mcluskyism Posted July 27, 2019 Share Posted July 27, 2019 Hi everyone, I'm new to the forum, I hope I wrote in the appropriate one. I wanted to point out that my company antivirus (Check Point Endpoint Anti-Malware Blade) identifies WinToolkit.exe as infected with UDS:Trojan.MSIL.Agent.gen and relegates it to quarantine. This happens with the WinToolkit_1.7.0.7 version which is therefore unusable, while with the WTK_v1_1.7.0.0 version the same executable passes the control, and it works. I would like to test the versions prior to 1.7.0.7 but the download link only points to the latest. Where can I find intermediate versions? Or should I wait for the next one? Feel free to offer me further suggestions, thanks and greetings Quote Link to comment Share on other sites More sharing options...
Thiersee Posted July 27, 2019 Share Posted July 27, 2019 Buongiorno e benvenuto! This is a "false positive", Microsoft Security Essentials identifies it too as a virus, but with another name, depending on the status of the definitions. Do you antivirus have the possibility to set the program as OK? MSE has that possibility. BTW, since yesterday the version 1.7.0.8 has been released; MSE does NOT identify this version as infected. You can download the new version on win-unattended.de. Quote Link to comment Share on other sites More sharing options...
mcluskyism Posted July 27, 2019 Author Share Posted July 27, 2019 (edited) Hi Thiersee, buongiorno a te e grazie per la celere risposta. I'm pretty sure this is a false positive, and I downloaded the latest version you suggested, but unfortunately my company antivirus thinks that even version 1.7.0.8 contains the same virus, so it won't even let me unpack the archive. And no, the antivirus is activated by policies so I have no way even to stop it and pause it with the "classic methods" already tried ( wmic service ... call StopService | net stop ... | sc config ... start= disabled && sc stop ... | TASKKILL / F / IM ... ). For now I return to the original version v1_1.7.0.0 but, if they were available, I would still be curious to test the intermediate releases from win-unattended.de I would basically slipstream a Seven Starter ISO for an old netbook, and I'm working on a Windows 10 company laptop (at home I'm up Debian Stable). Since I would just like to modify Seven and nothing else, do you think I could be happy to stay with the original v1_1.7.0.0 version, and drop the German releases? Grazie ancora, un saluto Edited July 27, 2019 by mcluskyism spelling error Quote Link to comment Share on other sites More sharing options...
Thiersee Posted July 27, 2019 Share Posted July 27, 2019 1 hour ago, mcluskyism said: do you think I could be happy to stay with the original v1_1.7.0.0 version, and drop the German releases? There is no german version of WTK! Or what do you mean? Intermediate releases: Silly me, I have them ! If you want I can uploade them on mega.nz and give you the link. Anyway, in the last days I couldn' have the 1.7.0.7-EXE on my PC, MSE did identify it as virus; after the MSE-Update of yesterday it hasn't been identified as virus anymore and the 1.7.0.8 too. Ciao. Quote Link to comment Share on other sites More sharing options...
mcluskyism Posted July 27, 2019 Author Share Posted July 27, 2019 34 minutes ago, Thiersee said: There is no german version of WTK! Or what do you mean? Hello, and sorry! I mean win-unattended.de branch development. 36 minutes ago, Thiersee said: If you want I can uploade them on mega.nz and give you the link. Thank you, you would be very kind if you could, so I could test from when the false positive appeared. Cheers Quote Link to comment Share on other sites More sharing options...
