Author Topic: bolehgui305.exe reported as detplock trojan by windows 10  (Read 4130 times)

Offline vpnacc

  • BolehVPN Subscriber
  • Newbie
  • **
  • Posts: 1
bolehgui305.exe reported as detplock trojan by windows 10
« on: December 03, 2016, 02:12:52 AM »
Hi,
I have tried to install bolehgui305.exe after your migration, and in doing so had windows defender flag the file as the detplock trojan multiple times.
Is there a way around this? Or is there a problem with the .exe itself?
Thanks

Offline Slacker

  • BolehVPN Staff
  • Admiral
  • *****
  • Posts: 716
Re: bolehgui305.exe reported as detplock trojan by windows 10
« Reply #1 on: December 03, 2016, 09:35:03 AM »
I believe I read something somewhere regarding this, don't worry it's not a trojan or infected that will mess up your system.

I'd recommend online scanning it, I'm curious too, to see what results you get;

https://www.virustotal.com/

It would also be good for BolehVPN to know these results to see how many scanners it's setting off to correct the code.

Offline maxbudin

  • BolehVPN Subscriber
  • Lieutenant
  • **
  • Posts: 107
Re: bolehgui305.exe reported as detplock trojan by windows 10
« Reply #2 on: December 03, 2016, 11:54:47 AM »
There's mention in 'Status' page.

"These are some of the common issues that have cropped up:
  False positive on some antivirus on the new installer. You can verify the installer by going to virustotal.com which should  show you that it’s a false positive."

Offline majorclatto

  • Newbie
  • *
  • Posts: 1
Re: bolehgui305.exe reported as detplock trojan by windows 10
« Reply #3 on: December 03, 2016, 08:41:14 PM »
Hi,

I can confirm Windows10 Defender reports

Category: Trojan:Win32/azden.A!d

Description: This program is dangerous and executes commands from an attacker.

Recommended action: Remove this software immediately.

Items:
file:C:\Users\XXXX\Downloads\Unconfirmed 120573.crdownload

VIRUS TOTAL info
Get more information about this item online. Virus total info

SHA256:   6e1facf67221435f3a137a1da9ba065645502acf90c0420c2f9cce5a243e4c46
File name:   BolehGUI305.exe
Detection ratio:   1 / 55
Analysis date:   2016-12-03 05:58:48 UTC ( 6 hours, 38 minutes ago )

CrowdStrike Falcon (ML)   malicious_confidence_61% (D)   20161024 was the only scanner to report issues


File identification
MD5 0c9f81c1ccda66a12a8a3024e1be46fe
SHA1 cfdd51fa9a6f8eed77ce56e69107a042708e1830
SHA256 6e1facf67221435f3a137a1da9ba065645502acf90c0420c2f9cce5a243e4c46
ssdeep98304:BP2VuYvkpWS3lW/ZAFojCL3eB5do+JLUQDcfjDw2mgs7y8rCfoUcGtu/ORq:BguYvob3uRJjcLsRbrscz/ORq
authentihash  18a0ba91a6f612cb8c62741f7f8bcd5dc1712b7edb0ea1e852db0658b27ab192
imphash  b1a57b635b23ffd553b3fd1e0960b2bd
File size 7.1 MB ( 7473754 bytes )
File type Win32 EXE
Magic literalPE32 executable for MS Windows (GUI) Intel 80386 32-bit
TrID   Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tagsnsis peexe overlay
 VirusTotal metadata
First submission 2016-12-01 19:41:16 UTC ( 1 day, 16 hours ago )
Last submission 2016-12-03 05:58:48 UTC ( 6 hours, 38 minutes ago )
File names   bolehgui305.exe
BolehGUI305.exe


Offline Slacker

  • BolehVPN Staff
  • Admiral
  • *****
  • Posts: 716
Re: bolehgui305.exe reported as detplock trojan by windows 10
« Reply #4 on: December 04, 2016, 11:39:23 AM »
@maxbudin thanks...

@majorclatto it's ok it's not a trojan...

Offline Anwar

  • Support Monkey
  • BolehVPN Staff
  • Newbie
  • *****
  • Posts: 19
  • Datei nicht gefunden!
Re: bolehgui305.exe reported as detplock trojan by windows 10
« Reply #5 on: December 06, 2016, 05:24:19 PM »
We recently released a software signed version with the correct version of setting.ini inside. This version should also fix the false positive issue.

https://www.bolehvpn.net/downloads/BolehGUI305.exe


Offline Enigm

  • BolehVPN Subscriber
  • Newbie
  • **
  • Posts: 11
Re: bolehgui305.exe reported as detplock trojan by windows 10
« Reply #6 on: December 10, 2016, 08:09:04 AM »
the new version 3.0.5 syill shows up with a false positive on windows defender (windows 7)
edit: cleared cache too but download continues tol show up as false positive

« Last Edit: December 10, 2016, 08:14:44 AM by Enigm »

Offline Anwar

  • Support Monkey
  • BolehVPN Staff
  • Newbie
  • *****
  • Posts: 19
  • Datei nicht gefunden!
Re: bolehgui305.exe reported as detplock trojan by windows 10
« Reply #7 on: December 16, 2016, 01:26:39 AM »
the new version 3.0.5 syill shows up with a false positive on windows defender (windows 7)
edit: cleared cache too but download continues tol show up as false positive
Could you right-click on the file, select Properties and click on the Digital Signatures tab? If you do not have this, you are probably still on the old version.

The SHA-1 Checksum for this file is: 3A8558D615BB5128B7FBC65DFF342F5A46679C14