koobas.hobune.stream
Malware-gen found in uninstall.exe 11/19/2013
Hi all,
First post please be nice.
I am really keen to start using unity it looks awesome but this jumped up on install. I understand unity has had a bit of a bad rap when it comes to malware and stuff due to its delivery method but I was hoping you could let me know if this is just a false positive or maybe I should hold off on using this product.
downloaded the install from the legit site
free account
am running avast
also running PC tools firewall (dont hate)
Thanks heaps guys I hope you all have a wonderful week.
I have Avast and it didn't report anything for me. Just saying. :)
Hi,
"I understand unity has had a bit of a bad rap when it comes to malware and stuff due to its delivery method"
It has? That's the first I've ever heard of it! A quick internet search reveals nothing to me other than a few ill-informed forum posts from several years ago. Can you provide more info about other reports of malware in Unity? - I'm sure many users here would want to be informed.
Given the fact that Avast has objected to Unity's webplayer, and the stated reason being "malware-gen" (which, as far as i can tell, is Avast's way of saying "I don't know what this is so I'll just tag it as offensive"), I'd guess that it has thrown a false positive because the webplayer contains code to access and download data from the web (clearly, in order to work...).
If you downloaded from http://unity3d.com/unity/download, I think you can be relatively assured there's no nastiness in Unity (obviously you can't 100% guarantee that in any closed-source product, but nobody else has made a fuss about it here that I'm aware of)
Right, things like "$$anonymous$$alware-gen(eric)" are usually heuristically deter$$anonymous$$ed positives and in a lot cases false positives.
Heuristic are usually used on virus definitions but most scanners also have a generic heuristic. This just has a list of potentially malicious code fragments and if something contains a certain combination or a certain amount of them it's declared as "generic virus". I dare to say most of those detections are false positive. The way they work is relying weak stereotyping.
Such detections should be sorted out by checking the file against meta scanners like virustotal. Just upload the uninstall.exe there and see the resutls. You could also post the link to the result here ;)
Thank you both, I do apologise I seem to have been swept up in forum hype. I was fairly sure it was safe. Seems like it is just avast being stupid, or more like trying to be over clever.
Also thanks for the link to virustotal, I didn't know that existed. I think we can chalk this one up to I was just too paranoid.
Now off to the tutorials I go! -JLH
Uninstalling and removing all the traces of avast is very difficult. This is due to the reason that it has ( like many other anti virus softwares) a self protection to guard against being manipulated by malware. This in turn effects the normal uninstall process within windows as well. You can go to https://appuals.com/uninstall-avast-using-avast-removal-tool/ and find several methods to delete avast.
