1-4 hits is usually a false positive, in this case likely triggered by the google offer in the standard build. Is the hit, by any chance eset or clamwin
1-4 hits is usually a false positive, in this case likely triggered by the google offer in the standard build. Is the hit, by any chance eset or clamwin
Nergal,
I get 2 hits, the first from ESET is negligible – “Win32/Bundled.Toolbar.Google.D” – which is a false positive referring to the google toolbar bundled with Recuva (I get this also scanning Ccleaner).
The second, which I reported, is more worrisome. Why should Recuva turn out positive for a known trojan such as “Malware-Cryptor.Win32.General.4”?
The engine that grabbed it is called VBA32. I must admit I have never heard of this engine before but is one of those listed in virustotal.com, as well as virscan.org. Recuva gives the same results in either scans.
I scanned locally with Norton and Malwarebytes and I get no positives.
I would say since the other engines listed didn't grab it it's a false positive and should be uploaded/reported-to VBA32 http://anti-virus.by/en/ (I couldn't find a report email but am mobile so might've missed it)
The engine that grabbed it is called VBA32. I must admit I have never heard of this engine before but is one of those listed in virustotal.com, as well as virscan.org. Recuva gives the same results in either scans.
Most installers that include something bundled with them (in this case Google software) will get flagged by 1 or more of the scanners. That and supposedly Piriform uses NSIS which itself will sometimes produce an FP. If you wish to avoid FP's, etc., use the Portable versions which are available in a ZIP archive.
______________
Onto Nergal's asking of ClamWin -- it triggers mostly on files compressed with UPX, it triggers so often I began to completely ignore its results. Funny thing is using ClamWin Portable (Windows) it doesn't give an FP against the same files it gives an FP on multiple scanning sites, but those scanning sites are using the Linux version.