Jump to content
Sign in to follow this  
GuiltySpark

Unhide.exe

Recommended Posts

Created by the guys at Bleeping Computer Unhide is being flagged, I have submitted this as a FP haven't had a chance to check the katest Definitions yet to see if it's cleared.

 

Hopefully this can / has been remedied.

Share this post


Link to post
Share on other sites
Guest

Hi GuiltySpark,

 

Just out of curiosity! Can this tool be used by qualified malware experts in forums such as Avast, MBAM, and etc so they can assist users to get rid of malware. If so, perhaps I could tell them about this tool to malware experts if/ haven't known about this tool?

 

By the way, I scanned this program from the latest malware definition of SAS and it reports as clean.

Share this post


Link to post
Share on other sites

They can and probably would if the right malware came along rogue.FakeHDD which comes as a Optimizer / Reg Cleaner and subsequently starts hiding files.

Share this post


Link to post
Share on other sites

Now that's very strange.

 

I had an older version of Unhide.exe in a folder (bearing in mind I rarely use the windows machine now due to MS's inate ability to screw updates and slow a system to a crawl) which was being detected as Worm.Hupigon ( a little confusing as it was never picked up before and neither was it discovered by any other scanner or AV program).

So I decided to test something out, I updated SAS and ran a scan on the Unhide.exe program only - it was flagged again Worm.Hupigon.

 

I then downloaded a completely fresh version of Unhide.exe (straight after the initial flagging) and ran a scan on the New Unhide.exe file only.

No Flagging????

 

I re-ran the scan on the old version and it was flagged????

 

Both copies were downloaded direct from Bleeping Computer and no external drives had been used on the windows machine nor had it been online til recently when MS Updates went through, so what happened?

 

The original file was downloaded about a year and a half ago, if it was infected over this period how did nothing at all catch it (from a multitude of scanners / AV platforms) nothing caught it til now.

 

Could it be a file in the program which causes it to be flagged and removed after a certain time (so that you have to download another one)?

 

It's all a bit of a mystery however the old one has been removed, the new one is in place and I will just have to wait and see what happens in the future.

 

Got me baffled :?

Share this post


Link to post
Share on other sites
Guest

Might be a good thing to monitor this program! Who knows what will happen next? Another false positive on the new file and again there will be a new version of this tool which is corrected?

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

×