Host-based backup of VMware vSphere VMs.
Post Reply
jamerson
Veteran
Posts: 366
Liked: 24 times
Joined: May 01, 2013 9:54 pm
Full Name: Julien
Contact:

VEEAMVSShook_X86.dll trojan

Post by jamerson »

Hi Guys,
today i was trying th te 9.5 on the LAB before, while installing it my antivirus has detected the VEEAMVSShook_X86.dll as TR/Hijacker.Gen2.
http://www.avira.com/en/support-threats ... n2&track=1
Gostev
Chief Product Officer
Posts: 31460
Liked: 6648 times
Joined: Jan 01, 2006 1:01 am
Location: Baar, Switzerland
Contact:

Re: VEEAMVSShook_X86.dll trojan

Post by Gostev »

False positive, use this site to double check the file in such cases > https://www.virustotal.com/
Different vendors use different checksum algorithms, so this is the easiest way to confirm a checksum collision.
dweide
Enthusiast
Posts: 38
Liked: 9 times
Joined: Mar 29, 2012 1:57 pm
Full Name: D. Weide
Contact:

Re: VEEAMVSShook_X86.dll trojan

Post by dweide »

Similar situation here:

- Avira reports "....VeeamVssHook_X86.dll' to be malicious
- Avira accordingly blocks access to this dll
- Message appears also after completed Installation of 9.5

And while I am sure that Veeam is not distributing malware - what's the resolution?

Just wait until Avira corrects the false positive?
PTide
Product Manager
Posts: 6408
Liked: 724 times
Joined: May 19, 2015 1:46 pm
Contact:

Re: VEEAMVSShook_X86.dll trojan

Post by PTide »

While you're awaiting for Avira to correct the FP, you can configure exclusions by yourself.

Thanks
ccatlett1984
Enthusiast
Posts: 83
Liked: 9 times
Joined: Oct 31, 2013 5:11 pm
Full Name: Chris Catlett
Contact:

Re: VEEAMVSShook_X86.dll trojan

Post by ccatlett1984 »

Its being detected as a Trojan since its making calls to the system VSS writer.

Not many "good" applications do that, other than backup software.
lando_uk
Veteran
Posts: 371
Liked: 32 times
Joined: Oct 17, 2013 10:02 am
Full Name: Mark
Location: UK
Contact:

Re: VEEAMVSShook_X86.dll trojan

Post by lando_uk »

Thanks for the heads up.

This should be added to known issues on the installation notes for 9.5.
albertwt
Veeam Legend
Posts: 879
Liked: 46 times
Joined: Nov 05, 2009 12:24 pm
Location: Sydney, NSW
Contact:

Re: VEEAMVSShook_X86.dll trojan

Post by albertwt »

yes, McAfee also reports is as well today with the latest definition update running:

The transferred file contained a virus and was therefore blocked. :?:

Media Type: application/executable
Virus Name: Avira: TR/Hijacker.Gen2
--
/* Veeam software enthusiast user & supporter ! */
veremin
Product Manager
Posts: 20270
Liked: 2252 times
Joined: Oct 26, 2012 3:28 pm
Full Name: Vladimir Eremin
Contact:

Re: VEEAMVSShook_X86.dll trojan

Post by veremin »

As Anton's said, most likely this is a false positive alarm. If you're a bit worried, use the referenced site to get additional assurance. Thanks.
veremin
Product Manager
Posts: 20270
Liked: 2252 times
Joined: Oct 26, 2012 3:28 pm
Full Name: Vladimir Eremin
Contact:

Re: VEEAMVSShook_X86.dll trojan

Post by veremin »

Also, kindly, avoid posting private links to Update 1 RTM, as the update is yet to become generally available. Thanks.
DeLiriOusNoMaD
Novice
Posts: 9
Liked: 1 time
Joined: Dec 29, 2015 10:25 pm
Full Name: BillA
Contact:

Re: VEEAMVSShook_X86.dll trojan

Post by DeLiriOusNoMaD »

i believe the issue with AV picking up malware/ransomware false positives is due to AV detecting file replication dlls/exe. i have a similar issue with another vendor and its replication executable, i will not name it here, but this was with Trend Micro flagging the file as ransomware. i was told the file detected wouldnt be removed from the AV detection engines.
Mike Resseler
Product Manager
Posts: 8044
Liked: 1263 times
Joined: Feb 08, 2013 3:08 pm
Full Name: Mike Resseler
Location: Belgium
Contact:

Re: VEEAMVSShook_X86.dll trojan

Post by Mike Resseler »

Bill,

Thanks for the additional information. We try to work with those vendors and let our files get excluded but as you can see this still happens (and as you say, not only with us)
We keep pushing :-)

Mike
Post Reply

Who is online

Users browsing this forum: No registered users and 99 guests