Jump to content

FP Win32/AtlasVPN.A PUA

Gregecslo

By Gregecslo
in Malware Finding and Cleaning

 Share

Recommended Posts

Gregecslo

Gregecslo 8

Posted
Posted (edited)

Hello.

Possible FP: 

Win32/AtlasVPN.A    Potentially unwanted application    file://C:\program files\dotnet\packs\microsoft.netcore.app.host.win-x64\5.0.10\runtimes\win-x64\native\apphost.exe    16e5ebf8a2ae6ed07892c6d318fcb953c8d2bca7    124416    January 27, 2022 08:07:38    1    
Win32/AtlasVPN.A    Potentially unwanted application    file://C:\program files\dotnet\packs\microsoft.netcore.app.host.win-x64\5.0.12\runtimes\win-x64\native\apphost.exe    2bb7aae7671a506267f4ec698199c447c1ea3ba8    124416    January 27, 2022 08:07:08    1    
Win32/AtlasVPN.A    Potentially unwanted application    file://C:\program files\dotnet\sdk\5.0.303\apphosttemplate\apphost.exe                                                5ff2eadcf444f245d71ae0501fddc5c921967433    124416    January 27, 2022 08:07:08    1    
Win32/AtlasVPN.A    Potentially unwanted application    file://C:\program files\dotnet\sdk\5.0.403\apphosttemplate\apphost.exe                                                2bb7aae7671a506267f4ec698199c447c1ea3ba8    124416    January 27, 2022 08:07:08    1    
Win32/AtlasVPN.A    Potentially unwanted application    file://C:\program files\dotnet\packs\microsoft.netcore.app.host.win-x64\5.0.9\runtimes\win-x64\native\apphost.exe    5ff2eadcf444f245d71ae0501fddc5c921967433    124416    January 27, 2022 08:07:08    1

On VT only ESET detects it...

Edited by Gregecslo
Gregecslo

Gregecslo 8

Posted
  • Author
Posted

Now our legit apps built with this SDK are being flagged too...

Not looking good.

Masamunnex

Masamunnex 0

Posted
Posted
13 minutes ago, Gregecslo said:

Hello.

Possible FP: 

Win32/AtlasVPN.A    Potentially unwanted application    file://C:\program files\dotnet\packs\microsoft.netcore.app.host.win-x64\5.0.10\runtimes\win-x64\native\apphost.exe    16e5ebf8a2ae6ed07892c6d318fcb953c8d2bca7    124416    January 27, 2022 08:07:38    1    
Win32/AtlasVPN.A    Potentially unwanted application    file://C:\program files\dotnet\packs\microsoft.netcore.app.host.win-x64\5.0.12\runtimes\win-x64\native\apphost.exe    2bb7aae7671a506267f4ec698199c447c1ea3ba8    124416    January 27, 2022 08:07:08    1    
Win32/AtlasVPN.A    Potentially unwanted application    file://C:\program files\dotnet\sdk\5.0.303\apphosttemplate\apphost.exe                                                5ff2eadcf444f245d71ae0501fddc5c921967433    124416    January 27, 2022 08:07:08    1    
Win32/AtlasVPN.A    Potentially unwanted application    file://C:\program files\dotnet\sdk\5.0.403\apphosttemplate\apphost.exe                                                2bb7aae7671a506267f4ec698199c447c1ea3ba8    124416    January 27, 2022 08:07:08    1    
Win32/AtlasVPN.A    Potentially unwanted application    file://C:\program files\dotnet\packs\microsoft.netcore.app.host.win-x64\5.0.9\runtimes\win-x64\native\apphost.exe    5ff2eadcf444f245d71ae0501fddc5c921967433    124416    January 27, 2022 08:07:08    1

On VT only ESET detects it...

hey i just posted a topic about this too, i have getting a PUA msg about this win32/atlasvpn.a i did not download any atlasvpn or anything, any idea whats this about ?

Gregecslo

Gregecslo 8

Posted
  • Author
Posted

Most probably false positive.

It happened exactly a year ago with same file :)

Masamunnex

Masamunnex 0

Posted
Posted
6 minutes ago, Gregecslo said:

Most probably false positive.

It happened exactly a year ago with same file :)

I see, the question is do i clean it or ignore ? cleaning might cause damage to the operating system ?

  • Administrators
Marcos

Marcos 5,733

Posted
  • Administrators
Posted

Yes, it was FP. A new engine update is being worked on which will have the detection fixed.

You can create a temporary exclusion and restore the files from quarantine.

Masamunnex

Masamunnex 0

Posted
Posted
Just now, Marcos said:

Yes, it was FP. A new engine update is being worked on which will have the detection fixed.

You can create a temporary exclusion and restore the files from quarantine.

hey i also posted a topic about this but it seems that the file path on my machine is different, looks like its going to a gaming service from microsoft, care to also take a look ?

  • ESET Moderators
Peter Randziak

Peter Randziak 1,223

Posted
  • ESET Moderators
Posted

Hello @Masamunnex,

we can check it, if you want send me the log record in a text form and the file detected in password protected archive (set password to infected) via a private message.

Regards, Peter

  • Administrators
Marcos

Marcos 5,733

Posted
  • Administrators
Posted
1 hour ago, Masamunnex said:

hey i also posted a topic about this but it seems that the file path on my machine is different, looks like its going to a gaming service from microsoft, care to also take a look ?

Most likely it was a false positive. An engine update 24688 should be available within minutes which will address the FP.

  • Marcos changed the title to FP Win32/AtlasVPN.A PUA
Sam1

Sam1 0

Posted
Posted

Hello,

The releases of my application compiled with Visual Studio 2019 was also affected by this false positive, the releases of my application compiled with Visual Studio 2022 did not generate an alert from the antivirus.
I don't understand why the "Atlas VPN" software is considered a threat by ESET, is it spyware?
I have not found anything problematic about this software in the latest news.
Are you going to put in place procedures to avoid arbitrarily blocking applications compiled with Visual Studio in the future?
It would be a shame to have to delay updating the anti-virus database to avoid this kind of problem.

Best regards

  • ESET Insiders
Trooper

Trooper 71

Posted
  • ESET Insiders
Posted

Happened at my job today as well.

Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...