niksedk commented Mar 7, 2017

MS has fixed it for SubtitleEdit.exe - see https://www.virustotal.com/en/file/88ad0af7dfe1483125c31ec29cd11fc4d3ad0ea6576b603fe65cf71bd72d28a5/analysis/

I've not reported the installer yet...

@niksedk

This comment has been minimized.

Show comment
Hide comment
@niksedk

niksedk Mar 7, 2017

Member

SubtitleEdit.exe is down to 0 (started on about 6) infections now: https://virustotal.com/en/file/88ad0af7dfe1483125c31ec29cd11fc4d3ad0ea6576b603fe65cf71bd72d28a5/analysis/1488903041/

SubtitleEdit-3.5.2-Setup.exe is down to 3 (started on about 9!) infections now: https://virustotal.com/en/file/d75ceab99c34462d5add399aefc41bd2c28827a11212007f30d4f254aa340886/analysis/1488903102/

Thx to anyone helping with false positive reports :)

Member

niksedk commented Mar 7, 2017

SubtitleEdit.exe is down to 0 (started on about 6) infections now: https://virustotal.com/en/file/88ad0af7dfe1483125c31ec29cd11fc4d3ad0ea6576b603fe65cf71bd72d28a5/analysis/1488903041/

SubtitleEdit-3.5.2-Setup.exe is down to 3 (started on about 9!) infections now: https://virustotal.com/en/file/d75ceab99c34462d5add399aefc41bd2c28827a11212007f30d4f254aa340886/analysis/1488903102/

Thx to anyone helping with false positive reports :)

@niksedk

This comment has been minimized.

Show comment
Hide comment
@5moufl

This comment has been minimized.

Show comment
Hide comment
@5moufl

5moufl Mar 8, 2017

Submit false positives here: https://www.microsoft.com/en-us/security/portal/submission/submit.aspx
I did but I guess it won’t hurt if others do it too.

5moufl commented Mar 8, 2017

Submit false positives here: https://www.microsoft.com/en-us/security/portal/submission/submit.aspx
I did but I guess it won’t hurt if others do it too.

@niksedk

This comment has been minimized.

Show comment
Hide comment
@niksedk

niksedk Mar 8, 2017

Member

@5moufl: thx :)

Member

niksedk commented Mar 8, 2017

@5moufl: thx :)

@sam-johnson

This comment has been minimized.

Show comment
Hide comment
@sam-johnson

sam-johnson Mar 9, 2017

Wenn downloading SubtitleEdit-3.5.2-Setup.zip Windows Defender on Windows 10 detects "TrojanSpy:Win32/Skeeyah.A!rfn" in the file SubtitleEdit-3.5.2-Setup.exe. I don't know if this is a false alarm, but I don't want to try ;-)

i'm same thing with this. but i used Windows 10 64Bit Os. :( so said .......
BTW: Subtitle Edit 3.5.1,Build 1 can be use in my Win10. And it's very good... THX.

sam-johnson commented Mar 9, 2017

Wenn downloading SubtitleEdit-3.5.2-Setup.zip Windows Defender on Windows 10 detects "TrojanSpy:Win32/Skeeyah.A!rfn" in the file SubtitleEdit-3.5.2-Setup.exe. I don't know if this is a false alarm, but I don't want to try ;-)

i'm same thing with this. but i used Windows 10 64Bit Os. :( so said .......
BTW: Subtitle Edit 3.5.1,Build 1 can be use in my Win10. And it's very good... THX.

@niksedk

This comment has been minimized.

Show comment
Hide comment
@niksedk

niksedk Mar 9, 2017

Member

Microsoft (Windows Defender) is happy now: https://virustotal.com/en/file/d75ceab99c34462d5add399aefc41bd2c28827a11212007f30d4f254aa340886/analysis/1489073730/

Only Rising is still mad... I'll check again tomorrow.

Member

niksedk commented Mar 9, 2017

Microsoft (Windows Defender) is happy now: https://virustotal.com/en/file/d75ceab99c34462d5add399aefc41bd2c28827a11212007f30d4f254aa340886/analysis/1489073730/

Only Rising is still mad... I'll check again tomorrow.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment