x
This website is using cookies. We use cookies to ensure that we give you the best experience on our website. More info. That's Fine
HPC:Factor Logo 
 
Latest Forum Activity

EVB.EXE detected as malware

I dunk for bananas Page Icon Posted 2024-03-20 5:12 PM
#
Avatar image of I dunk for bananas
H/PC Elite

Posts:
711
Location:
Europe
Status:
Windows Defender is suddenly detecting eVB as "Trojan:Script/Phonzy.B!ml". I'm confident that this is a false positive, but could anyone verify that the correct hash for EVB.EXE is 98bd1b3aff9b1b24b18866a0bf515c9b367750b6aa34d9301a6d838f62956c11 ?

Thank you!

Edited by I dunk for bananas 2024-03-20 5:12 PM
 Top of the page
C:Amie Page Icon Posted 2024-03-20 5:16 PM
#
Avatar image of C:Amie
Administrator
H/PC Oracle

Posts:
18,066
Location:
United Kingdom
Status:
I just pulled the .exe out of the eVT3 installer - version 3.00.0087 - and
SHA256 is C96374911D50C814F07C88E1331861AB893F9C284EFE501BB225E6C12DBC738B
SHA1 7EB76DCC8BE01C976023AC0391215410AACFD923
 Top of the page
I dunk for bananas Page Icon Posted 2024-03-20 5:52 PM
#
Avatar image of I dunk for bananas
H/PC Elite

Posts:
711
Location:
Europe
Status:
Strange, what kind of file is this then..? Is your version digitally signed? I also have that specific version of the file, 3.00.087
Does this look suspicious to you? I have no idea why it's trying to open some random nginx server on the web: https://www.virustotal.com/gui/file/98bd1b3aff9b1b24b18866a0bf515c9b367750b6aa34d9301a6d838f62956c11/behavior

Edited by I dunk for bananas 2024-03-20 5:56 PM
 Top of the page
C:Amie Page Icon Posted 2024-03-20 8:58 PM
#
Avatar image of C:Amie
Administrator
H/PC Oracle

Posts:
18,066
Location:
United Kingdom
Status:
The VT link is for vb6.exe.
The 172.16 addresses are private CIDR ranges,that is no threat. If in doubt, reinstall it.
 Top of the page
stingraze Page Icon Posted 2024-03-28 2:27 AM
#
Avatar image of stingraze
Subscribers
H/PC Vanguard

Posts:
3,697
Location:
Japan
Status:
I dunk for bananas - 2024-03-21 2:52 AM


Strange, what kind of file is this then..? Is your version digitally signed? I also have that specific version of the file, 3.00.087
Does this look suspicious to you? I have no idea why it's trying to open some random nginx server on the web: https://www.virustotal.com/gui/file/98bd1b3aff9b1b24b18866a0bf515c9b367750b6aa34d9301a6d838f62956c11/behavio


I just checked the URL / IP address it's sending to, and it seems like it's not malicious according to VirusTotal.

https://www.virustotal.com/gui/url/3d5b6f70df2460131ec71b5dbe14a0dd5d8dbbd0e5db99d4296d787d3b6791af

Edited by stingraze 2024-03-28 2:28 AM
 Top of the page
I dunk for bananas Page Icon Posted 2024-03-28 2:53 PM
#
Avatar image of I dunk for bananas
H/PC Elite

Posts:
711
Location:
Europe
Status:
C:Amie - 2024-03-20 8:58 PM


The VT link is for vb6.exe.
The 172.16 addresses are private CIDR ranges,that is no threat. If in doubt, reinstall it.


Are you sure that it's vb6? Because that's just the EVB.EXE that was on my system. I ended up deleting it and replacing it with the one I grabbed from the installer, which has a different hash. It's quite odd, I have no idea where the EVB.EXE I first had even came from - well, it's all fine now!
 Top of the page
C:Amie Page Icon Posted 2024-03-28 6:16 PM
#
Avatar image of C:Amie
Administrator
H/PC Oracle

Posts:
18,066
Location:
United Kingdom
Status:
You said eVB, VB6 is totally different to eVB. Did you install from eV6 or via the VB Toolkit for CE 6?
 Top of the page
I dunk for bananas Page Icon Posted 2024-03-28 7:02 PM
#
Avatar image of I dunk for bananas
H/PC Elite

Posts:
711
Location:
Europe
Status:
C:Amie - 2024-03-28 6:16 PM


You said eVB, VB6 is totally different to eVB. Did you install from eV6 or via the VB Toolkit for CE 6?


Just the regular CE VB toolkit from hpcfactor
 Top of the page
C:Amie Page Icon Posted 2024-03-28 7:21 PM
#
Avatar image of C:Amie
Administrator
H/PC Oracle

Posts:
18,066
Location:
United Kingdom
Status:
that's VBCE6, not eVB
 Top of the page
Jump to forum:
Seconds to generate: 0.158 - Cached queries : 67 - Executed queries : 8