CBMSTUFF FORUM

Full Version: Cannot install SCP anymore, virus found
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Pages: 1 2
Hello,

Since yesterday with the Win10 2004 update, it seems Defender detects SCP as a trojan.

Can anyone confirm?

Thank you.

Pitou!
It's definitely not a virus. Smile What anti-virus are you using?
I had the same issue when I installed the software yesterday.

If you go to Settings | Update & Security | Windows Security | Virus & threat protection | Protection history, you will probably find entries. There it is possible to allow the application to run. You will probably find that Windows has also quarantined the executable file from the C:\Program Files (x86)\SCP directory, the executable will be restored to its original location

I have already reported at Microsoft that this executable is not a virus.

I hope this helps.

Hans-Peter
SCP is a Microsoft Visual Basic application, generated by Microsoft's own program! Smile

I don't see any warning. I have updated all of my machines to the latest Windows 10. Are you running some anti-virus software of some kind?
I am not running any additional anti-virus software.

Windows 10 is detecting scp.exe as a possible Trojan:Win32/Wacatac.C!ml
Also, an additional 14 out of 71 engines on Virus Total (https://www.virustotal.com) are detecting a trojan.

It detects the following:
file: C:\Program Files (x86)\SCP\SCP.exe
file: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SCP\SCP.lnk
startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SCP\SCP.lnk

I am not an expert on this, but I don't think it necessarily means that there is something wrong with the program itself, it might have to do with the things the program is doing. I do think it is important to check how to prevent the application from being marked as a trojan.
I will have to look into this. It literally is just an application. It doesn't even contain resources (like my firmware updater does).
Ok, I have sent emails to all of these companies to white list the program. The ironic thing is that most of those companies are not even PC related. They are for Android devices.

Also, if you use their scanner (or even VirusTotal) to scan the file from a URL, there are no issues at all.

https://www.cbmstuff.com/downloads/temp/SCP.exe

So, I am not sure why some of these companies trigger a false positive.
Well, it seems according to a quick google search that the new Windows update has triggered all kinds of problems like this with other software!
Yes, this is not uncommon and has happened many times before. It is, It probably is the heuristic scanning that is causing the problem, this is probably not a specific signature that is recognized. But as said, I am not an expert on this.
I confirm, same here. Here the reports with the current SCP software :

[Image: antivirus_issue_1.png]

[Image: antivirus_issue_2.png]

Btw I got the same issue with one of my software last week. I finally managed to "cure" it...
The Windows antivirus and some others are now very sensitive with non-signed executable/DLL.
From my analysis and tests any non-signed executable linked the Windows network API are now considered suspect.
As workaround my executable is not linked to the network DLL anymore and i use the LoadLibrary / GetProcAddress API to get the network functions pointers when needed. And i have also obfuscated the dll and functions names...
Another point : Avoid to use any executable packer - the packed executable will be for sure a suspect... spywares and virus use the same packers and have some common signatures Wink

This appears to have fixed the issue... For the moment.... But i have the feeling that it will be harder and harder to provide non-signed executable sooner.

Anyway take care with these false alerts : Your website can be blacklisted, unlisted on the search engines and even blocked on some browsers. I got this issue recently because of a false positive on a file present on my website... (This file was on a page since 15 years without causing any issue...)
Pages: 1 2