You are here

Rufus infected with Trojan?

4 posts / 0 new
Last post
Last seen: 2 years 6 months ago
Joined: 2018-06-23 18:20
Rufus infected with Trojan?


MS Defender says that Rufus is infected with Win32/Vigorf.A

Last seen: 3 years 3 months ago
Joined: 2018-05-10 09:12
Re: v3.1
Last seen: 5 years 8 months ago
Joined: 2018-06-24 20:47
I also received notice that

I also received notice that the executable was infected after updating my PortableApps this morning...


Alert level: Severe
Status: Quarantined
Date: 6/24/2018

Recommended action: Remove threat now.

Category: Trojan
Details: This program is dangerous and executes commands from an attacker

Affected items:
File: I:\PortableApps\PortableApps\RufusPortable\App\Rufus\rufusp.exe

Downloading the regular Rufus executable (which I regularly use on my computer) did not produce such a notification. Of course, that's not the portable version, which I'm fully aware of.

John T. Haller
John T. Haller's picture
Last seen: 1 hour 35 min ago
Joined: 2005-11-28 22:21
False Positive In Rufus

There appears to be a false positive in Rufus within the Microsoft and Ikarus engines. You can see a scan of rufusp.exe/rufus-3.1.exe here:

And an updated scan of the Rufus Portable package here:

The publisher appears to have rebuilt the app and re-released it with a new digital signature on June 23 but kept the same version number. That's why if you download it now it doesn't have the same SHA256 and shows clean. I'm packaging that now as 3.1 Build 2.

UPDATE: 3.1 Build 2 has been posted.

UPDATE (2018-06-26): Microsoft has fixed their false positive issue with the original 3.1 build.

Sometimes, the impossible can become possible, if you're awesome!

Log in or register to post comments