You are not logged in.
Pages: 1
Various antivirus engines are reporting that Shutter.exe 4.2.0.0 is a trojan. Specifically, most of them reference "Gen:Variant.Agentus.14".
I know better than to take this seriously. These defective products finally noticed that Shutter access lists of running processes, can read window content, etc. and can perform actions on the PC... All of which it does for legitimate reasons.
For others who find this, don't panic. Shutter is not malware. They will fix this in time. I will notify some of them (most of them share signatures and other information, including bad information, as we see here).
https://www.virustotal.com/en/file/088a … 532792986/
Offline
Indeed, this is just another instance of generic false positive.
Shutter does have many features which may trigger generic malware detection algorithms. Features such as User Inactivity event, Process/Window monitoring and termination, Web Interface with remote command execution, and many more - all of which can be misused by rouge software and users.
Interestingly, I have just reanalysed Shutter 4.2 at VirusTotal and the resulting detection ratio has already dropped down to 2 / 66 from 6 / 66. Also, the latest development version Shutter 4.2.0.4 Beta has just 1 / 66.
Shutter 3.8
Last analysis: 2017-12-07 22:37:36 UTC
Detection ratio: 0 / 66
https://www.virustotal.com/#/file/45198 … /detection
Shutter 4.1
Last analysis: 2018-01-10 13:29:33 UTC
Detection ratio: 0 / 68
https://www.virustotal.com/#/file/c860d … /detection
Shutter 4.2
Last analysis: 2018-07-29 10:44:56 UTC
Detection ratio: 2 / 66 (Gen:Variant.Agentus.14)
https://www.virustotal.com/#/file/088a9 … /detection
Shutter 4.2.0.4 Beta
Last analysis: 2018-07-29 10:42:50 UTC
Detection ratio: 1 / 66 (Gen:Variant.Agentus.14)
https://www.virustotal.com/#/file/e16fc … /detection
Offline
The two remaining false positive sources are ALYac and Qihoo 360. I sent the file to Qihoo the other day, and they just replied:
Sorry to tell you that we could not deal with the sample file that you’ve submitted (Time: 2018-07-29 00:07:15; Software: Shutter; ID:XXXXXXX).
Result: Invalid URL, failed to download the sample.
Which makes no sense at all
ALYac seems to require you to run an application of theirs to submit a file, and I'm just not going to do that:
https://en.estsecurity.com/support/report
I brought this up because I know how damaging this type of thing can be to legitimate software developers.
Last edited by miserable (2018-07-29 16:29)
Offline
I brought this up because I know how damaging this type of thing can be to legitimate software developers.
You are absolutely right. Thanks a lot for your help!
Offline
Pages: 1