GlassWire/uninstall.exe Virus/Trojan?

peterhat · September 20, 2014, 11:51am

Saturday 20 sept 12.50 pm UK time … im getting worried !

Also
Computer name . . . . ******************
Windows . . . . . . . : 6.1.1.7601.X64/4
User name . . . . . . : *****************
UAC . . . . . . . . . : Enabled
License . . . . . . . : *******

Scan date . . . . . . : 2014-09-20 12:40:59
Scan mode . . . . . . : Normal
Scan duration . . . . : 44s
Disk access mode . . : Direct disk access (FsdHigh)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : No

Threats . . . . . . . : 1
Traces . . . . . . . : 2

Objects scanned . . . : 1,156,083
Files scanned . . . . : 9,115
Remnants scanned . . : 257,396 files / 889,572 ke

Malware _____________________________________________________________________

C:\Program Files (x86)\GlassWire\uninstall.exe
Size . . . . . . . : 151,203 bytes
Age . . . . . . . : 2.2 days (2014-09-18 08:05:05)
Entropy . . . . . : 7.6
SHA-256 . . . . . : 1055DE05502AB270653C5D8A993D098FEE760F1793C620B5F8E6D957FBCAF71A
Product . . . . . : GlassWire Setup
Publisher . . . . : SecureMix LLC
Description . . . : GlassWire Setup
Version . . . . . : 1,0,25,764
Copyright . . . . : © 2014 SecureMix LLC
LanguageID . . . . : 1033
> Bitdefender . . . : Gen:Trojan.Heur2.FU.amX@aG1D6Ng
Fuzzy . . . . . . : 102.0
References
C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GlassWire 1.0\Uninstall.lnk
Forensic Cluster
-13.3s C:\Program Files (x86)\GlassWire
-13.3s C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
-12.4s C:\Program Files (x86)\GlassWire\GWIdlMon.exe
-11.4s C:\Program Files (x86)\GlassWire\GlassWire.exe
-11.0s C:\Program Files (x86)\GlassWire\Qt5Concurrent.dll
-11.0s C:\Program Files (x86)\GlassWire\Qt5Core.dll
-10.7s C:\Program Files (x86)\GlassWire\Qt5Gui.dll
-10.5s C:\Program Files (x86)\GlassWire\Qt5Svg.dll
-10.5s C:\Program Files (x86)\GlassWire\Qt5Widgets.dll
-10.2s C:\Program Files (x86)\GlassWire\Qt5WinExtras.dll
-10.1s C:\Program Files (x86)\GlassWire\icudt52.dll
-9.2s C:\Program Files (x86)\GlassWire\icuin52.dll
-9.0s C:\Program Files (x86)\GlassWire\icuuc52.dll
-8.9s C:\Program Files (x86)\GlassWire\msvcp110.dll
-8.9s C:\Program Files (x86)\GlassWire\msvcr110.dll
-8.8s C:\Program Files (x86)\GlassWire\platforms
-8.8s C:\Program Files (x86)\GlassWire\platforms\qwindows.dll
-8.7s C:\Program Files (x86)\GlassWire\imageformats
-8.7s C:\Program Files (x86)\GlassWire\imageformats\qico.dll
-8.7s C:\Program Files (x86)\GlassWire\imageformats\qico.dll
-8.7s C:\Program Files (x86)\GlassWire\imageformats\qjpeg.dll
-8.6s C:\Program Files (x86)\GlassWire\fonts
-8.6s C:\Program Files (x86)\GlassWire\fonts\OFL.txt
-8.6s C:\Program Files (x86)\GlassWire\fonts\Oswald-Regular.ttf
-8.6s C:\Program Files (x86)\GlassWire\copyrights
-8.6s C:\Program Files (x86)\GlassWire\copyrights\boost-license.txt
-8.6s C:\Program Files (x86)\GlassWire\copyrights\geoip-license.txt
-8.6s C:\Program Files (x86)\GlassWire\copyrights\google-license.txt
-8.6s C:\Program Files (x86)\GlassWire\copyrights\libcurl-license.txt
-8.6s C:\Program Files (x86)\GlassWire\copyrights\libqxt-license.txt
-8.6s C:\Program Files (x86)\GlassWire\copyrights\openssl-license.txt
-8.6s C:\Program Files (x86)\GlassWire\copyrights\openssl-license.txt
-8.6s C:\Program Files (x86)\GlassWire\copyrights\qt-license.txt
-8.6s C:\Program Files (x86)\GlassWire\copyrights\qt-license.txt
-8.6s C:\Program Files (x86)\GlassWire\copyrights\qt-license.txt
-8.6s C:\Program Files (x86)\GlassWire\copyrights\qt-license.txt
-8.6s C:\Program Files (x86)\GlassWire\driver\x86
-8.6s C:\Program Files (x86)\GlassWire\driver\x86\gwdrv.cat
-8.6s C:\Program Files (x86)\GlassWire\driver\x86\gwdrv.inf
-8.6s C:\Program Files (x86)\GlassWire\driver\x86\gwdrv.sys
-8.6s C:\Program Files (x86)\GlassWire\driver
-8.6s C:\Program Files (x86)\GlassWire\driver\x64
-8.6s C:\Program Files (x86)\GlassWire\driver\x64\gwdrv.cat
-8.6s C:\Program Files (x86)\GlassWire\driver\x64\gwdrv.inf
-8.6s C:\Program Files (x86)\GlassWire\driver\x64\gwdrv.sys
-0.0s C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GlassWire 1.0
-0.0s C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GlassWire 1.0\Uninstall.lnk
0.0s C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GlassWire 1.0\GlassWire.lnk
0.0s C:\Program Files (x86)\GlassWire\uninstall.exe

