VEEAMVSShook_X86.dll trojan

VMware specific discussions

VEEAMVSShook_X86.dll trojan

Veeam Logoby jamerson » Fri Nov 18, 2016 10:14 pm

Hi Guys,
today i was trying th te 9.5 on the LAB before, while installing it my antivirus has detected the VEEAMVSShook_X86.dll as TR/Hijacker.Gen2.
http://www.avira.com/en/support-threats ... n2&track=1
jamerson
Expert
 
Posts: 257
Liked: 16 times
Joined: Wed May 01, 2013 9:54 pm
Full Name: Julien

Re: VEEAMVSShook_X86.dll trojan

Veeam Logoby Gostev » Fri Nov 18, 2016 10:25 pm

False positive, use this site to double check the file in such cases > https://www.virustotal.com/
Different vendors use different checksum algorithms, so this is the easiest way to confirm a checksum collision.
Gostev
Veeam Software
 
Posts: 21505
Liked: 2380 times
Joined: Sun Jan 01, 2006 1:01 am
Location: Baar, Switzerland

Re: VEEAMVSShook_X86.dll trojan

Veeam Logoby dweide » Mon Nov 21, 2016 2:03 pm

Similar situation here:

- Avira reports "....VeeamVssHook_X86.dll' to be malicious
- Avira accordingly blocks access to this dll
- Message appears also after completed Installation of 9.5

And while I am sure that Veeam is not distributing malware - what's the resolution?

Just wait until Avira corrects the false positive?
dweide
Enthusiast
 
Posts: 32
Liked: 4 times
Joined: Thu Mar 29, 2012 1:57 pm
Full Name: D. Weide

Re: VEEAMVSShook_X86.dll trojan

Veeam Logoby PTide » Mon Nov 21, 2016 2:27 pm

While you're awaiting for Avira to correct the FP, you can configure exclusions by yourself.

Thanks
PTide
Veeam Software
 
Posts: 3137
Liked: 262 times
Joined: Tue May 19, 2015 1:46 pm

Re: VEEAMVSShook_X86.dll trojan

Veeam Logoby ccatlett1984 » Mon Nov 21, 2016 10:48 pm

Its being detected as a Trojan since its making calls to the system VSS writer.

Not many "good" applications do that, other than backup software.
ccatlett1984
Enthusiast
 
Posts: 83
Liked: 9 times
Joined: Thu Oct 31, 2013 5:11 pm
Full Name: Chris Catlett

Re: VEEAMVSShook_X86.dll trojan

Veeam Logoby lando_uk » Tue Nov 22, 2016 4:00 pm

Thanks for the heads up.

This should be added to known issues on the installation notes for 9.5.
lando_uk
Expert
 
Posts: 242
Liked: 18 times
Joined: Thu Oct 17, 2013 10:02 am
Location: UK
Full Name: Mark

Re: VEEAMVSShook_X86.dll trojan

Veeam Logoby albertwt » Tue Jan 03, 2017 11:28 pm

yes, McAfee also reports is as well today with the latest definition update running:

The transferred file contained a virus and was therefore blocked. :?:

Media Type: application/executable
Virus Name: Avira: TR/Hijacker.Gen2
--
/* Veeam software enthusiast user & supporter ! */
albertwt
Expert
 
Posts: 619
Liked: 20 times
Joined: Thu Nov 05, 2009 12:24 pm
Location: Sydney, NSW

Re: VEEAMVSShook_X86.dll trojan

Veeam Logoby v.Eremin » Wed Jan 04, 2017 10:30 am

As Anton's said, most likely this is a false positive alarm. If you're a bit worried, use the referenced site to get additional assurance. Thanks.
v.Eremin
Veeam Software
 
Posts: 13558
Liked: 1006 times
Joined: Fri Oct 26, 2012 3:28 pm
Full Name: Vladimir Eremin

Re: VEEAMVSShook_X86.dll trojan

Veeam Logoby v.Eremin » Wed Jan 04, 2017 4:28 pm

Also, kindly, avoid posting private links to Update 1 RTM, as the update is yet to become generally available. Thanks.
v.Eremin
Veeam Software
 
Posts: 13558
Liked: 1006 times
Joined: Fri Oct 26, 2012 3:28 pm
Full Name: Vladimir Eremin

Re: VEEAMVSShook_X86.dll trojan

Veeam Logoby DeLiriOusNoMaD » Sun Jan 08, 2017 10:05 pm

i believe the issue with AV picking up malware/ransomware false positives is due to AV detecting file replication dlls/exe. i have a similar issue with another vendor and its replication executable, i will not name it here, but this was with Trend Micro flagging the file as ransomware. i was told the file detected wouldnt be removed from the AV detection engines.
DeLiriOusNoMaD
Novice
 
Posts: 6
Liked: never
Joined: Tue Dec 29, 2015 10:25 pm
Full Name: Bill Athineos

Re: VEEAMVSShook_X86.dll trojan

Veeam Logoby Mike Resseler » Mon Jan 09, 2017 6:16 am

Bill,

Thanks for the additional information. We try to work with those vendors and let our files get excluded but as you can see this still happens (and as you say, not only with us)
We keep pushing :-)

Mike
Mike Resseler
Veeam Software
 
Posts: 3345
Liked: 380 times
Joined: Fri Feb 08, 2013 3:08 pm
Location: Belgium, the land of the fries, the beer, the chocolate and the diamonds...
Full Name: Mike Resseler


Return to VMware vSphere



Who is online

Users browsing this forum: No registered users and 26 guests