GlassWire/uninstall.exe Virus/Trojan?

Hello my “Adaware ANtivirus” found today in the file “GlassWire/uninstall.exe”

InfectedObject ThreatName=“Gen:Trojan.Heur2.FU.amX@a4tS9Yf” ThreatType=“Virus” ObjectStatus=“Infected” InnerObject="" ParentContainers="" ObjectPath=“C:\Program Files (x86)\GlassWire\uninstall.exe” ObjectType=“File”/

I did start then a scan with VIrustotal and here is the Result(5/45);

https://www.virustotal.com/de/file/5caeb446f7b10efcb1817fb2a20761005a044aac731f1eccc26b91472e23a936/analysis/1410641674/

So what i have to do now?..

Let me investigate and see what’s happening there. It’s not unusual to have false positives. On Monday we will probably release yet another update to fix a problem we found in our updater.

Thank you for reporting this.

It should be a false positive because only one antivirus engine detected it, BitDefender.

The other 4 use the same engine in their software. Usually each different antivirus engine have different names for the malware that they have found, so when a few software found the same malware name, they share the same engine. It’s especially known that Ad-Aware and Emsisoft uses the BitDefender engine, as well as various other smaller antivirus products.

Ken, may I suggest to simplify the above and add it under the section of your malware page where you mention VirusTotal?

thewan,

I contacted Bitdefender so I think this false positive will go away shortly plus we have experience making changes to GlassWire that will make future false positives unlikely. If it becomes a problem though we can add something to the guide as you suggest but hopefully it was just a one time thing.

Nice. Although I think you misunderstood me a little. I meant it as a general guideline on how to decide whether something is a false positive, or it’s something that is really to worry about, which is why I suggested adding it to your malware section of the website where you mention VirusTotal. Although I agree it will be confusing to the average user, so I would understand not putting it there at all. A better general rule is, when in doubt, get rid of it, until proven otherwise.

1 Like

I am having the same problem. However Bitdefender won’t even allow me to download the program. So I turned off BD and downloaded it anyway after doing a full image backup. I installed and all went well, however the next day I started having other issues with network connections with BD screaming Trojan, so I attempted to uninstall GW and BD had removed the uninstaller. So I restored my computer with the image backup and all is back to normal. I think I’ll wait till the bugs get worked out and BD gives it the all clear. I look forward to seeing this program evolve and hope to see it as effective as Mac’s “Little Snitch”.

1 Like

BD will give us the all clear tomorrow when we update. Meanwhile I contacted them and they should OK our old versions soon also. Sorry for the hassle.

This should be fixed now with our new update https://www.glasswire.com/download/. Please confirm.

As of 10:30AM MT still getting Infected with Gen.Trojan.heur2.FU.amx@aG1D6Ng during download.

1 Like

Can you try clearing your browser cache or try a different browser? Can you send us a screenshot please via our bugs email? We’d really appreciate it.
https://www.glasswire.com/contact/

I downloaded the latest version about 10 mins ago, and BitDefender is still flagging the installer and also the uninstall.exe file as a trojan, so your new update is either really infected or if it’s a false positive and BitDefender have yet to update this in their definitions.

I’ve quarantined the whole Glasswire folder until it can be proved safe.

I had this same issue with a game on Steam, the developers insisted time after time that it was a false positive. It turned out to be a real threat.

Hope you get this sorted as Glasswire is an excellent app.

http://i.michaelmknight.co.uk/images/2014/09/18/glasswire.png Thanks.

1 Like

This happens when I try to download from https://www.glasswire.com/download/

1 Like

Thanks guys! We’re working with them via their support and via Twitter even to try to get this solved ASAP. Your screenshots really helped. Thanks again!

If you’d like to submit us as a false positive here http://www.bitdefender.com/site/Main/automaticSampleUploader/ it may expedite the process. Thank you.

Guess what? Bitdefender confirmed it’s a false positive and said they would remove the false alert within 48 hours. Thanks for all your help! Please try to install again in 48 hours and let me know if you still have an issue. We’ll test on our end also. I’ll post a screenshot of the email from them to help make you feel at ease that we’re not really infected. :smile:

Thanks Servo/Ken.

Just doing a definitions update via Bitdefender will fix the issue once they have added it to the list. If Glasswire is already installed, running a scan (or even reinstalling) should be fine.

Thanks for your help.

1 Like

Maybe someone can confirm it’s fixed if they have time. Thanks!

I just did an update and then scanned the folder and it still got flagged!

http://i.michaelmknight.co.uk/images/2014/09/19/2014-09-19_13-05-10.png (Sorry, still can’t post images).

I will keep checking though throughout the day and will let you know if it’s fixed for me.

Mike.

Wow, that’s really disappointing! If you could try again on Sunday I’d really appreciate it. We’ll keep trying on our end also. Thanks again.

Sure, no problem. It was 1pm my time (UK) when I posted my last post above, it’s now just after 5pm and still no change. I’ll keep trying though and will post when it gets the all clear.

1 Like