Jump to content

On Rav Antivirus


Recommended Posts

I know this app is legit and ESET in principle should not flag it. But A) It installed silently coming from nowhere. B) Uninstalling it proved quite problematic. C) Upon restart Windows asked me to insert the bitlocker recovery key. D) While RAV was working without me knowing it had been installed the battery was drained so fast it couldn't even work out of home for 3 hours (6.5 hours on average on my Yoga).

Would it be a good idea to at least allow ESET to detect this as a Potentially Malicious App? It's crazy what it does.

 

Thanks

 

Link to comment
Share on other sites

  • Most Valued Members
Posted (edited)
2 hours ago, PassingBy said:

I know this app is legit and ESET in principle should not flag it. But A) It installed silently coming from nowhere. B) Uninstalling it proved quite problematic. C) Upon restart Windows asked me to insert the bitlocker recovery key. D) While RAV was working without me knowing it had been installed the battery was drained so fast it couldn't even work out of home for 3 hours (6.5 hours on average on my Yoga).

Would it be a good idea to at least allow ESET to detect this as a Potentially Malicious App? It's crazy what it does.

 

Thanks

 

Comments from Reddit shows that this program is old from 90s but it's abandoned and not developed anymore , some comments say that it's normal program , and some says that it's a virus/malware

But mostly going for normal antivirus program that stopped being developed since 10 years.

But it's impossible to get installed by itself , there should be something in your computer that triggered the download and the install.

Edited by Nightowl
Link to comment
Share on other sites

Posted (edited)
5 hours ago, Marcos said:

Are you referring to this sw? https://reasonlabs.com/ I see no option to download a trial version. Where did you get it from so that we can test it?

Hi Marcos,

No i am referring to the thing described here and in many other places

 It showed 4 processes called RAV in task manager (low usage but battery drained fast, very fast) and two major folders. One in C:\programs and the other in User/Appdata/Roaming, as well as a number of registry entries as usual (I removed them all)

The two last software i installed were Qbit and uBit Torrent. Both from their original website

Edited by PassingBy
Link to comment
Share on other sites

3 hours ago, Nightowl said:

Comments from Reddit shows that this program is old from 90s but it's abandoned and not developed anymore , some comments say that it's normal program , and some says that it's a virus/malware

But mostly going for normal antivirus program that stopped being developed since 10 years.

But it's impossible to get installed by itself , there should be something in your computer that triggered the download and the install.

Thanks.

 

lots of reference online.

Link to comment
Share on other sites

15 minutes ago, PassingBy said:

The two last software i installed were Qbit and uBit Torrent. Both from their original website

My best guess as to how RAV got installed on your device is it was bundled in an installer for another app you downloaded and installed.

There is also though remote possibility of supply chain corruption. That is it arrived bundled in an update download for one of your existing apps.

Edited by itman
Link to comment
Share on other sites

14 minutes ago, itman said:

My best guess as to how RAV got installed on your device is it was bundled in an installer for another app you downloaded and installed.

There is also though remote possibility of supply chain corruption. That is it arrived bundled in an update download for one of your existing apps.

I agree. However if i try to install software like "lightshot" (A free screenshot software) ESET blocks the installation detecting a threat (i don't know why as i had been using it for years before). In this case the installation occurs and ESET doesn't detect a problem. But to me this program is a borderline threat. So the question is whether ESET can technically detect it and if it finds it appropriate to do it. (I sent a similar answer a while ago and i don't know where it went)

Link to comment
Share on other sites

4 minutes ago, PassingBy said:

However if i try to install software like "lightshot" (A free screenshot software) ESET blocks the installation detecting a threat (i don't know why as i had been using it for years before). In this case the installation occurs and ESET doesn't detect a problem.

If Eset detected it as malicious, the installer file should have been blocked from execution, the file deleted, and sent to Eset Quarantine.

If Eset detects it as a PUA, the Eset alert will allow you to Ignore the Eset detection allowing the execution to proceed. Is this what you did in this instance?

