Login

***Britec*** · 10-19-2014, 01:47 PM

Post information to the creator of the software, it could be a false positive, because virustotal shows up clean.
Could you please removed confirmed Virus from title until we are 100% positive its a virus.

**mclarenclarkson** · 10-20-2014, 09:32 AM

Sure, but do you not think that a dll called WATCHER.DLL is dodgy? And then when you run the program kaspersky detects that it is watching you and asks to delete it? I really am inclined to believe it is a virus.

***Britec*** · 10-20-2014, 11:43 AM

You could well be right about it being a virus, but we need to b e sure, I will take a look at it in a day or so.
What I don't want is we start to post content saying is a virus and its a false positive, we need to be 100% sure before we warn people away from the software.

**GuiltySpark** · 10-20-2014, 02:31 PM

There are legit watcher.dll files and some can/are malicious in some way, but as Brian says contact the owner of the software to let them know. Also I would contact Kaspersky and talk them through it as they may wish to investigate further.

[additional]

Ran a little check on WintoUSB 1.6 beta (couldnt get the 1.5 version to work) using Ghex and the only thing I could tell from the brief view (and it was quite brief) is that it has a "mailslot" program which could be perfectly legit. ClamAV, chrootkit both showed no problems, here's an image of the hex;

***Britec*** · 10-20-2014, 03:39 PM

I was going to say, if it was a bad program, I am sure virustotal would of have at least 3 or 4 virus detections, Kaspersky detected it as a virus, but that was a 2013 version I see, Kaspersky is one of many antivirus company's on virustotal and it did not detect it, maybe the programs has talked with these company's and its now classed as a false positive.

I will take a look when I get time.