Suspicious behaviour Aurora.exe

Hi there,

I have been using Project Aurora (RGB utility) for some months without issue.

Recently, Bitdefender started to flag up Suspicious Behaviour involving explorer.exe and Aurora.exe and then ‘disinfects’, which completely breaks the Aurora installation.

I can consistently reproduce the issue. If I copy and paste anything anywhere on the system when Aurora.exe is running, then the Suspicious behaviour issue flags up.

I’m certain aurora.exe is not infected. I have scanned its .exe using Bitdefender and MalwareBytes and it’s reported clean. I have submitted the file to Bitdefender as a False Postivie, but not heard back yet.

Does anyone have any technical explanation as to why this is happening?

Thanks.

Comments

  • Flexx
    Flexx DEFENDER OF THE YEAR 2023 / DEFENDER OF THE MONTH ✭✭✭✭✭ mod
    edited January 29

    @Alexandru_BD Can you check if any requests related to the same have been sent to malware researchers and if there is any update on this?

    Also, I would like to inform you that whether a file is malicious or not is confirmed only after a maximum of 72 hours. This is the maximum time during which malware researchers analyze the file. It may take more or less time to analyze the file.

    Also, when I checked the complete software on VirusTotal, none of the antimalware programs flagged it as malicious. Below is the VirusTotal link for the complete software:

    https://www.virustotal.com/gui/file/951c99285ad5416fbede4a459866af3e5bfc773a80f4b49668c5532eb9bf7645

    This indicates that it must have been the behavior blocker that detected the file as malicious, which will not be shown in the normal scan by Bitdefender.

    Regards.

    Life happens, Coffee helps!

    Bitdefender Ultimate Security Plus (user)

  • Nige
    Nige ✭✭

    Thanks for your reply.

    It has been less than 72 hours since I reported the issue to Bitdefender, so I shall wait and see.

  • Alexandru_BD
    Alexandru_BD admin
    edited January 30

    Hello @Nige,

    Did you get a ticket number for your inquiry? I can't seem to find a recent ticket when searching using your email address. I have noticed that no security vendors flagged this file as malicious, including Bitdefender, based on the virustotal link above. But then again, they might have whitelisted it already. Can you try again and perhaps add an exception for the aurora.exe file in the Advanced Threat Defense security module? Here are the steps to do this:

    Thanks.

    Alex

    Premium Security & Bitdefender Endpoint Security Tools user

  • Nige
    Nige ✭✭
    edited January 31

    Thanks for your reply.

    I did Submit the form. My browser remember all the answers I put in the other day.

    I just repeated the process. When I click the Submit button, the form just refreshes to blank. No error or confirmation. That was using Edge browser. I just repeated the same using the Chrome browser and the same happened.

    You may want to check with your web guys that the form is working properly!

    I just got an email confirmation, so probably your form isn't working in Edge but does work in Chrome.

    I also just got this error when tried to post the link to the form that I used.


  • Flexx
    Flexx DEFENDER OF THE YEAR 2023 / DEFENDER OF THE MONTH ✭✭✭✭✭ mod

    This is not an issue with the forum. Since you are a new user, you will not be allowed to post links due to the default forum settings. I have promoted you to level 2 now. Kindly check if you are able to post the links or not.

    Secondly, it's not your browser that remembers the comment. It's another default Bitdefender forum setting that stores your non-submitted comment in drafts. You can remove the stored draft by clicking on your icon at the top right and then clicking on 'Drafts' to remove the respective comment from there.

    @Alexandru_BD any thing to add here

    Regards

    Life happens, Coffee helps!

    Bitdefender Ultimate Security Plus (user)

  • Nige
    Nige ✭✭

    Thanks for the reply and the promotion.

    It still remains that when I submitted the form using Edge, then the form wasn’t submitted at all, but at least now I know that this is an issue.

  • Nothing to add here, you've explained it well @Flexx.

    @Nige I confirm the sample was successfully sent to our laboratories. The case was last updated yesterday afternoon. Not sure exactly what happened with the form during submission. I think clearing cache & cookies should normally resolve the error.

    Regards,

    Alex

    Premium Security & Bitdefender Endpoint Security Tools user

  • Nige
    Nige ✭✭

    22 days later. Not heard anything at all about the file I submitted.

    What;s the usual timeline for this kind of thing?