forums.wsusoffline.net

Forums for questions, problems and suggestions concerning WSUS Offline Update
https://forums.wsusoffline.net/

Win.Trojan.Philadelphia-1 in UpdateGenerator.exe

https://forums.wsusoffline.net/viewtopic.php?f=3&t=5988

Page 1 of 1

Win.Trojan.Philadelphia-1 in UpdateGenerator.exe

PostPosted: 10.10.2016, 07:34
by dpailler
Hi,
Since the last update of wsusoffline, updategenerator.exe is considered as Win.Trojan.Philadelphia-1 for winclav.
Do you have the same problème?

Regards

Re: Win.Trojan.Philadelphia-1 in UpdateGenerator.exe

PostPosted: 10.10.2016, 08:33
by harry
Quite secure a false positive, please refer to https://virustotal.com/de/file/d3426160 ... /analysis/ (only 2/56 hits)

Please report it to the manufacturer of your AV software as false positive!
Source code is inside the archive.

Re: Win.Trojan.Philadelphia-1 in UpdateGenerator.exe

PostPosted: 10.05.2017, 09:44
by mpelas
I just noticed that process explorer complains about the running of the UpdateGenerator.exe

I am on 10.9.2 version. The check against virustotal returns 3 alarms
https://www.virustotal.com/en/file/aa71 ... 494404039/
Malwr verifies infected file here
https://malwr.com/analysis/ZDJjYTYzOTg4 ... czMDM5YTM/

Please do verify if false positive.
Regards

Re: Win.Trojan.Philadelphia-1 in UpdateGenerator.exe

PostPosted: 10.05.2017, 12:16
by Dalai
@mpelas: Well, it's only 3 out of more than 50 scanners that think to have found something. It's a false positive if you are sure to have downloaded the correct files. Here are some SHA-1 checksums of WSUS Offline 10.9.2:
Code: Select all
347c4b1fa83af65346649a206db4fa7a6d5a99c0 *wsusoffline1092.zip
cc44540762a2553d0172d7d0ff5aee7a8f147dad *UpdateGenerator.exe
19308c2412c7737b3f0524c1a866e36b5e2b3cc0 *UpdateInstaller.exe


Regards
Dalai
All times are UTC + 1 hour
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/