https://www.virustotal.com/ picking up malware in installation file

Have you found a bug or you think that the program does not function as expected? Report it here
cimitchell
Posts: 3
Joined: Wed Jan 18, 2023 10:21 am

https://www.virustotal.com/ picking up malware in installation file

Post by cimitchell »

Hi,

I downloaded the installer and as I usually do for installation files, I went to https://www.virustotal.com/ and scanned it. It flagged a couple of things:

4 security vendors and 1 sandbox flagged this file as malicious

Security vendors' analysis:

Cybereason
Malicious.172a65

SecureAge
Malicious

Trapmine
Suspicious.low.ml.score

Zillya
Adware.Fiseria.Win32.4973

Thanks for your assistance.
User avatar
JG
Posts: 4613
Joined: Wed Jun 04, 2008 8:34 pm

Re: https://www.virustotal.com/ picking up malware in installation file

Post by JG »

Thanks for the observation. 4 out of 69 software suspect something.
Jon
the
Word 6 Bible Software
OS for testing; Windows 10
Beta Download ------Beta Setup Guide------On-line Manual------Tech doc's and Utilities------Copyright Factsheet
cimitchell
Posts: 3
Joined: Wed Jan 18, 2023 10:21 am

Re: https://www.virustotal.com/ picking up malware in installation file

Post by cimitchell »

So it is safe to install? It makes me nervous because of how many attacks that happen every day.
User avatar
JG
Posts: 4613
Joined: Wed Jun 04, 2008 8:34 pm

Re: https://www.virustotal.com/ picking up malware in installation file

Post by JG »

I downloaded each of the packages and did not get any warning from Acronis or Microsoft security software.

Safe practice is to always have a backup of all your data.
Jon
the
Word 6 Bible Software
OS for testing; Windows 10
Beta Download ------Beta Setup Guide------On-line Manual------Tech doc's and Utilities------Copyright Factsheet
cimitchell
Posts: 3
Joined: Wed Jan 18, 2023 10:21 am

Re: https://www.virustotal.com/ picking up malware in installation file

Post by cimitchell »

Could you run it through virustotal and let me know what you think is causing this?
arraybolt3
Posts: 84
Joined: Mon Jan 02, 2023 12:11 am

Re: https://www.virustotal.com/ picking up malware in installation file

Post by arraybolt3 »

For some reason antiviruses have a tendency to flag theWord's installer as malicious. That may be because it does things like unpack .exe files onto the disk, and run them after unpacking. Which is normal installer behavior, since theWord's main program is (shocker!) a .exe file, it appears to run some sub-installers for installing the initial set of modules, and there's a checkbox at the end of the installer to automatically launch theWord after installation.

In general, the best way to avoid malware is to only run software from authors you trust - an obscure antivirus's warning (or lack thereof) is generally unhelpful (though if a well-known antivirus throws warnings, that may be something to take seriously). I personally do trust theWord's authors, from having worked with them a bit and from seeing others who use theWord, so I feel comfortable running theWord on my systems. theWord has never caused any malicious-looking effects to any system I have used it on, and I have used it on quite a few systems for years.

Also, the installer for my current copy of theWord triggers four things on VirusTotal and it's working great for me over here, so I wouldn't worry about it, especially since software installer behavior is known for being able to trigger false positives. There's other well-known and well-trusted software out there that also triggers things on VirusTotal (for instance Rufus, a popular tool for making bootable USB flash drives among other things), so a small number of scanners isn't something I'd be concerned about. (If it was triggering twenty scanners, I'd be alarmed, but four obscure ones, probably not a problem.)
I'm just an unworthy servant of Christ trying to do my job. But I love my job. :D

theWord 6 on Wine Staging and Windows 11
arraybolt3
Posts: 84
Joined: Mon Jan 02, 2023 12:11 am

Re: https://www.virustotal.com/ picking up malware in installation file

Post by arraybolt3 »

Also worth mentioning, of those four antivirus systems triggered on VirusTotal, three of them appear to be Aritifical Intelligence powered, and AI is notorious for getting things wrong (sometimes badly so). The fourth one (Zillya) is one I've never heard of before, and it does not look like a very professional product IMO (their web page looks poorly put together, there's seriously bad typos, and their cookie notice says "Thanks for accepting cookies" rather than giving the user the option of denying them).
I'm just an unworthy servant of Christ trying to do my job. But I love my job. :D

theWord 6 on Wine Staging and Windows 11
Post Reply