ImDisk Toolkit marked as Trojan
Status: Inactive
Brought to you by:
w77
Menu
▾
▴
Hi w77,
I thought that you should be aware that the downloads are being marked as a Trojan:
https://www.virustotal.com/en/file/643a0e84805bc2aa25d9ac6eeddd1f0221a3bf00ce39dc313676428daac89930/analysis/
Maybe providing MD5 hashes could, at the least, provide some confidence for untampered downloads?
Yes, I know... The file was submitted by myself just before the release, and there were 8 alerts.
Except a few lines, the source code is the same for the 64-bit version:
https://www.virustotal.com/file/1422cdfb13035b5b1a3e0e453669c4cd264af53132103369d29cc42a96aeaa21/analysis/
1 alert, against 20 for the 32/64 bits.
I just tried to make a new build with the source of the 20161120:
https://www.virustotal.com/file/021a83731a756fc6be421f99431613ad40f75eb76bd45bd7e4ad458f5f3e5271/analysis/1480594471/
Yes, 6 alerts with the same code (when I write these lines), and just some timestamps changed.
Everything started when I myself compiled the 7-Zip SFX modules, mainly for the 64-bit version, but also for some security and compatibility issues.
There is no solution. I will not bring back all the previous issues just for reducing the number of alerts.
If there is something wrong in the code, the 64-bit version too should show a lot of alerts. So maybe I am infected and there is a virus on my system. This would be a persistent one, because I recently reinstalled everything. And this would not explain why the number of alerts change so much.
So you can try to make the build yourself. It's not very complicated, but I will add more detailed instructions for the next release.
For now, I am afraid not to have the power to fight against 20 antivirus companies...
About the hashes, they are already provided by Sourceforge, when you click on the "i" icon next to the file name. And you also can see them on VirusTotal.
Several alerts come from RamDiskUI.exe (6 with a test build). I just found an unnecessary operation in the manipulation of the services. After removing it, the number of alerts dropped to only one alert, and 4 for the whole installation package (instead of 8 for the version 20161120 when it was submitted).
It seems that antiviruses are very sensitive about service manipulation... But to this point it's ridiculous, especially when the 64-bit version does the same thing.
I just found an interesting article from a former developer of Mozilla:
http://robert.ocallahan.org/2017/01/disable-your-antivirus-software-except.html