Jump to content
mcluskyism

WinToolkit from 1.7.0.1 to 1.7.0.8 to antivirus quarantine

Recommended Posts

Hi everyone, I'm new to the forum, I hope I wrote in the appropriate one.
I wanted to point out that my company antivirus (Check Point Endpoint Anti-Malware Blade) identifies WinToolkit.exe as infected with UDS:Trojan.MSIL.Agent.gen and relegates it to quarantine.
This happens with the WinToolkit_1.7.0.7 version which is therefore unusable, while with the WTK_v1_1.7.0.0 version the same executable passes the control, and it works.
I would like to test the versions prior to 1.7.0.7 but the download link only points to the latest.
Where can I find intermediate versions? Or should I wait for the next one?
Feel free to offer me further suggestions, thanks and greetings

Immagine.png

Share this post


Link to post
Share on other sites

Buongiorno e benvenuto!

 

This is a "false positive", Microsoft Security Essentials identifies it too as a virus, but with another name, depending on the status of the definitions.

Do you antivirus have the possibility to set the program as OK? MSE has that possibility.

BTW, since yesterday the version 1.7.0.8 has been released; MSE does NOT identify this version as infected.

You can download the new version on win-unattended.de.

 

Share this post


Link to post
Share on other sites

Hi Thiersee, buongiorno a te e grazie per la celere risposta.
I'm pretty sure this is a false positive, and I downloaded the latest version you suggested, but unfortunately my company antivirus thinks that even version 1.7.0.8 contains the same virus, so it won't even let me unpack the archive. 
And no, the antivirus is activated by policies so I have no way even to stop it and pause it with the "classic methods" already tried ( wmic service ... call StopService | net stop ... | sc config ... start= disabled && sc stop ... | TASKKILL / F / IM ... ).
For now I return to the original version v1_1.7.0.0 but, if they were available, I would still be curious to test the intermediate releases from win-unattended.de
I would basically slipstream a Seven Starter ISO for an old netbook, and I'm working on a Windows 10 company laptop (at home I'm up Debian Stable).
Since I would just like to modify Seven and nothing else, do you think I could be happy to stay with the original v1_1.7.0.0 version, and drop the German releases?
Grazie ancora, un saluto

20190727.png

Edited by mcluskyism
spelling error

Share this post


Link to post
Share on other sites
1 hour ago, mcluskyism said:

do you think I could be happy to stay with the original v1_1.7.0.0 version, and drop the German releases?

There is no german version of WTK! Or what do you mean?

Intermediate releases:

Silly me, I have them :rolleyes:!

If you want I can uploade them on mega.nz and give you the link.

Anyway, in the last days I couldn' have the 1.7.0.7-EXE on my PC, MSE did identify it as virus; after the MSE-Update of yesterday it hasn't been identified as virus anymore and the 1.7.0.8 too.

Ciao.

Share this post


Link to post
Share on other sites
34 minutes ago, Thiersee said:

There is no german version of WTK! Or what do you mean?

Hello, and sorry! I mean win-unattended.de branch development.

36 minutes ago, Thiersee said:

If you want I can uploade them on mega.nz and give you the link.

Thank you, you would be very kind if you could, so I could test from when the false positive appeared.

Cheers 😁

Share this post


Link to post
Share on other sites
8 minutes ago, mcluskyism said:

Hello, and sorry! I mean win-unattended.de branch development.

Thank you, you would be very kind if you could, so I could test from when the false positive appeared.

Cheers 😁

OK!

Here is the link

https://mega.nz/#!mKxDBYKZ!QFMsT2jhV8_CvXTOVq8h3Q-Cj7-oTf5biTWuw1C5BYc

Tell me when you downloaded it, then I pull it down from mega.nz.

Share this post


Link to post
Share on other sites
On 7/27/2019 at 4:35 PM, Thiersee said:

Tell me when you downloaded it, then I pull it down from mega.nz.

Hi Thiersee, downloaded and "grazie" feel free to take them down P.S. sorry for the delay, I will test ASAP 

Share this post


Link to post
Share on other sites

Hello mcluskyism, I hope you are correct! And I think you are! So I´ll wait for the official version of 1.7.0.8 👍

I´m a big fan of WinToolkit  🇸🇪

 

 

Edited by sweden8

Share this post


Link to post
Share on other sites

Hi to all, unfortunately I Get No Joy ... all releases of WinToolkit from 1.7.0.1 to 1.7.0.8 are presumed infected, according to my company antivirus.
I am still convinced that this is a false positive, but for now I am screwed.
BTW, my goal ATM is to modify only a copy of Seven Starter ... in yours opinion, maybe the original v1_1.7.0.0 could suffice?
Thanks anyway for all the support, and greetings to the whole forum 😉

Edited by mcluskyism
misspelling

Share this post


Link to post
Share on other sites

Yes, it is!

But if you want to hide some KBs, you can't use the .vbs-script put directly in the section Silent-Installer + SFX (the feauture is only since 1.7.0.7), you must use the .exe-version.

Share this post


Link to post
Share on other sites

Hi all,

I'm having the same problem. McAfee Endpoint Security claims WinToolkitRunOnce.exe to be the Trojan. It quarantains it and there is no way to set it as positive.

