search

iam-py-test / unwanted-program-removal-tool

A tool for removing PUPs
Creative Commons Zero v1.0 Universal
4 stars 0 forks source link

Detects things in C:\$Recycle.Bin as Threat.Trojan.ImpHash #1

Open JJTech0130 opened 2 years ago

JJTech0130 commented 2 years ago

For example:

PS C:\Users\JJTech\Downloads\unwanted-program-removal-tool-main\unwanted-program-removal-tool-main> py .\scanner.py
------ The Unwanted Program Removal tool ------
Created by iam-py-test
480 total signatures and heuristic rules
Version 0.5
-----------------------------------------------

Enter to dir to scan: C:\
File desktop.ini in C:\$Recycle.Bin\S-1-5-18 is detected as Heuristics: Threat.Trojan.ImpHash
Remove (y/n): n
File desktop.ini in C:\$Recycle.Bin\S-1-5-21-1999756017-3706530499-2194137631-1000 is detected as Heuristics: Threat.Trojan.ImpHash
Remove (y/n): n
File desktop.ini in C:\$Recycle.Bin\S-1-5-21-1999756017-3706530499-2194137631-1001 is detected as Heuristics: Threat.Trojan.ImpHash
Remove (y/n): n
File $I04J3EI.idea in C:\$Recycle.Bin\S-1-5-21-1999756017-3706530499-2194137631-1006 is detected as Heuristics: Threat.Trojan.ImpHash
Remove (y/n): n
File $I0ZH908.java in C:\$Recycle.Bin\S-1-5-21-1999756017-3706530499-2194137631-1006 is detected as Heuristics: Threat.Trojan.ImpHash
Remove (y/n): n
File $I0ZI9B5 in C:\$Recycle.Bin\S-1-5-21-1999756017-3706530499-2194137631-1006 is detected as Heuristics: Threat.Trojan.ImpHash
Remove (y/n): n
File $I1I7Y0G in C:\$Recycle.Bin\S-1-5-21-1999756017-3706530499-2194137631-1006 is detected as Heuristics: Threat.Trojan.ImpHash
Remove (y/n): n
File $I34F85M in C:\$Recycle.Bin\S-1-5-21-1999756017-3706530499-2194137631-1006 is detected as Heuristics: Threat.Trojan.ImpHash
Remove (y/n): n
File $I5XH9HW in C:\$Recycle.Bin\S-1-5-21-1999756017-3706530499-2194137631-1006 is detected as Heuristics: Threat.Trojan.ImpHash
Remove (y/n): n
File $I5ZLNP9.lnk in C:\$Recycle.Bin\S-1-5-21-1999756017-3706530499-2194137631-1006 is detected as Heuristics: Threat.Trojan.ImpHash
Remove (y/n): n
File $I87QHBM in C:\$Recycle.Bin\S-1-5-21-1999756017-3706530499-2194137631-1006 is detected as Heuristics: Threat.Trojan.ImpHash
Remove (y/n): n
File $I9OY2JN in C:\$Recycle.Bin\S-1-5-21-1999756017-3706530499-2194137631-1006 is detected as Heuristics: Threat.Trojan.ImpHash
Remove (y/n): n
File $I9Y23JJ in C:\$Recycle.Bin\S-1-5-21-1999756017-3706530499-2194137631-1006 is detected as Heuristics: Threat.Trojan.ImpHash
Remove (y/n): n
File $IA34IMA.lnk in C:\$Recycle.Bin\S-1-5-21-1999756017-3706530499-2194137631-1006 is detected as Heuristics: Threat.Trojan.ImpHash
Remove (y/n): n
File $IAJMU51.lnk in C:\$Recycle.Bin\S-1-5-21-1999756017-3706530499-2194137631-1006 is detected as Heuristics: Threat.Trojan.ImpHash
Remove (y/n): n
File $IBJ5GEN.gitignore in C:\$Recycle.Bin\S-1-5-21-1999756017-3706530499-2194137631-1006 is detected as Heuristics: Threat.Trojan.ImpHash
Remove (y/n): n
File $IBKBHRH in C:\$Recycle.Bin\S-1-5-21-1999756017-3706530499-2194137631-1006 is detected as Heuristics: Threat.Trojan.ImpHash
Remove (y/n): n
File $IBQEJGM.lnk in C:\$Recycle.Bin\S-1-5-21-1999756017-3706530499-2194137631-1006 is detected as Heuristics: Threat.Trojan.ImpHash
Remove (y/n): n
File $IBU6KAE.java in C:\$Recycle.Bin\S-1-5-21-1999756017-3706530499-2194137631-1006 is detected as Heuristics: Threat.Trojan.ImpHash
Remove (y/n): n
File $IDERZVX in C:\$Recycle.Bin\S-1-5-21-1999756017-3706530499-2194137631-1006 is detected as Heuristics: Threat.Trojan.ImpHash
Remove (y/n):

Obviously this is a false positive.

iam-py-test commented 2 years ago

So sorry that I didn't see this I think there may have been a buggy version which detected everything as that, let me see if the latest version has that bug

iam-py-test commented 2 years ago

Yep. I can reproduce...

iam-py-test commented 2 years ago

Ok, I have found the issue: A while back (last year) I tried implementing a new feature, but the code was buggy & never pushed to the repo. This one doesn't understand the new feature & just glitches out. I am currently working on rewriting it from scratch so will try and fix the bug Edit: It seems to detect everything as malware, inc OS files

iam-py-test commented 2 years ago

@JJTech0130 I am very sorry for this taking an entire month for me to even see this. I have added a temp fix in https://github.com/iam-py-test/unwanted-program-removal-tool/commit/30ad6e760ea7cddab906454fd339f8bec5183af0 and a note to the README

JJTech0130 commented 2 years ago

Don't worry, it's fine. I forget about projects for months at a time lol. I honestly forgot I even opened this issue until today...

iam-py-test commented 2 years ago

Well, thank you for reporting this. I'm glad almost nobody uses this, or else somebody might have lost real data

JJTech0130 commented 2 years ago

Is the recycle bin detected first because it starts with $?

iam-py-test commented 2 years ago

I guess so, but my knowledge of how Windows (and Python) handles that is limited