Well to be honest dude, a lot of AVs are letting it through now. McAfee doesn't unless permitted, however I know AVG does, Trend Micro, Kspersky and Malwarebytes
Just got my ventrilo server up last night
And wtf is with netdragon and converting standard swf files to .dat files lol
Malware is malicious, if its not acting as spyware/adware or a virus then I wouldnt consider it malicious. Even if it is accessing a backdoor to bypass the autopatcher and whatnot
Analysis as of todays date
Antivirus Result Update
AegisLab Troj.W32.Refroso.cugt!c 20161119
AhnLab-V3 Trojan/Win32.Refroso.C154843 20161118
Avast Win32:Evo-gen [Susp] 20161119
Avira (no cloud) TR/Refroso.cugt 20161118
Baidu Win32.Trojan.Refroso.a 20161118
ClamAV Win.Trojan.Refroso-12557 20161119
Comodo TrojWare.Win32.Refroso.cugt 20161118
DrWeb BackDoor.Bifrost.24709 20161119
ESET-NOD32 Win32/GameHack.FO potentially unsafe 20161119
Fortinet W32/GameHack.DS 20161119
Ikarus Virus.Win32.Qlod 20161118
Jiangmin Trojan/Refroso.ozj 20161119
K7AntiVirus Backdoor ( 04c502cc1 ) 20161119
K7GW Backdoor ( 04c502cc1 ) 20161119
Kingsoft Win32.Troj.Refroso.(kcloud) 20161119
McAfee RDN/Generic PUP.x 20161119
McAfee-GW-Edition RDN/Generic PUP.x 20161119
Microsoft VirTool:Win32/Qlod.A 20161119
NANO-Antivirus Trojan.Win32.Refroso.dkrol 20161119
Panda Trj/CI.A 20161118
Qihoo-360 Win32/Trojan.ae3 20161119
Rising Trojan.Generic-HwkL4aO4yLT (cloud) 20161119
TheHacker Trojan/Refroso.cugt 20161117
TrendMicro-HouseCall TSPY_REFROSO_BK082CC3.TOMC 20161119
VBA32 Malware-Cryptor.Inject.gen 20161118
VIPRE RiskTool.Win32.ProcessPatcher.Sml!cobra (v) (not malicious) 20161119
ViRobot Trojan.Win32.A.Refroso.9728.B[h] 20161119
Yandex Trojan.Refroso!pAfFMPccnwY 20161118
Zillya Trojan.Refroso.Win32.56657 20161118
nProtect Trojan/W32.Small.9728.EK 20161119
ALYac 20161119
AVG 20161119
AVware 20161119
Ad-Aware 20161119
Alibaba 20161118
Antiy-AVL 20161119
Arcabit 20161119
BitDefender 20161119
Bkav 20161117
CAT-QuickHeal 20161118
CMC 20161119
CrowdStrike Falcon (ML) 20161024
Cyren 20161119
Emsisoft 20161119
F-Prot 20161119
F-Secure 20161119
GData 20161119
Invincea 20161018
Kaspersky 20161119
Malwarebytes 20161119
eScan 20161119
SUPERAntiSpyware 20161119
Sophos 20161119
Symantec 20161119
Tencent 20161119
TrendMicro 20161119
Zoner 20161119
From what I see, some of the best have accepted the file as not malicious
And as far as rewriting it in a way where its not detected like that, is not as easy as I thought..
TrendMicro TSPY_REFROSO_BK082CC3.TOMC 20160322
For example that was from 8 months ago when someone else did a virus total report
Quote:
Originally Posted by Best Coder 2014
Pretty much every heuristic analysis is going to disagree with you on this one ... which is why your "loader" gets flagged.
It does malicious stuff (injecting code into other processes and whatnot), therefore it is, like, by definition malicious.
Detecting and flagging your loader is the expected behavior of any decent anti-virus.
|
I wouldnt have spent 8 hours on the phone if I wasn't going to have the shit removed. Most AVs accept it. Win defender is just a dick