WannaCry in GUIEditor
-
- KVRAF
- 35671 posts since 11 Apr, 2010 from Germany
-
- KVRAF
- 14442 posts since 16 Feb, 2005 from Planet Earth, Somewhere
One would think by now Microsoft would stop flagging this.
I just ran a full system scan and indeed this was flagged.
We are 100% sure it is safe correct?
rsp
I just ran a full system scan and indeed this was flagged.
We are 100% sure it is safe correct?
rsp
sound sculptist
-
- KVRAF
- 35671 posts since 11 Apr, 2010 from Germany
Well, if the OP didn't send it in to Microsoft, the file was still not excluded in the virus definition. There's only one solution then. Send it in to Microsoft. 
And, if you want to make sure the file is correct, you can also upload it here: www.virustotal.com
And, if you want to make sure the file is correct, you can also upload it here: www.virustotal.com
-
- KVRAF
- 14442 posts since 16 Feb, 2005 from Planet Earth, Somewhere
chk071 wrote:Well, if the OP didn't send it in to Microsoft, the file was still not excluded in the virus definition. There's only one solution then. Send it in to Microsoft.
And, if you want to make sure the file is correct, you can also upload it here: http://www.virustotal.com
I did the latter....
I have my WD set to send samples....I asume that does it?
found a site.
file too big. too much work.
rsp
You do not have the required permissions to view the files attached to this post.
sound sculptist
-
- KVRAF
- 35671 posts since 11 Apr, 2010 from Germany
Not sure how it works in Windows Defender, but, typically you can access the option to send the file in in the quarantine. Defender has a search history, and there you should find the quarantine, and there, you should be able to send the file to Microsoft.
-
- KVRAF
- 14442 posts since 16 Feb, 2005 from Planet Earth, Somewhere
Too much work.
I think if Bulent wants he should.
Thanks though.
rsp
I think if Bulent wants he should.
Thanks though.
rsp
Last edited by zvenx on Mon Jul 30, 2018 10:00 pm, edited 1 time in total.
sound sculptist
-
- KVRAF
- 19803 posts since 16 Sep, 2001 from Las Vegas,USA
The GUI Editor.exe just scored 0/65 on Virus Total. Not even Windows Defender flagged it. The date on the editor file here is 01-09-18 so perhaps I don't have the latest version.
None are so hopelessly enslaved as those who falsely believe they are free. Johann Wolfgang von Goethe
-
- KVRAF
- 19803 posts since 16 Sep, 2001 from Las Vegas,USA
I agree with you there. If a developer's software is kicking up even false positive warnings it's up to them to contact the AV vendor and have it whitelisted. It shouldn't be up to the end user.zvenx wrote:too much work.
I think if Bulent wants he should.
rsp
After all it is the developer's product and reputation at stake not the user's..........
None are so hopelessly enslaved as those who falsely believe they are free. Johann Wolfgang von Goethe
-
- KVRAF
- 14442 posts since 16 Feb, 2005 from Planet Earth, Somewhere
chk071 wrote:Maybe zvenx still has some old virus definitions then. Or there's something else flakey with Defender.
I did have the latest virus definitions.
However I just awhile ago manually deleted GUI editor, and once again reinstalled SMone.......seems fine now.
thanks
rsp
sound sculptist
-
- KVRAF
- 35671 posts since 11 Apr, 2010 from Germany
Maybe it flags it as a virus, because it once flagged it as a virus. Or some similar crazy thing. TBH, i'm not really convinced of what Microsoft does, as of late. Edge, for example, is such a buggy piece of trash that every time i use it, i find another horrid bug. And it deleted every single favorite i collected on a computer 2 times, even when i reinstalled Windows. I think they should stop throwing out a big feature update every half a year, and start working on stability and bugs in the existing software. Almost reminds me of Linux these days.
-
- KVRAF
- 19803 posts since 16 Sep, 2001 from Las Vegas,USA
I think I see the difference. You have a gui editor.exe in your SM One folder but I do not. Mine is in the regular Synthmaster folder and that one is dated 1-9-18.zvenx wrote:hmmm mine is dated 01-13-18 and WD still flags it.. Interesting.
I even redownloaded it an hour ago.
rsp
Do you also have Synthmaster installed ?
Have you tried uploading the file dated 1-13-18 to VirusTotal ?
https://www.virustotal.com/#/home/upload
None are so hopelessly enslaved as those who falsely believe they are free. Johann Wolfgang von Goethe
-
- KVRAF
- 3735 posts since 17 Sep, 2016
Yikes! 
I found three versions of 'GUIEditor.exe' in my path 'C:\Program Files\KV331 Audio'.
One each in 'SynthMaster', 'SynthMaster One', and 'SynthMaster Player'.
Here is the VirusTotal results for the file located in 'SynthMaster One':
The 'GUIEditor.exe' files in the other two app folders scanned clean.
I ran HitmanPro 3.8.0 on this potential malware, and it detected a trojan and deleted the file.
So, in total there were 22 AV engines out of 66 at VirusTotal that detected this, plus so did HitmanPro. This is not just a Microsoft false detection. I am glad I never executed this file!
I found three versions of 'GUIEditor.exe' in my path 'C:\Program Files\KV331 Audio'.
One each in 'SynthMaster', 'SynthMaster One', and 'SynthMaster Player'.
Here is the VirusTotal results for the file located in 'SynthMaster One':
Full analysis here: https://www.virustotal.com/en/file/6bbb ... /analysis/SHA256: 6bbb9c6ad5db9079d5d687a4f0ec2fe6a0815c55181b3f3893419ea84208715e
File name: GUIEditor.exe
Detection ratio: 22 / 66
Analysis date: 2018-07-22 19:45:24 UTC ( 1 week, 1 day ago )
The 'GUIEditor.exe' files in the other two app folders scanned clean.
I ran HitmanPro 3.8.0 on this potential malware, and it detected a trojan and deleted the file.
So, in total there were 22 AV engines out of 66 at VirusTotal that detected this, plus so did HitmanPro. This is not just a Microsoft false detection. I am glad I never executed this file!
Windows 10 and too many plugins