Open signal15 opened 7 years ago
While I do not speak for Microsoft, this was a very active targeted detection by Microsoft and they raised (falsely) the detection to the highest level. So, you can try to hide, just realize that Microsoft is targeting this. With that said, they had to go "out of their way" a bit to make it so. In other words, it took some effort for Microsoft to do this work. My guess is that other AVs are merely following... (I mean, you wouldn't want to be the one AV that doesn't detect a very high level (highest) security problem).
OK, let's say it's Microsoft targeting RDPWrap. But most RDPWrap users are also running AV solutions. So why not put everyone at ease by making the small change of not enabling RDP as part of the installation? If we could eliminate all the alarming AVs, RDPWrap users will be happier.
My point is, the problem isn't necessarily going to "go away", as Microsoft has RDPWrap (specifically) in its sites. They'd love to dismantle all others as well, but the big #1, if all else fails, is to ensure that RDPWrap is stopped, by force or by "implied" force by scaring the pants off the end user. The "trickier" that RDPWrap becomes, sadly, means the more "virus like" it may appear.... but I'm not the developer. Would welcome a return to what "was"... just not sure it's possible.
Malware bytes still showing virus detected. So, is this file infected or safe?
RU: Если вы видите rdpwrap.ini
, в котором в конце даты обновления стоит буква b
, то этот INI активирует бекдор (требуется проверить!) Если буква a
, то бекдор полностью отключается (требуется проверить).
EN: If you see rdpwrap.ini with the letter b at the end of the update date, then this INI activates the backdoor (needs to be checked!) If the letter is a, then the backdoor is completely disabled (needs to be checked).
WARNING
RU: Если вы видите
rdpwrap.ini
, в котором в конце даты обновления стоит букваb
, то этот INI активирует бекдор (требуется проверить!) Если букваa
, то бекдор полностью отключается (требуется проверить).EN: If you see rdpwrap.ini with the letter b at the end of the update date, then this INI activates the backdoor (needs to be checked!) If the letter is a, then the backdoor is completely disabled (needs to be checked).
What absolute nonsense!
15/58 virus scanners are showing malware in this package. In v1.6, they also showed 5/58. Something shady is going on with this package. See virus scanning results here:
https://www.virustotal.com/en/file/fed08bd733b8e60b5805007bd01a7bf0d0b1993059bbe319d1179facc6b73361/analysis/1498759251/
Some of these look like they are specifically detecting rdpwrap, but some look like they are detecting WisdomEyes and other malware.
Also, the latest version of Chrome on Windows refuses to download v1.6.1 saying that it is "dangerous". It does download v1.6 just fine though.