VEEAMVSShook_X86.dll trojan

jamerson · Post by **jamerson** » Nov 18, 2016 10:14 pm this post

Hi Guys,
today i was trying th te 9.5 on the LAB before, while installing it my antivirus has detected the VEEAMVSShook_X86.dll as TR/Hijacker.Gen2.
http://www.avira.com/en/support-threats ... n2&track=1

Post by **Gostev** » Nov 18, 2016 10:25 pm this post

False positive, use this site to double check the file in such cases > https://www.virustotal.com/
Different vendors use different checksum algorithms, so this is the easiest way to confirm a checksum collision.

dweide · Post by **dweide** » Nov 21, 2016 2:03 pm this post

Similar situation here:

- Avira reports "....VeeamVssHook_X86.dll' to be malicious
- Avira accordingly blocks access to this dll
- Message appears also after completed Installation of 9.5

And while I am sure that Veeam is not distributing malware - what's the resolution?

Just wait until Avira corrects the false positive?

Post by **PTide** » Nov 21, 2016 2:27 pm this post

While you're awaiting for Avira to correct the FP, you can configure exclusions by yourself.

Thanks

ccatlett1984 · Post by **ccatlett1984** » Nov 21, 2016 10:48 pm this post

Its being detected as a Trojan since its making calls to the system VSS writer.

Not many "good" applications do that, other than backup software.

lando_uk · Post by **lando_uk** » Nov 22, 2016 4:00 pm this post

Thanks for the heads up.

This should be added to known issues on the installation notes for 9.5.

albertwt · Post by **albertwt** » Jan 03, 2017 11:28 pm this post

yes, McAfee also reports is as well today with the latest definition update running:

The transferred file contained a virus and was therefore blocked.

Media Type: application/executable
Virus Name: Avira: TR/Hijacker.Gen2

Post by **veremin** » Jan 04, 2017 10:30 am this post

As Anton's said, most likely this is a false positive alarm. If you're a bit worried, use the referenced site to get additional assurance. Thanks.

Post by **veremin** » Jan 04, 2017 4:28 pm this post

Also, kindly, avoid posting private links to Update 1 RTM, as the update is yet to become generally available. Thanks.

DeLiriOusNoMaD · Jan 08, 2017 10:05 pm

i believe the issue with AV picking up malware/ransomware false positives is due to AV detecting file replication dlls/exe. i have a similar issue with another vendor and its replication executable, i will not name it here, but this was with Trend Micro flagging the file as ransomware. i was told the file detected wouldnt be removed from the AV detection engines.

Post by **Mike Resseler** » Jan 09, 2017 6:16 am this post

Bill,

Thanks for the additional information. We try to work with those vendors and let our files get excluded but as you can see this still happens (and as you say, not only with us)
We keep pushing

Mike

R&D Forums

VEEAMVSShook_X86.dll trojan

Re: VEEAMVSShook_X86.dll trojan

Re: VEEAMVSShook_X86.dll trojan

Re: VEEAMVSShook_X86.dll trojan

Re: VEEAMVSShook_X86.dll trojan

Re: VEEAMVSShook_X86.dll trojan

Re: VEEAMVSShook_X86.dll trojan

Re: VEEAMVSShook_X86.dll trojan

Re: VEEAMVSShook_X86.dll trojan

Re: VEEAMVSShook_X86.dll trojan

Re: VEEAMVSShook_X86.dll trojan

Who is online