Antivirus false positive

Any issues related to FORScan application
Post Reply
botus
Posts: 18
Joined: Wed Sep 30, 2020 7:10 pm
Vehicle: Focus Mk2.5 1.6vvti 2008

Re: Antivirus false positive

Post by botus »

those Microsoft idiots are always making mistakes - (outside of tools like yours) gone are the days of IT hero's doing real work, the three year olds are now in control - and everyday they break a feature normal people wanted, and add a longer more complex method to achieve it - whilst adding 4 gig of bloatware adding junk anyone over 40 would never want in their life

that sad - for the first time ever kaspersky found and removed an old tool I had on a machine (it had been there happy for 10 years), then they automatically removed it 3 months ago and proudly popped up to tell me afterwards

found this re where it hides - Packunwan creates registry entries to maintain persistence


Press Windows key + R, type “regedit”
Navigate to these locations:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
Delete any suspicious entries pointing to Packunwan files


The program queries registry entries for country codes and system configurations. It builds a profile of your system and location. This information could be valuable to cybercriminals.

Packunwan also checks for virtual machines and sandbox environments. It queries SCSI registry keys to detect analysis tools. This anti-analysis technique is common in modern malware.

The malware uses RC4 encryption to hide its payload making the program harder to analyze and detect. It also helps bypass basic antivirus protection.
Top
killerdroid1990
Posts: 1
Joined: Sat Feb 10, 2024 5:23 am
Vehicle: 2000 Ford Excursion 7.3L

Re: Antivirus false positive

Post by killerdroid1990 »

Thanks for this thread. All I had to do is add the .exe into the exclusions to get it to launch correctly
Top
FORScan
Site Admin
Posts: 2970
Joined: Fri Jun 13, 2014 2:21 am

Re: Antivirus false positive

Post by FORScan »

We have released v2.3.69 with EXE file digitally signed. The signature can be easily verified. Neverhtheless, some A/V software continue to recognize FORScan as a virus:

https://www.virustotal.com/gui/file/646 ... d8f4dd491e
Top
ghiamkiii
Posts: 9
Joined: Sun Feb 18, 2018 6:42 pm
Vehicle: Ford Mondeo MK5 Tdci 180hp 2015

Re: Antivirus false positive

Post by ghiamkiii »

Just in case,

F-Secure reports in "FORScanSetup2.3.69.release.exe"
MalWare, Trojan-Dropper TR/W32.Eo

I do not know if this is harmless.....
Top
djweb74
Posts: 9
Joined: Tue Oct 08, 2024 8:57 pm
Vehicle: Ford Fiesta MK8 1.0 Titanium 100cv ecoboost
Location: Italy

Re: Antivirus false positive

Post by djweb74 »

I'm now stuck with version 2.3.66 which is seen as "clean"
Top
Post Reply

Return to “General and Support forum”