Running WinToolkit 1.7.0.8, had the same result with 1.7.0.7. I'll try with the version 1.7.0.0 and report back.

Tom

Edit: Version 1.7.0.0 still running smoothly, no complaints about trojans

 

Zwischenablage01.jpg

Edited by PapoPorz

Share this post


Link to post
Share on other sites

Hi PapoPorz, and welcome on my same boat 😅 indeed, thank you for having fully identified the "culprit".

So, any suggestions from the developers? I'm still on v1_1.7.0.0 ATM.

Thank you 😉

 
Edited by mcluskyism
misspelling

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Similar Content

    • By JCM
      Avast! Free Antivirus 8 es un Software de Protección Antivirus Gratuito y uno de los mejores y más completos hoy en día!. Te Protege de Virus, Spywares,Troyanos y Códigos Maliciosos mientras navegas por Internet, Chateas, revisas tu Correo, Descargas o ejecutas algún Programa, porque está constantemente actualizando su base de datos para mantenerte a salvo en la Red.

      Además en esta versión 8 del Antivirus viene incluído el Software Updater que te avisa cuando un programa requiere una actualización para evitar riesgos de seguridad!.

      Ésta es la versión Gratuita y te puedes Registrar con un Nombre, Apellido y correo electrónico, activando así el Antivirus por un Año Totalmente Gratis!, además cuando esté llegando la caducidad; te vuelves a registrar y otro año más estarás Protegido por uno de los Mejores Antivirus Gratuito!
       

       
       
      Totalmente Compatible con Windows XP, Vista, 7, 8 de 32 y 64 Bits!
      DESCARGA ACTUALIZADA...esperar 5 segundos y Click en Multilenguaje - 106 MB Para Instalar y Configurar el Antivirus, ver el Video:El Video se refiere a Avast 7 pero son muy similares para configurar...   y por cierto la sensual Voz de Avast es: http://youtu.be/6I6CdRJWFyw ...y si te parecen molestos esos sonidos, puedes desactivarlos accediendo a:OPCIONES, Sonidos, y Click en: Activar Sonidos de Avast! (para desactivarlo) 
      http://jcmepy.blogspot.com.es/2012/12/Antivirus-Gratis-Avast-Free.html
    • By NIM
      We have a special giveaway on WinCert.net. This time Dr.Web company gave Wincert.net 5 licenses of their comprehensive protection suite Dr.Web Security Space worth 28 Euros.
      Our lucky winners will get a FREE one year license for the latest version of Dr.Web Security Space Pro that includes updates and product support.
      Here's what you are getting with Dr.Web Security Space:
      Comprehensive anti-virus solution for PC
      Real time protection
      Best at curing active infections
      Installs in an infected system without its preliminary curing
      Fast multi-thread scanning
      Unique technologies blocking even unknown threats
      Full scan of archives at all nesting levels
      Best detection and neutralization of complex viruses
      Filters spam and other types of unsolicited messages without training the anti-spam
      Reliable on-the-fly scan of inbound and outbound http-traffic
      Efficient protection of children against exposure to objectionable content
      Protects against unauthorized access by a network; prevents data leaks; blocks suspicious connections on package and application layers
      New! Remote administration from other computers in the local network without installing the Dr.Web Control Center.
      For more information please visit THIS page.
      Giveaway NOTE (please read!)
      To enter this giveaway please LIKE WinCert.net on FACEBOOK or add a plus on GOOGLE+ pages, add us to your circles and post your full name below.
      If you have already Liked us on Facebook or Google+ pages, then just post your name below and you will automatically enter the giveaway.
      Giveaway will end on September, 7th 2012 when we will announce lucky winners. Please remember to follow the rules of this giveaway or your request won't be valid.
    • By davids
      Arcavit intitially started as Arcabit way back in 2004. Of late they have changed their brand name to Arcavir. Arcabit antivirus softwares are tailor-made for Windows and Linux based OS. It has the capability to protect a a small PC and goes right up till large enterprise networks. It was in the year 2010 when they began their establishment in the Asian market and they look settled team now. ArcaVir has been awarded with VB100 award for its excellent performance on theWindows 7 platform and have also been awarded by PC Security Labs. ArcaVir is a second antivirus software in the whole world which compatibility with Windows 7 was confirmed. Certainly an acheivement of some sort. Other than this, ArcaBit is consistently being awarded by numerous Quality awards from Poland every year. ArcaBit is one such company that develops its own engine ArcaVir in the Windows, Linux, FreeBSD, OpenBSD, NetBSD and various other platforms.
      Rules to participate in contest:-
      1. Let us know why you would like to win the license through the comments.
      2. Like Our Facebook Fan Page
      3. Follow us on Twitter
      4. Follow Us on Google+
      5. Share This Post On your Facebook Profile Page and other Social Networking Platforms and post the links through the comments as a proof.
      Winners will be selected randomly and would receive the licenses through their e-mails on 30th April which is the deadline for this Giveaway.
      To participate in contest please visit:-
      http://www.techarta....2012-giveaways/
      Good Luck to all participants...
×
×
  • Create New...