Font Forum

So at first Kaspersky did detect Trojan-Banker.Win32.Banbra.vdfk and no other virus scanners complained.
Now I've just re-scanned the same setup file at virustotal, and Kaspersky no longer complains, but these do:
AegisLab Troj.Banker.W32.Banbra!c
Microsoft TrojanSpy:Win32/Banker
Rising Malware.Strealer!8.1EF-6bvIvnloz5H (cloud)
nProtect Banker/W32.Banbra.14582792
I wonder if Kaspersky did provide this information to them, and then didn't notify them about the fact they no longer flag our software?

When I first submitted the file, I got this:

on FontCreatorSetup.exe, Virus Total reported:

This file was last analysed by VirusTotal on 2016-12-06 13:41:11 UTC (2 days, 9 hours ago) it was first analysed by VirusTotal on 2016-11-30 20:32:31 UTC.

Detection ratio: 2/55

You can take a look at the last analysis or analyse it again now.

Results of Virustotal re-submission:
url = https://www.virustotal.com/en/file/f2b5 ... 481238322/

If that url is no good, here is the partial text:

SHA256: f2b5c21f61fc0525950207545bad7df2f172b45561a477ecb4bdaf6965c4b44b
File name: FontCreatorSetup.exe
Detection ratio: 4 / 56
Analysis date: 2016-12-08 23:05:22 UTC ( 0 minutes ago )

Antivirus Result Update
AegisLab Troj.Banker.W32.Banbra!c 20161208
Microsoft TrojanSpy:Win32/Banker 20161208
Rising Malware.Strealer!8.1EF-6bvIvnloz5H (cloud) 20161208
nProtect Banker/W32.Banbra.14582792 20161208
ALYac

Seems odd to me that this pops up here only now. I also scan everyday.
I guess I'll just download the latest release and see if that changes anything.

Leon Gauthier wrote:When I first submitted the file, I got this:

Well, at least that is exactly the same setup I uploaded.

I've reported this issue, so I hope Microsoft will act soon. I'll keep you updated as soon as I receive a reply.

I just scanned the system and the concerned files directly with Malwarebytes with nothing being detected either.

Mike

Is this your latest maintenance release?
If so, I guess there is no point in me re-installing!

No, we released one an hour ago!

Erwin Denissen wrote:I've just scanned all files with Windows Defender version 1.233.1724.0 and it didn't find any issues.

What file(s) are flagged on your system?

From the report.
file:C:\WINDOWS\sysWOW64\FCOutDrw.dll
shareddll:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS\\C:\WINDOWS\SysWoW64\FCOutDrw.dll
regkey:HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS\\C:\WINDOWS\SysWoW64\FCOutDrw.dll

I don't doubt it's a false positive, but I'll let Windows Defender do it's thing to make it happy. I'm in the process of doing a full-scan so I haven't see it flag the installer as of yet.

I see that Defender now has updated to 1.233.1759.0 but haven't tested to see if it still false-flags FCOutDrw.

FYI:
After scanning again with updated virus and spyware definitions and finding nothing, I instructed Windows Defender to allow the "Trojan" but the dll was deleted anyway upon re-booting. It also removed the registry entry:

HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS\\C:\WINDOWS\SysWOW64\FCOutDrw.dll

So the obvious recourse was to re-install the latest version of FontCreator 10.1.0 build 2257 posted today.
I am scanning now with the latest Virus and Spyware definition versions (1.233.1783.0) which is the third update of those files I saw today.
All clear, nothing found.

I also submitted FontCreatorSetup.exe to VirusTotal and got a clean bill of health:
SHA256: e61636655357d9c48c4cf1f59e2a6db3a03dc01e043c82979f7636213e0456ec
File name: FontCreatorSetup.exe
Detection ratio: 0 / 56
Analysis date: 2016-12-09 06:20:55 UTC ( 1 minute ago )
https://www.virustotal.com/en/file/e616 ... 481264455/

We've also performed a full scan last night, and Windows Defender didn't find anything on this development system.

In the mean time it was updated as well, so it now is using version 1.233.1768.0 for both virus and spyware definitions.