Could this be a false positive from VirusTotal?
Hello everybody. I'm in a trial period for Bitdefender Total Security. After checking Virustotal gave the following return of the executables below. Is something wrong? Thanks.
"C:\Program Files\Bitdefender\Bitdefender Security\hntwhlpr.exe"
Crowdsourced YARA rules
-Matches rule INDICATOR_SUSPICIOUS_VM_Evasion_MACAddrComb by ditekSHen from ruleset indicator_suspicious at https://github.com/ditekshen/detection Detects executables referencing virtualization MAC addresses
"C:\Program Files\Bitdefender\Bitdefender Security\obkch.exe"
Crowdsourced YARA rules
-Matches rule Adobe_XMP_Identifier by InQuest Labs from ruleset Adobe_XMP_Identifier at https://github.com/InQuest/yara-rules-vt This signature identifies Adobe Extensible Metadata Platform (XMP) identifiers embedded within files. Defined as a standard for mapping graphical asset relationships, XMP allows for tracking of both parent-child relationships and individual revisions. There are three categories of identifiers: original document, document, and instance. Generally, XMP data is stored in XML format, updated on save/copy, and embedded within the graphical asset. These identifiers can be used to track both malicious and benign graphics within common Microsoft and Adobe document lures.
"C:\Program Files\Bitdefender\Bitdefender Security\wsccommunicator.exe"
Crowdsourced Sigma Rules
-Matches rule File deletion via CMD (via cmdline) by Ariel Millahuel at SOC Prime Threat Detection Marketplace Detects "cmd" utilization to self-delete files in some critical Windows destinations.
-Matches rule Failed Code Integrity Checks by Thomas Patzke at Sigma Integrated Rule Set (GitHub) Code integrity failures may indicate tampered executables
"C:\Program Files\Bitdefender\Bitdefender Security\wsccommunicator_ls.exe"
Crowdsourced Sigma Rules
-Matches rule Failed Code Integrity Checks by Thomas Patzke at Sigma Integrated Rule Set (GitHub) Code integrity failures may indicate tampered executables.
Answers
-
Hello.
Only the malware researchers at Bitdefender Labs can help you with the issue.
You should report the file(s) and the VirusTotal link(s) as false positive to Bitdefender Labs here:
Regards.
1 -
Hi @Joelson
In general, wsccommunicator is the .exe that communicates with Windows security to give you the green check mark on the Windows shield icon (that the two are syncing together)
The obk's, the obkche is part of the Safepay module. It looks like as it says, a clean-up .exe for maybe when you exit out of Safpay? I routinely use the obk.exe to create a desktop shortcut for Safepay.
And the other, I have in my Program files too, I just haven't had my morning coffee to check into it more :)
Scott
All Bitdefender Home Product User Guides: https://www.bitdefender.com/consumer/support/user-guides/ Using BD Antivirus Plus along with Glasswire free.
2 -
The detection seems to be valid. Even kaspersky detects the file as malicious.
Regards
Life happens, Coffee helps!
Show your Attitude, when you reach that Altitude!
Bitdefender Ultimate Security Plus (user)
1 -
I see this and I think I have malware because i seem to have a file that is in Norton antivirus and I don't have it installed and it is in the wrong location that is commonly used by malware and this has one detection, but would you say for me to wait or just do it or just not.
0 -
Kindly create a new post since you are replying to a post that is a year old. This post is closed for further comments.
Regards
Life happens, Coffee helps!
Show your Attitude, when you reach that Altitude!
Bitdefender Ultimate Security Plus (user)
1