ChrisTG742
commented
2 years ago Upload the installer to www.virustotal.com an see, if Bullgard is the only one that claims a virus. If so, it may be just a false positive.
Open Wirecutter945 opened 3 years ago
ChrisTG742
commented
2 years ago Upload the installer to www.virustotal.com an see, if Bullgard is the only one that claims a virus. If so, it may be just a false positive.
Claim by BullGard that download contains ~ Malware: Drop.Win32.WinDirControlSet.812116 ~ Suspected file: TinyCAD_3.00.03.exe
Malware: Drop.Win32.WinDirControlSet.812116 Path: C:\Users\filma\Downloads\TinyCAD_3.00.03.exe
Details • [7280] C:\Users\filma\Downloads\TinyCAD_3.00.03.exe Files modified • C:\Users\filma\AppData\Local\Temp\dd_vcredist_x86_20210510155743.log • C:\Windows\Temp{F795D022-F47B-4891-B72E-F5324E98DD8F}.ba\BootstrapperApplicationData.xml • C:\Windows\Temp{F795D022-F47B-4891-B72E-F5324E98DD8F}.ba\3082\license.rtf • C:\Windows\Temp{F795D022-F47B-4891-B72E-F5324E98DD8F}.ba\3082\thm.wxl • C:\Windows\Temp{F795D022-F47B-4891-B72E-F5324E98DD8F}.ba\2052\license.rtf • C:\Windows\Temp{F795D022-F47B-4891-B72E-F5324E98DD8F}.ba\1055\license.rtf • C:\Windows\Temp{F795D022-F47B-4891-B72E-F5324E98DD8F}.ba\2052\thm.wxl • C:\Windows\Temp{F795D022-F47B-4891-B72E-F5324E98DD8F}.ba\1055\thm.wxl • C:\Windows\Temp{F795D022-F47B-4891-B72E-F5324E98DD8F}.ba\1049\license.rtf • C:\Windows\Temp{F795D022-F47B-4891-B72E-F5324E98DD8F}.ba\1046\license.rtf • C:\Windows\Temp{F795D022-F47B-4891-B72E-F5324E98DD8F}.ba\1046\thm.wxl • C:\Windows\Temp{F795D022-F47B-4891-B72E-F5324E98DD8F}.ba\1045\license.rtf • C:\Windows\Temp{F795D022-F47B-4891-B72E-F5324E98DD8F}.ba\1045\thm.wxl • C:\Windows\Temp{F795D022-F47B-4891-B72E-F5324E98DD8F}.ba\1042\license.rtf • C:\Windows\Temp{F795D022-F47B-4891-B72E-F5324E98DD8F}.ba\1042\thm.wxl • C:\Windows\Temp{F795D022-F47B-4891-B72E-F5324E98DD8F}.ba\1041\license.rtf • C:\Windows\Temp{F795D022-F47B-4891-B72E-F5324E98DD8F}.ba\1041\thm.wxl • C:\Windows\Temp{F795D022-F47B-4891-B72E-F5324E98DD8F}.ba\1040\license.rtf • C:\Windows\Temp{F795D022-F47B-4891-B72E-F5324E98DD8F}.ba\1040\thm.wxl • C:\Windows\Temp{F795D022-F47B-4891-B72E-F5324E98DD8F}.ba\1036\license.rtf • C:\Windows\Temp{F795D022-F47B-4891-B72E-F5324E98DD8F}.ba\1036\thm.wxl • C:\Windows\Temp{F795D022-F47B-4891-B72E-F5324E98DD8F}.ba\1031\license.rtf • C:\Windows\Temp{F795D022-F47B-4891-B72E-F5324E98DD8F}.ba\1031\thm.wxl • C:\Windows\Temp{F795D022-F47B-4891-B72E-F5324E98DD8F}.ba\1029\license.rtf • C:\Windows\Temp{F795D022-F47B-4891-B72E-F5324E98DD8F}.ba\1029\thm.wxl • C:\Windows\Temp{F795D022-F47B-4891-B72E-F5324E98DD8F}.ba\1028\license.rtf • C:\Windows\Temp{F795D022-F47B-4891-B72E-F5324E98DD8F}.ba\1028\thm.wxl • C:\Windows\Temp{F795D022-F47B-4891-B72E-F5324E98DD8F}.ba\license.rtf • C:\Windows\Temp{F795D022-F47B-4891-B72E-F5324E98DD8F}.ba\logo.png • C:\Windows\Temp{F795D022-F47B-4891-B72E-F5324E98DD8F}.ba\thm.wxl • C:\Windows\Temp{F795D022-F47B-4891-B72E-F5324E98DD8F}.ba\thm.xml • C:\Program Files (x86)\TinyCAD\installed.txt • C:\Program Files (x86)\TinyCAD\examples\WaterSensor.dsn • C:\Program Files (x86)\TinyCAD\examples\nanocomp6802.dsn • C:\Program Files (x86)\TinyCAD\examples\CurrSens.dsn • C:\Program Files (x86)\TinyCAD\examples\AtTiny LED Flasher.dsn • C:\Program Files (x86)\TinyCAD\examples\AMP.DSN • C:\Program Files (x86)\TinyCAD\library\Relay_v1.TCLib • C:\Program Files (x86)\TinyCAD\library\gen_Power.TCLib • C:\Program Files (x86)\TinyCAD\library\th_Vreg.TCLib • C:\Program Files (x86)\TinyCAD\library\th_uC.TCLib • C:\Program Files (x86)\TinyCAD\library\th_Transceivers.TCLib • C:\Program Files (x86)\TinyCAD\library\th_Semiconductors.TCLib • C:\Program Files (x86)\TinyCAD\library\th_Passive.TCLib • C:\Program Files (x86)\TinyCAD\library\th_OpAmps.TCLib • C:\Program Files (x86)\TinyCAD\library\th_Headers.TCLib • C:\Program Files (x86)\TinyCAD\library\th_Electromechanical.TCLib • C:\Program Files (x86)\TinyCAD\library\th_Connectors.TCLib • C:\Program Files (x86)\TinyCAD\library\th_Comparators.TCLib • C:\Program Files (x86)\TinyCAD\library\symbols.TCLib • C:\Program Files (x86)\TinyCAD\library\Assemblies.TCLib • C:\Program Files (x86)\TinyCAD\library\sm_IC_Transceivers.TCLib • C:\Program Files (x86)\TinyCAD\library\cm_Connectors.TCLib • C:\Program Files (x86)\TinyCAD\library\Power.TCLib • C:\Program Files (x86)\TinyCAD\library\pm_Indicators.TCLib • C:\Program Files (x86)\TinyCAD\library\pm_Electromechanical.TCLib • C:\Program Files (x86)\TinyCAD\library\pm_Connectors.TCLib • C:\Program Files (x86)\TinyCAD\library\gen_Electromechanical.TCLib • C:\Program Files (x86)\TinyCAD\library\gen_Electromechanical_Relays.TCLib • C:\Program Files (x86)\TinyCAD\library\gen_Electromechanical_switches.TCLib • C:\Program Files (x86)\TinyCAD\library\Mechanical.TCLib • C:\Program Files (x86)\TinyCAD\library\gen_Logic.TCLib • C:\Program Files (x86)\TinyCAD\library\gen_Mechanical.TCLib • C:\Program Files (x86)\TinyCAD\library\gen_passive.TCLib • C:\Program Files (x86)\TinyCAD\library\gen_semiconductor.TCLib • C:\Program Files (x86)\TinyCAD\library\valve.TCLib • C:\Program Files (x86)\TinyCAD\library\switches.TCLib • C:\Program Files (x86)\TinyCAD\library\semi.TCLib • C:\Program Files (x86)\TinyCAD\library\passive.TCLib • C:\Program Files (x86)\TinyCAD\library\passive2.TCLib • C:\Program Files (x86)\TinyCAD\library\Microcontroller.TCLib • C:\Program Files (x86)\TinyCAD\library\IC-VREG.TCLib • C:\Program Files (x86)\TinyCAD\library\IC-OPAMP.TCLib • C:\Program Files (x86)\TinyCAD\library\IC-CMOS4000.TCLib • C:\Program Files (x86)\TinyCAD\library\DISCRETE.TCLib • C:\Program Files (x86)\TinyCAD\library\Connectors.TCLib • C:\Program Files (x86)\TinyCAD\library\Analog.TCLib • C:\Program Files (x86)\TinyCAD\library\AC connectors.TCLib • C:\Program Files (x86)\TinyCAD\library\74TTL.TCLib • C:\Users\filma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TinyCAD\User Manual.lnk • C:\Program Files (x86)\TinyCAD\LGPL Version 3.0.txt • C:\Program Files (x86)\TinyCAD\LGPL Version 2.1.txt • C:\Program Files (x86)\TinyCAD\TinyCAD.html • C:\Program Files (x86)\TinyCAD\zlib.dll • C:\Program Files (x86)\TinyCAD\libpng16.dll • C:\Users\filma\OneDrive\Desktop\TinyCAD.lnk • C:\Users\filma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TinyCAD\TinyCAD.lnk • C:\Program Files (x86)\TinyCAD\TinyCAD.exe • C:\Users\filma\AppData\Local\Temp\nsoF24F.tmp\System.dll • C:\Users\filma\AppData\Local\Temp\nsoF24F.tmp\nsDialogs.dll • C:\Users\filma\AppData\Local\Temp\nsoF24F.tmp\modern-wizard.bmp • C:\Users\filma\AppData\Local\Temp\nsoF24F.tmp\UserInfo.dll • C:\Users\filma\AppData\Local\Temp\nsjF193.tmp • C:\Users\filma\Downloads\TinyCAD_3.00.03.exe
Registry modified • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager : PendingFileRenameOperations (old value = \??\C:\Program Files\BullGuard Ltd\BullGuard\NovaShield -> new value = \??\C:\Program Files\BullGuard Ltd\BullGuard\NovaShield) • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Dependencies\VC,redist.x86,x86,14.21,bundle : (value = ) • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Dependencies\VC,redist.x86,x86,14.21,bundle : (value = ) • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Dependencies\VC,redist.x86,x86,14.21,bundle : (value = ) • HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall{49697869-be8e-427d-81a0-c334d1d14950} : (value = ) • HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall{49697869-be8e-427d-81a0-c334d1d14950} : (value = ) • HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall{49697869-be8e-427d-81a0-c334d1d14950} : (value = ) • HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall{49697869-be8e-427d-81a0-c334d1d14950} : (value = ) • HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall{49697869-be8e-427d-81a0-c334d1d14950} : (value = ) • HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall{49697869-be8e-427d-81a0-c334d1d14950} : (value = ) • HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall{49697869-be8e-427d-81a0-c334d1d14950} : (value = ) • HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall{49697869-be8e-427d-81a0-c334d1d14950} : (value = ) • HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall{49697869-be8e-427d-81a0-c334d1d14950} : (value = ) • HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall{49697869-be8e-427d-81a0-c334d1d14950} : (value = ) • HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall{49697869-be8e-427d-81a0-c334d1d14950} : (value = ) • HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall{49697869-be8e-427d-81a0-c334d1d14950} : (value = ) • HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall{49697869-be8e-427d-81a0-c334d1d14950} : (value = ) • HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall{49697869-be8e-427d-81a0-c334d1d14950} : (value = ) • HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall{49697869-be8e-427d-81a0-c334d1d14950} : (value = ) • HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall{49697869-be8e-427d-81a0-c334d1d14950} : (value = ) • HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall{49697869-be8e-427d-81a0-c334d1d14950} : (value = ) • HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall{49697869-be8e-427d-81a0-c334d1d14950} : (value = ) • HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall{49697869-be8e-427d-81a0-c334d1d14950} : (value = ) • HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall{49697869-be8e-427d-81a0-c334d1d14950} : (value = ) • HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall{49697869-be8e-427d-81a0-c334d1d14950} : (value = ) • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeAdditionalVSU_x86,v14\Dependents{49697869-be8e-427d-81a0-c334d1d14950} : (value = ) • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Dependencies\Microsoft.VS.VC_RuntimeMinimumVSU_x86,v14\Dependents{49697869-be8e-427d-81a0-c334d1d14950} : (value = ) • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Dependencies\VC,redist.x86,x86,14.21,bundle\Dependents{49697869-be8e-427d-81a0-c334d1d14950} : (value = ) • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Dependencies\VC,redist.x86,x86,14.21,bundle\Dependents : (value = ) • HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall{49697869-be8e-427d-81a0-c334d1d14950} : Resume (old value = 3 -> new value = 1) • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS\Diag\SystemRestore : SrCreateRp (Enter) (old value = 480000000000000037BBD170B844D701D4000000FC150000D50700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 -> new value = 40000000000000002D5F98D7AC45D701BC220000D0120000D5070000000000000000000000000000000000000000000000000000000000000000000000000000) • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TinyCAD Design\shell\edit\command : (value = ) • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TinyCAD Design\shell\edit\command : (value = "C:\Program Files (x86)\TinyCAD\TinyCad.exe" "%1") • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TinyCAD Design\shell\open : (value = ) • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TinyCAD Design\shell\edit : (value = ) • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TinyCAD Design\shell\open\command : (value = ) • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TinyCAD Design\DefaultIcon : (value = ) • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TinyCAD Design\shell\edit : (value = Edit TinyCAD Design) • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TinyCAD Design\DefaultIcon : (value = C:\Program Files (x86)\TinyCAD\TinyCad.exe,0) • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TinyCAD Design\shell\edit : Icon (value = "C:\Program Files (x86)\TinyCAD\TinyCad.exe",0) • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TinyCAD Design\shell\open\command : (value = "C:\Program Files (x86)\TinyCAD\TinyCad.exe" "%1") • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TinyCAD Design\shell : (value = open) • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TinyCAD Design : (value = ) • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TinyCAD Design\shell : (value = ) • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TinyCAD Design : (value = TinyCAD Design) • HKEY_LOCAL_MACHINE\SOFTWARE\Classes.dsn : (old value = MSDASQL -> new value = TinyCAD Design)
10/05/2021 16:05:26
Help Requested