VirusTotal posible malware in rEFiNd?

An EFI boot manager utility

Status: Beta

Brought to you by: srs5694

VirusTotal posible malware in rEFiNd?

Forum: General Discussion

Creator: pitpat

Created: 2015-04-18

Updated: 2015-05-31

pitpat - 2015-04-18

On Virus Total two of the AVs flag this as possibly having malware.
Should I be concerned?

https://www.virustotal.com/en/file/a5caefac0ba1691a5c958a4d8fdb9d3e14e223acd3b1605a5b0e58860d9d76b4/analysis/

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

pitpat - 2015-04-18

Forgot to say its refind-bin-0.8.7.zip

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Roderick W. Smith - 2015-05-31

The sha256 sum on that page matches my original file, so the analysis is on the original file, not a modified one. I certainly have not been infecting my software with malware, but of course you have only my word on that. Googling the specific red flags noted:

WS.Reputation.1 -- This description is very vague, but it sounds like it's a flag because it's an unknown binary to Symantec. The description notes that systems affected are all Windows, but of course rEFInd is an EFI application.

Malware-Cryptor.FSP.gen -- This is a Trojan that affects (judging by the files listed on the referenced site's "Virus Characteristics" tab) Windows systems. Again, rEFInd is an EFI application, so it can't be infected by a Windows Trojan.

In other words, these are false alarms.

Of course, rEFInd is very low-level software. Malware at this level could be difficult to detect or repair. Short of studying the source code and compiling it yourself locally, you can either accept my word that rEFInd is not malware or don't use it.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Log in to post a comment.