Sign in to follow this  
matmat

Adaware marks a VB program containing function CreateObject("WScript.Shell") a Trojan

Recommended Posts

Hi,

I am a developer with a software company.

Adaware marks our program containing the Microsoft function CreateObject("WScript.Shell") a Trojan.

When we remove only this line from the program and recompile, Adaware finds no Trojan in the file.

Could someone please help?

If required I can send the versions of the file.

Many thanks in advance.

 

  • Like 1

Share this post


Link to post
Share on other sites

Hi matmat,

I've moved your topic to the forum for false positives.

Please follow the guide

 

Share this post


Link to post
Share on other sites

Hi,

Thanks for directing my question to the correct forum.

Attached you will find the Adaware report file as requested.

I made full scans of my PC before and they all came up with no threat found.

Also attached is a zip file containing the infected and clean versions of the file which I have compiled myself.

As I have indicated earlier, the ONLY difference between the two files is that the infected one contains the following line:

CreateObject("WScript.Shell")

and the clean one does not.

It is conceivable that many viruses or trojans may use the CreateObject("WScript.Shell") command, because it is primarily a file operations command.

However this does not mean that all apps using this function are trojans.

My guess is that you need to change the fingerprint for this particular trojan family (Gen:Trojan.Heur.VP2.dm...) so that it is not based on the presence of the CreateObject("WScript.Shell") command in an executable file.

Many thanks for your kind support.

 

 

adaware_Report_Custom_Manual_02-09-2018 124403.xml

false positive.zip

Share this post


Link to post
Share on other sites

Hi matmat,

Thanks for providing so much detail. The detection is a false positive and will be removed within the next few updates/within a few hours.

LS Andy

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this