VirusTotalUploader2.exe trying to modify trusted programs

Discussion in 'malware problems & news' started by turtlesoup, Jul 16, 2011.

Thread Status:
Not open for further replies.
  1. turtlesoup

    turtlesoup Registered Member

    Joined:
    Jul 16, 2011
    Posts:
    10
    Yesterday, I downloaded and installed the VirusTotal uploader app from:

    http://www.virustotal.com/advanced.html#uploader

    The sha256 checksum of the VTUploader2.0Setup.exe is:

    f5b31335fefa7d46bab89c6985d7c097eaf8a6b29ac990b5bf63c75e0499a3b6

    The sha256 checksum of the installed VirusTotalUpload2.exe is:

    0c3bbca54c19d81a3df2229d09bff373b61f7ddb495ac6f247ba15b074b5fc63

    It worked fine overall, even though Online Armor flagged it as a screen logger (and maybe keylogger too, I can't quite remember). I decided to trust it and let Online Armor allow its screen logging, as it didn't seem to work otherwise. So, after I allowed it, it seemed to work fine, and I used it to check and upload a bunch of files, which it did without a hitch.

    Today, however, when I tried to upload a file, Online Armor came up with a bunch of warnings that the VT uploader was trying to "modify trusted programs", and also that it wanted to terminate "verclsid.exe". See these screenshots:

    http://img842.imageshack.us/img842/9392/44682796.png

    http://img269.imageshack.us/img269/5853/47388025.png

    http://img64.imageshack.us/img64/7320/10818155.png

    http://img600.imageshack.us/img600/1687/35345481.png

    What's going on here? Why was it able to work just fine before and now it wants to do all of this really suspicious stuff?
     
    Last edited: Jul 16, 2011
  2. Dark Shadow

    Dark Shadow Registered Member

    Joined:
    Oct 11, 2007
    Posts:
    4,553
    Location:
    USA
    I have comodo AV with Defense + hips on my netbook,and just downloaded with no warnings of suspcious activity on my end or comodos end,so not sure whats up with that.Ijust scanned with Hitman pro,and it came back clean.
     
  3. turtlesoup

    turtlesoup Registered Member

    Joined:
    Jul 16, 2011
    Posts:
    10
    I myself scanned the uploader install and app files in Jotti, and it came back clean. Of course VT's own scans showed it to be clean. I also scanned it with MalwareBytes Anti-Malware, and they were clean. My resident F-Prot protection didn't trigger either.

    But anti-virus software could be evaded. *

    Also, just because no suspicious behavior was detected immediately after downloading or even installing and running the app doesn't mean it will never exhibit suspicious activity. That is precisely what happened to me -- it was only a day after I installed and used it pretty heavily that it tried to modify other programs.
     
    Last edited by a moderator: Jul 17, 2011
Loading...
Thread Status:
Not open for further replies.