Thiersee Posted July 27, 2019 Share Posted July 27, 2019 8 minutes ago, mcluskyism said: Hello, and sorry! I mean win-unattended.de branch development. Thank you, you would be very kind if you could, so I could test from when the false positive appeared. Cheers OK! Here is the link https://mega.nz/#!mKxDBYKZ!QFMsT2jhV8_CvXTOVq8h3Q-Cj7-oTf5biTWuw1C5BYc Tell me when you downloaded it, then I pull it down from mega.nz. Quote Link to comment Share on other sites More sharing options...
sweden8 Posted July 27, 2019 Share Posted July 27, 2019 I don´t know if www.virustotal.com is a reliable place to test this file? Anyway it comes up with a number of problems. VirusTotal.pdf Quote Link to comment Share on other sites More sharing options...
mcluskyism Posted July 29, 2019 Author Share Posted July 29, 2019 On 7/27/2019 at 4:35 PM, Thiersee said: Tell me when you downloaded it, then I pull it down from mega.nz. Hi Thiersee, downloaded and "grazie" feel free to take them down P.S. sorry for the delay, I will test ASAP Quote Link to comment Share on other sites More sharing options...
mcluskyism Posted July 29, 2019 Author Share Posted July 29, 2019 Hello sweden8, impressive bad result but I'm still believing they were all false positives Quote Link to comment Share on other sites More sharing options...
sweden8 Posted July 29, 2019 Share Posted July 29, 2019 (edited) Hello mcluskyism, I hope you are correct! And I think you are! So I´ll wait for the official version of 1.7.0.8 I´m a big fan of WinToolkit Edited July 29, 2019 by sweden8 Quote Link to comment Share on other sites More sharing options...
Thiersee Posted July 29, 2019 Share Posted July 29, 2019 @sweden8 Since friday 26-07-2019 is the version 1.7.0.8 the official one! Quote Link to comment Share on other sites More sharing options...
mcluskyism Posted July 29, 2019 Author Share Posted July 29, 2019 (edited) Hi to all, unfortunately I Get No Joy ... all releases of WinToolkit from 1.7.0.1 to 1.7.0.8 are presumed infected, according to my company antivirus. I am still convinced that this is a false positive, but for now I am screwed. BTW, my goal ATM is to modify only a copy of Seven Starter ... in yours opinion, maybe the original v1_1.7.0.0 could suffice? Thanks anyway for all the support, and greetings to the whole forum Edited July 29, 2019 by mcluskyism misspelling Quote Link to comment Share on other sites More sharing options...
Thiersee Posted July 29, 2019 Share Posted July 29, 2019 Yes, it is! But if you want to hide some KBs, you can't use the .vbs-script put directly in the section Silent-Installer + SFX (the feauture is only since 1.7.0.7), you must use the .exe-version. Quote Link to comment Share on other sites More sharing options...
mcluskyism Posted July 29, 2019 Author Share Posted July 29, 2019 Hi Thiersee, ok, for now I will R.I.P. on v1_1.7.0.0. Again, thanks and greetings Quote Link to comment Share on other sites More sharing options...
PapoPorz Posted August 24, 2019 Share Posted August 24, 2019 (edited) Hi all, I'm having the same problem. McAfee Endpoint Security claims WinToolkitRunOnce.exe to be the Trojan. It quarantains it and there is no way to set it as positive. Running WinToolkit 1.7.0.8, had the same result with 1.7.0.7. I'll try with the version 1.7.0.0 and report back. Tom Edit: Version 1.7.0.0 still running smoothly, no complaints about trojans Edited August 24, 2019 by PapoPorz Quote Link to comment Share on other sites More sharing options...
mcluskyism Posted August 24, 2019 Author Share Posted August 24, 2019 (edited) Hi PapoPorz, and welcome on my same boat indeed, thank you for having fully identified the "culprit". So, any suggestions from the developers? I'm still on v1_1.7.0.0 ATM. Thank you Edited August 24, 2019 by mcluskyism misspelling Quote Link to comment Share on other sites More sharing options...
mooms Posted August 25, 2019 Share Posted August 25, 2019 The dev is not made here anymore. Quote Link to comment Share on other sites More sharing options...
Thiersee Posted December 9, 2019 Share Posted December 9, 2019 Have a look here (last post): https://www.wincert.net/forum/topic/14074-wintoolkit-version-1708-1709/page/2/?tab=comments#comment-127293 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.