matmat

Adaware marks a VB program containing function CreateObject("WScript.Shell") a Trojan

Recommended Posts

Hi,

I am a developer with a software company.

Adaware marks our program containing the Microsoft function CreateObject("WScript.Shell") a Trojan.

When we remove only this line from the program and recompile, Adaware finds no Trojan in the file.

Could someone please help?

If required I can send the versions of the file.

Many thanks in advance.

 

  • Like 1

Share this post


Link to post
Share on other sites

Hi matmat,

I've moved your topic to the forum for false positives.

Please follow the guide

 

Share this post


Link to post
Share on other sites

Hi,

Thanks for directing my question to the correct forum.

Attached you will find the Adaware report file as requested.

I made full scans of my PC before and they all came up with no threat found.

Also attached is a zip file containing the infected and clean versions of the file which I have compiled myself.

As I have indicated earlier, the ONLY difference between the two files is that the infected one contains the following line:

CreateObject("WScript.Shell")

and the clean one does not.

It is conceivable that many viruses or trojans may use the CreateObject("WScript.Shell") command, because it is primarily a file operations command.

However this does not mean that all apps using this function are trojans.

My guess is that you need to change the fingerprint for this particular trojan family (Gen:Trojan.Heur.VP2.dm...) so that it is not based on the presence of the CreateObject("WScript.Shell") command in an executable file.

Many thanks for your kind support.

 

 

adaware_Report_Custom_Manual_02-09-2018 124403.xml

false positive.zip

Share this post


Link to post
Share on other sites

Hi matmat,

Thanks for providing so much detail. The detection is a false positive and will be removed within the next few updates/within a few hours.

LS Andy

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now