LS1 Flash Tool and Windows Defenfer

Programs / Tools / Scripts
Post Reply
lccreech
Posts: 4
Joined: Tue Nov 08, 2016 1:04 pm
cars: 1999 LS1 Miata
1966 Corvair
2001 986 Porsche Boxster
2005 Jeep Wrangler
2010 Jeep Rubicon
2012 Cadillac SRX

LS1 Flash Tool and Windows Defenfer

Post by lccreech »

Windows 10 Defender reports this error and deletes the file

Category: Trojan

Description: This program is dangerous and executes commands from an attacker.

Recommended action: Remove this software immediately.

Items:
containerfile:C:\$Recycle.Bin\S-1-5-21-1597143808-3754268942-2216452023-1001\$RW8CB2T.zip
file:C:\$Recycle.Bin\S-1-5-21-1597143808-3754268942-2216452023-1001\$RW8CB2T.zip->ls1flash-free.exe
file:C:\Users\Larry\Downloads\ls1flash-free-1.07\ls1flash-free.exe
User avatar
Tazzi
Posts: 3422
Joined: Thu May 17, 2012 8:53 pm
cars: VE SS Ute
Location: WA
Contact:

Re: LS1 Flash Tool and Windows Defenfer

Post by Tazzi »

Occurs due to the programs "obfuscation protection". Alot of antivirus's will flag it as bad even though its not.
Your Local Aussie Reverse Engineer
Contact for Software/Hardware development and Reverse Engineering
Site:https://www.envyouscustoms.com
Mob:+61406 140 726
Image
User avatar
antus
Site Admin
Posts: 8237
Joined: Sat Feb 28, 2009 8:34 pm
cars: TX Gemini 2L Twincam
TX Gemini SR20 18psi
Datsun 1200 Ute
Subaru Blitzen '06 EZ30 4th gen, 3.0R Spec B
Contact:

Re: LS1 Flash Tool and Windows Defenfer

Post by antus »

Oh great. I had not run this since updating to win 10 some months ago. Win 7 defender was ok previously. I can assure you it is a false positive from the packer but thanks for reporting it. Its good for people to have a heads up and expect it, especilly with such a commonly used virus/malware tool. I actually avoided 'high' level protection to stop the false positive but it seems microsoft have changed their criteria.
Have you read the FAQ? For lots of information and links to significant threads see here: http://pcmhacking.net/forums/viewtopic.php?f=7&t=1396
kojab
Posts: 440
Joined: Sun Mar 22, 2009 11:52 am
cars: VT V6 supercharged in a corolla
Location: Sydney
Contact:

Re: LS1 Flash Tool and Windows Defenfer

Post by kojab »

Potential_Threat.png
Trojan.png
antus wrote:Oh great. I had not run this since updating to win 10 some months ago. Win 7 defender was ok previously. I can assure you it is a false positive from the packer but thanks for reporting it. Its good for people to have a heads up and expect it, especilly with such a commonly used virus/malware tool. I actually avoided 'high' level protection to stop the false positive but it seems microsoft have changed their criteria.
Hi antus I am having a constant Trogan attack to my computor and also when I visit "pcmhacking.net" The attacker goes by the name of http://www.envyouscustoms.com
I am sure the attacker is "NOT" envyouscustoms. Could this be the problem that is talked about on this this thread above?
User avatar
antus
Site Admin
Posts: 8237
Joined: Sat Feb 28, 2009 8:34 pm
cars: TX Gemini 2L Twincam
TX Gemini SR20 18psi
Datsun 1200 Ute
Subaru Blitzen '06 EZ30 4th gen, 3.0R Spec B
Contact:

Re: LS1 Flash Tool and Windows Defenfer

Post by antus »

I think its scanning the target links on the page and classifying tazzi's drivers as trojan. Question for tazzi I guess. I'd be suprised if it was not a false positive but Ill tag him so he can take a look.
Have you read the FAQ? For lots of information and links to significant threads see here: http://pcmhacking.net/forums/viewtopic.php?f=7&t=1396
kojab
Posts: 440
Joined: Sun Mar 22, 2009 11:52 am
cars: VT V6 supercharged in a corolla
Location: Sydney
Contact:

Re: LS1 Flash Tool and Windows Defenfer

Post by kojab »

Thanks antus
User avatar
Tazzi
Posts: 3422
Joined: Thu May 17, 2012 8:53 pm
cars: VE SS Ute
Location: WA
Contact:

Re: LS1 Flash Tool and Windows Defenfer

Post by Tazzi »

I have malwarebytes, and mine doesnt flag?

All of my sites are scanned hourly from the webhost side. Doing an online check using virustotal for envyouscustoms.com shows malwarebytes declares it as safe too.

Some antivirus's may not like the software I have produced under Envyous and OBDX due to software licensing though, but they are al on the downloads page which can only be accessed if logged in.
Your Local Aussie Reverse Engineer
Contact for Software/Hardware development and Reverse Engineering
Site:https://www.envyouscustoms.com
Mob:+61406 140 726
Image
kojab
Posts: 440
Joined: Sun Mar 22, 2009 11:52 am
cars: VT V6 supercharged in a corolla
Location: Sydney
Contact:

Re: LS1 Flash Tool and Windows Defenfer

Post by kojab »

Tazzi do you have surgestions on what I should be doing to overcome this issue. What would you do? Would appreciate your expert advice.
User avatar
antus
Site Admin
Posts: 8237
Joined: Sat Feb 28, 2009 8:34 pm
cars: TX Gemini 2L Twincam
TX Gemini SR20 18psi
Datsun 1200 Ute
Subaru Blitzen '06 EZ30 4th gen, 3.0R Spec B
Contact:

Re: LS1 Flash Tool and Windows Defenfer

Post by antus »

From a background conversation we've been having, I know what he would do is raise a ticket with your screenshot to malware bytes to ask them WTF? And he has done do. We've both tested his site and this one against various online site security tools, and they both come up as clean. It looks like in your case its picking up his site from his signature, but since his site is clean that still doesn't explain why you would get that (and he doesn't have that as a user of malware bytes) so we can't see any reason you should or would get different results. You could raise a ticket with them yourself too. It seems to be a problem in that product.
Have you read the FAQ? For lots of information and links to significant threads see here: http://pcmhacking.net/forums/viewtopic.php?f=7&t=1396
kojab
Posts: 440
Joined: Sun Mar 22, 2009 11:52 am
cars: VT V6 supercharged in a corolla
Location: Sydney
Contact:

Re: LS1 Flash Tool and Windows Defenfer

Post by kojab »

Thanks Antus and Pete I will raise a ticket with Malwarebytes and let you know what I find out.



1/07/2023 I raised a ticket yesterday with Malwarebytes and over night the problem was fixed. They gave no explanation on the cause.

Thanks to all that gave advise.
Post Reply