Servo_GlassWire · September 20, 2014, 12:55pm

Strange. I just uploaded the file again for our latest release and it gave me the all clear here https://www.virustotal.com/en/file/83878af3b0379941f99e7c7d3c31ec5eca92e64b86140e1885caac62e8ec3ce9/analysis/ Can you give me the link for this? Also a lot of these companies use the same scanning engine so maybe this is from before Bitdefender updated. Perhaps all these companies use the Bitdefender engine.

Unfortunately false positives are not unusual these days for signature based antivirus products. It’s very frustrating for us.

peterhat · September 20, 2014, 1:35pm

Hi Servo
Your link is testing “GlassWireSetup.exe” mine is testing uninstall.exe (C:\Program Files (x86)\GlassWire)

https://www.virustotal.com/en/file/1055de05502ab270653c5d8a993d098fee760f1793c620b5f8e6d957fbcaf71a/analysis/1411219910/

Michael_Knight · September 20, 2014, 4:09pm

The Glasswire.exe file is fine for me:

But as of today (Saturday) UK Time, the uninstall.exe still gets flagged. I will keep checking.

Also, I cannot post any links or images still, it’s a real pain when I’m trying to help you guys!

Thanks.

Servo_GlassWire · September 20, 2014, 5:32pm

Michael, I made a change to your account. I think the link/image feature should work now. I will contact Bitdefender yet again and see if they have any ideas. Thank you.

Michael_Knight · September 21, 2014, 7:47am

@Servo_GlassWire Thanks, I’ll test it now with this post.

Sunday Morning, 8:44am and still not fixed. Still getting a trojan warning in the uninstaller .exe file.

Thanks, and thanks for fixing the Image issue, seems to be working now.

DustyOne · September 21, 2014, 8:49am

I couldn’t sleep so I thought I’d stop by and try downloading GW again. As of 2:45 AM MT Bitdefender is showing the all clear! Looks like I’m good-to-go! Keep up the great work!

bluesmanuk · September 21, 2014, 3:19pm

I just installed this a few minutes ago from the link provided at Gizmos freeware and it is still flagged up in my bitdefender, despite a definition update.

Michael_Knight · September 21, 2014, 4:30pm

I can now confirm that Glasswire is now being shown as Safe, as from around 5:30pm UK time.

Thanks guys for a wonderful product and I can’t wait to see what you have in store for the future.

peterhat · September 21, 2014, 6:33pm

Virus total shows clean 7.30 pm UK time

https://www.virustotal.com/en/file/1055de05502ab270653c5d8a993d098fee760f1793c620b5f8e6d957fbcaf71a/analysis/1411324235/

Servo_GlassWire · September 21, 2014, 6:44pm

Excellent! Thanks so much everyone!