Login

finorgan · (This post was last modified: 20-11-2017, 04:38 PM by finorgan.)

Found the following Trojan downloader in my VEDA FE folder this morning:

https://www.f-secure.com/v-descs/trojan-...eric.shtml

***Vikrant*** · 20-11-2017, 04:58 PM

Hi Finorgan,

Are you trying to say trojan found during installation? or found in existing installation?

finorgan · 20-11-2017, 05:11 PM

(20-11-2017, 04:58 PM)Vikrant Wrote: Hi Finorgan,

Are you trying to say trojan found during installation? or found in existing installation?

Hi Vikrant,

File found is called a Trojan Downloader. Details in link I included in original post represent my full knowledge:

"Technical Details

A Trojan-downloader is a type of trojan that installs itself to the system and waits until an Internet connection becomes available to connect to a remote server or website in order to download additional programs (usually malware) onto the infected computer."

Trojan was found during routine scan. I last installed VEDA about 2 months ago

Fionn

***Vikrant*** · 20-11-2017, 05:21 PM

Fionn, Antivirus detects this trojan in which file?

As you said your installation is two months older and if antivirus did not found this in the past then something happen recently so you have to contact your IT team to fix this.

finorgan · 20-11-2017, 05:31 PM

C:\VEDA\VEDA_FE\CheckComments.exe was the rogue file. Was deleted by F-Secure, my anitvirus-software.

**Antti-L** · 20-11-2017, 07:07 PM

Yes, this is a known issue. It was reported here already before by Abdulaziz: http://forum.kanors-emr.org/showthread.php?tid=573
"I have already disabled the antivirus (F secure) because it keeps detecting a Trojan in the CheckComments.exe and quarantining it."

I can also myself confirm that F-Secure Client Security marks the file as a Trojan.
I have now submitted it to F-Secure for their review, hoping that they can vindicate it.

finorgan · 20-11-2017, 08:12 PM

Thanks Antti

***Vikrant*** · 20-11-2017, 09:40 PM

Hi Fionn,

This feature is under development, so you can delete that from your machine. Infact I am removing it from installer as well.
And it is very strange that only F-Secure antivirus has issue with this application. Maybe INI file generation trigger alarm for it because except INI this application has only some SQL queries.

Thanks Antti for pointing out the last post releated to same issue. and let's see what F-Secure say about this.

**Antti-L** · (This post was last modified: 20-11-2017, 11:27 PM by Antti-L.)

Reply from F-Secure Security Labs (Mon, 20 Nov 2017 17:49:32 +0000):

Thank you for bringing this to our attention. Our analysis indicates that the file you submitted is clean.
We have identified the issue as a False Positive, which will be resolved in an upcoming database update.
In the meantime, you may exclude this file from further scanning by the security product.

***AKanudia*** · 21-11-2017, 05:30 AM

Thanks Antti!

Login
Username:
Password:	Lost Password?
	Remember me

Possibly Related Threads…
Thread		Author	Replies	Views	Last Post
	Veda Help	Saad Awan	2	1,152	11-07-2023, 02:51 PM Last Post: Saad Awan
	Veda Help	Saad Awan	15	5,649	11-07-2023, 12:55 PM Last Post: AKanudia
	Veda Errors	Saad Awan	0	652	03-07-2023, 06:10 PM Last Post: Saad Awan
	Veda Errors	Saad Awan	2	1,337	16-06-2023, 04:06 PM Last Post: Saad Awan
	CSV Export in Veda	olexandr	4	4,608	21-04-2021, 08:36 PM Last Post: AKanudia
	MAC vs. Windows for VEDA-TIMES FE & BE?	mbr1818	5	10,331	22-02-2021, 01:52 PM Last Post: AKanudia
	problem with (re)SYNC of previous working models/DB after reinstall of VEDA	Koen Smekens	9	8,440	29-12-2020, 08:01 PM Last Post: Antti-L
	About VBE file	guozhi1305	0	1,689	27-08-2020, 03:56 PM Last Post: guozhi1305
	Fatal error in VEDA opening	vahid.aryanpur	2	4,213	15-07-2020, 06:05 PM Last Post: vahid.aryanpur
	Unexpected termination of the VEDA-FE run	seckg	3	5,831	21-09-2019, 07:25 PM Last Post: Antti-L