You are here

Home » Forums » General Forums » General Discussion

Malware in DTask Manager Portable?

4 posts / 0 new
Log in or register to post comments
Last post
December 14, 2015 - 4:54am
#1
PortableGood
Offline
Last seen: 2 months 3 weeks ago
Joined: 2014-10-06 11:51
Malware in DTask Manager Portable?

Eleven antivirus engines are reporting that DTask Manager Portable contains malware. Most are reporting it contains a backdoor trojan.

The file is located at http://downloads.portableapps.com/portableapps/dtaskmanagerportable/DTas...

The antivirus tools reporting malware in this file include Avira, McAfee, Symantec, and TrendMicro.

The SHA256 hash is fda36c68742e7cf30d51e2bd23cf348d921463ab8a30123fce874a2dc60a9a1c

For details, please see https://www.virustotal.com/en/file/fda36c68742e7cf30d51e2bd23cf348d92146...

Top
December 14, 2015 - 10:26am
John T. Haller
John T. Haller's picture
Offline
Last seen: 3 hours 13 min ago
AdminDeveloperModeratorTranslator
Joined: 2005-11-28 22:21
Heuristic

Most of those are duplicates as they use the same engine. It's a heuristic detection... Aka... A guess. That's why they all say 'generic' or similar. They don't see a Trojan or a backdoor. They see some function calls that could mean that. That's why the antivirus engines with a bit better heuristics show it as clean. This isn't surprising for a task manager app as it uses windows functions to get details on, elevate, de ellevate, and kill other processes. All things that some Trojans use.

All that said, if this is the new normal for these lesser antivirus engines, we may drop the app to avoid the hassle.

Sometimes, the impossible can become possible, if you're awesome!

Top
December 14, 2015 - 4:09pm
(Reply to #2)
PortableGood
Offline
Last seen: 2 months 3 weeks ago
Joined: 2014-10-06 11:51
This is one of those tough

This is one of those tough things, that without reading the source code and then compiling it directly from the source code, it is impossible to know whether or not it has malware. Hiding malware in apps that have legitimate uses for system functions is an old trick. Malware authors know that everyone will just assume it is safe.

Many times, honest software developers accidentally distribute software with malware because their development tools or system include malware.

Note that in no way am I claiming that app does or does not have malware. I've never read the source and then compiled it myself, or decompiled it, so I cannot know without spending many hours of time tracing the executable. I've never successfully installed it because my AV blocks it, and without reading the source and compiling it myself I don't want to unblock it.

Anyways, it's just a tricky situation.

What AV do you consider to have the best heuristics?

Top
July 20, 2016 - 9:30pm
(Reply to #3)
PortableGood
Offline
Last seen: 2 months 3 weeks ago
Joined: 2014-10-06 11:51
Update

Of those 11 engines, now only 9 report an issue with DTaskManagerPortable v1.54.

Interestingly, zero (0) report an issue with v1.54.1!

Top
Log in or register to post comments