#1 2018-07-28 17:00

miserable
Member
Registered: 2008-12-13
Posts: 20

Shutter 4.2 Flagged as Malware (False positive)

Various antivirus engines are reporting that Shutter.exe 4.2.0.0 is a trojan. Specifically, most of them reference "Gen:Variant.Agentus.14".

I know better than to take this seriously. These defective products finally noticed that Shutter access lists of running processes, can read window content, etc. and can perform actions on the PC... All of which it does for legitimate reasons.

For others who find this, don't panic. Shutter is not malware. They will fix this in time. I will notify some of them (most of them share signatures and other information, including bad information, as we see here).

https://www.virustotal.com/en/file/088a … 532792986/

2018-07-28_11-53-53.jpg

Offline

#2 2018-07-29 12:01

den4b
Administrator
From: den4b.com
Registered: 2006-04-06
Posts: 3,367

Re: Shutter 4.2 Flagged as Malware (False positive)

Indeed, this is just another instance of generic false positive.

Shutter does have many features which may trigger generic malware detection algorithms. Features such as User Inactivity event, Process/Window monitoring and termination, Web Interface with remote command execution, and many more - all of which can be misused by rouge software and users.

Interestingly, I have just reanalysed Shutter 4.2 at VirusTotal and the resulting detection ratio has already dropped down to 2 / 66 from 6 / 66. Also, the latest development version Shutter 4.2.0.4 Beta has just 1 / 66.

Shutter 3.8
Last analysis: 2017-12-07 22:37:36 UTC
Detection ratio: 0 / 66
https://www.virustotal.com/#/file/45198 … /detection

Shutter 4.1
Last analysis: 2018-01-10 13:29:33 UTC
Detection ratio: 0 / 68
https://www.virustotal.com/#/file/c860d … /detection

Shutter 4.2
Last analysis: 2018-07-29 10:44:56 UTC
Detection ratio: 2 / 66 (Gen:Variant.Agentus.14)
https://www.virustotal.com/#/file/088a9 … /detection

Shutter 4.2.0.4 Beta
Last analysis: 2018-07-29 10:42:50 UTC
Detection ratio: 1 / 66 (Gen:Variant.Agentus.14)
https://www.virustotal.com/#/file/e16fc … /detection

Offline

#3 2018-07-29 16:28

miserable
Member
Registered: 2008-12-13
Posts: 20

Re: Shutter 4.2 Flagged as Malware (False positive)

The two remaining false positive sources are ALYac and Qihoo 360. I sent the file to Qihoo the other day, and they just replied:

Sorry to tell you that we could not deal with the sample file that you’ve submitted (Time: 2018-07-29 00:07:15; Software: Shutter; ID:XXXXXXX).
Result: Invalid URL, failed to download the sample.

Which makes no sense at all

ALYac seems to require you to run an application of theirs to submit a file, and I'm just not going to do that:

https://en.estsecurity.com/support/report

I brought this up because I know how damaging this type of thing can be to legitimate software developers.

Last edited by miserable (2018-07-29 16:29)

Offline

#4 2018-07-29 20:50

den4b
Administrator
From: den4b.com
Registered: 2006-04-06
Posts: 3,367

Re: Shutter 4.2 Flagged as Malware (False positive)

miserable wrote:

I brought this up because I know how damaging this type of thing can be to legitimate software developers.

You are absolutely right. Thanks a lot for your help!

Offline

Board footer

Powered by FluxBB