Detected UDS: Trojan.MSIL.Agent.gen in the new version 2.1 of Push2run

Here you are welcome to report any Push2Run bugs you may have encountered

if you know of a workaround, it would be great if you would mention that too
Post Reply
Disorder
Posts: 5
Joined: Wed Jan 23, 2019 4:00 pm

Detected UDS: Trojan.MSIL.Agent.gen in the new version 2.1 of Push2run

Post by Disorder »

Hi, I downloaded today the new version 2.1 of Push2run, but my antivirus (Kaspersky Total Security version 2019) identifies it as Virus: :shock:
UDS: Trojan.MSIL.Agent.gen and deletes it.
Does this problem turn out to someone else? Of course I could disable the antivirus until its installation, but I would be more comfortable with more information about it.
With the previous version, 2.0.5, which I am currently using, I have not detected any anomaly.
Thanks for any suggestions and thanks to the author of the beautiful program made available.
RobLatour
Site Admin
Posts: 1017
Joined: Mon Feb 19, 2018 11:43 am

Re: Detected UDS: Trojan.MSIL.Agent.gen in the new version 2.1 of Push2run

Post by RobLatour »

I use Kaspersky too and woke up this morning to the same notification. I have reported it to them as a false positive. My best guess is that the program now is able to send keystrokes to other applications, and Kaspersky doesn't like that. In any case, I got an auto reply that said:
From: Kaspersky AntiVirus Lab <newvirus@kaspersky.com>
Sent: January 23, 2019 8:35 AM
To: info@push2run.com
Subject: RE: Anti-virus Lab replies to your request [VD3][FILE:2][LN:en] [KL-359222]

Hello,

Your request is processing. The issue can be resolved in 3 working days.

Sincerely yours,
Nikita Kurganov, Malware Analyst, Kaspersky Lab

39A/3 Leningradskoe Shosse, Moscow, 125212, Russia Tel./Fax: + 7 (495) 797 8700 http://www.kaspersky.com <http://www.kaspersky.com> https://securelist.com <https://securelist.com>
Also, for what is worth, I just did a virustotal scan on the setupfile, and this is what I got:

https://www.virustotal.com/#/file/4dc34 ... /detection

(two engines of 69 are reporting the program - i will send the other engine a false positive report when in a moment).
RobLatour
Site Admin
Posts: 1017
Joined: Mon Feb 19, 2018 11:43 am

Re: Detected UDS: Trojan.MSIL.Agent.gen in the new version 2.1 of Push2run

Post by RobLatour »

as a further update - when I went to figure out how to report a false positive to zone alarm their support staff directed me to the same false positive reporting page as Kaspersky uses ( https://virusdesk.kaspersky.com/#scanresults ) so I guess the two products either share the same service or database?
Chat started on 24 Jan 2019, 12:59 AM (GMT+0)
(12:59:36) *** Rob Latour joined the chat ***
(12:59:36) Rob Latour: how do I report a false positive for zone alarm?
(12:59:44) *** Janiel A. joined the chat ***
(12:59:51) Janiel A.: Thank you Rob Latour for contacting ZoneAlarm Live Chat.
(12:59:55) Janiel A.: Hello Rob.
(12:59:57) Janiel A.: Let me assist.
(01:00:25) Janiel A.: Do you keep on getting alerts about a virus on your computer?
(01:02:08) Rob Latour: no, I am a software developer and I have released some freeware. I know it doesn't have any viruses because I wrote it myself. According to virus total zone alarm and one other engine (not you) are reporting it has a virus in it. I want to have someone from zonealarm review this and correct it.
(01:02:32) Janiel A.: Oh, I see. I understand.
(01:02:51) Janiel A.: You can submit/report false positives using this link : https://virusdesk.kaspersky.com/

(01:03:19) Rob Latour: ok let me take a look
(01:03:32) Janiel A.: Attach the file you wish to be scanned and once the result is out, you can disagree with the result and input any other data required.
(01:04:56) Rob Latour: ok so I guess I already reported it - the other engine that is reporting it as a false positive is Kaspersky. Hope they can get this fixed up soon.
(01:05:27) Rob Latour: thanks for your help
(01:05:30) Janiel A.: Alright then. I'm looking forward to your issue to be resolved as well.
(01:05:32) Janiel A.: Is there anything else I can assist you with today?
(01:05:38) Rob Latour: no thank you
(01:05:42) Janiel A.: Thank you Rob Latour for chatting with me. Tell us how we did today by giving us a thumbs up if you’re satisfied with your chat today.
RobLatour
Site Admin
Posts: 1017
Joined: Mon Feb 19, 2018 11:43 am

Re: Detected UDS: Trojan.MSIL.Agent.gen in the new version 2.1 of Push2run

Post by RobLatour »

Well they're making progress ... ZoneAlarm now reports Push2Run as clean:

https://www.virustotal.com/#/file/4dc34 ... /detection
RobLatour
Site Admin
Posts: 1017
Joined: Mon Feb 19, 2018 11:43 am

Re: Detected UDS: Trojan.MSIL.Agent.gen in the new version 2.1 of Push2run

Post by RobLatour »

Got this email from Kaspersky this afternoon
From: Kaspersky AntiVirus Lab <newvirus@kaspersky.com>
Sent: January 30, 2019 3:24 PM
To: info@push2run.com
Subject: RE: RE: Anti-virus Lab replies to your request [VD3][FILE:2][LN:en] [KL-359222]

Hello,

No malicious code was identified.
Sorry for the inconvenience. This is a false alarm and it will be fixed (the fix is expected to be published within 24 hours).

The detection has nothing to do with your recent software update.


Best regards, Oleg Yurzin, Malware Analyst

39A/3 Leningradskoe Shosse, Moscow, 125212, Russia Tel./Fax: + 7 (495) 797 8700 http://www.kaspersky.com <http://www.kaspersky.com> https://securelist.com <https://securelist.com> __________________________________________
Also, Virustotal is now reporting Push2Run as clean across all engines (including Kaspersky).

However, I updated my Kaspersky database and tried to download and run the setup program. Kaspersky is currently continuing to block it on my system, so I'll wait the 24 hrs and follow-up again if not resolved by then.
RobLatour
Site Admin
Posts: 1017
Joined: Mon Feb 19, 2018 11:43 am

Re: Detected UDS: Trojan.MSIL.Agent.gen in the new version 2.1 of Push2run

Post by RobLatour »

So to close this out...

Kaspersky updated their database at the end of January and I didn't get any further reports of false positives after that.

My guess is anyone running Kaspersky and installing Push2Run for the first time starting in February will be fine.

However, on my two machines that had Push2Run installed and Kaspersky running when the false positive issue was active, I was prevented from re-installing Push2Run - even after the Kaspersky false positive issue was corrected.

I reported this to Kaspersky, sent them a video, sent them a trace file, but had not heard further from them.

On one machine, about a week ago, I switched to Bitdefender so I could continue developing. The other machine I left Kaspersky running. Tonight I ran thru all the Kaspersky setting and found even though the program has now been cleared by Kaspersky it remained as blocked in my Kaspersky 'Manage Application' and 'Application Network Rulers' settings - presumably this had been set when the false positive issue was still around.

I correct this by removing the reference to the Push2Run setup file from the 'Manage Application' untrusted list and marking it as trusted in the 'Application Network Rulers' settings. This then resolved my final issues with Kaspersky, and I have since reported these steps to them.

My guess is anyone running Kaspersky and installing Push2Run for the first time during the time it was being reported as a false positive will need to deal with the same issue, but should be able to resolve it as described above.

Hope this helps.
Post Reply