Also, have you verified that Eset PUA settings are enabled in Eset GUI real-time protection section?

 

Link to comment
Share on other sites

9 hours ago, itman said:

If Eset detected it as malicious, the installer file should have been blocked from execution, the file deleted, and sent to Eset Quarantine.

If Eset detects it as a PUA, the Eset alert will allow you to Ignore the Eset detection allowing the execution to proceed. Is this what you did in this instance?

Also, have you verified that Eset PUA settings are enabled in Eset GUI real-time protection section?

 

Setting are all on max. Virus issues are real here. We live close to critical areas.

Link to comment
Share on other sites

As far as how RAV Antivirus got installed on your PC, refer to this: https://www.reddit.com/r/techsupport/comments/pffvux/what_is_rav_anti_virus_and_how_is_it_on_my/ . The most relevant postings are these:

Quote

Did you download the game Nox, by chance?

i did, is it a virus?

As I suspected, RAV Antivirus was bundled in an app installer; in this case, a game.

@Marcos, something for Eset to checkout.

Edited by itman
Link to comment
Share on other sites

  • Most Valued Members
Posted (edited)
On 4/5/2022 at 5:04 PM, PassingBy said:

I agree. However if i try to install software like "lightshot" (A free screenshot software) ESET blocks the installation detecting a threat (i don't know why as i had been using it for years before). In this case the installation occurs and ESET doesn't detect a problem. But to me this program is a borderline threat. So the question is whether ESET can technically detect it and if it finds it appropriate to do it. (I sent a similar answer a while ago and i don't know where it went)

Lightshot will give you some kind of offer to a toolbar or something like this but not RAV , I know the installer and yes ESET detects it as PUA but not the application itself , just the installer.

I believe it came from uTorrent if that's the two things you recently installed along with Qbittorrent , since Qbittorrent is open source they won't offer any kind of bloatware or toolbars

in the same time uTorrent does

image.thumb.png.e14b8e768ab1a763855818a2812d863e.png

I don't know what kind of antivirus they offer , but it's better to stay away from it , since qBittorent is much safer option than what uTorrent will throw at you.

BiTorrent and uTorrent are owned by same company , and it's not like what it used to be before the program itself , Deluge or qBittorent is a better option since they are open-source.

Update:

Yes I am correct it is uTorrent , Bittorrent is removed by ESET as PUA upon download , Utorrent isn't , I didn't run it but

image.thumb.png.9b3d6a76d62c0b69e6be3196126f121c.png

Edited by Nightowl
Link to comment
Share on other sites

I also came across this article on RAV antivirus: https://www.analyticsinsight.net/rav-antivirus-review-an-all-in-one-solution-to-protect-your-personal-devices/. The article, taken at face value, states RAV antivirus is a free AV with advanced Enterprise capability offered to individual users. If you go the ReasonLabs web site, you would believe its protection mechanisms are the greatest thing since "sliced bread."

-EDIT- The analytics.net article linked above states that RAV antivirus can be downloaded from the ReasonsLab web site. Yes, it is listed there as a product. However, good luck on finding any link there to download it.

Here's some company info. on ReasonsLabs: https://www.crunchbase.com/organization/reason-core-security . Bottom line, it's a small security software company; if legit that is. The fact that the software is bundled in a number of legit software installers leads me to believe "all is not as it should be" with this software. When was the last time legit AV software was bundled in other app installers?

-EDIT- This is also interesting. RAV antivirus dates to the early 2000's and was actually purchased by Microsoft and used as the basis for Microsoft Security Essentials AV.

Refs.: https://en.wikipedia.org/wiki/GeCAD_Software

          https://gecad.com/company/rav-antivirus/

Edited by itman
Link to comment
Share on other sites

  • Most Valued Members
4 hours ago, Nightowl said:

Lightshot will give you some kind of offer to a toolbar or something like this but not RAV , I know the installer and yes ESET detects it as PUA but not the application itself , just the installer.

I believe it came from uTorrent if that's the two things you recently installed along with Qbittorrent , since Qbittorrent is open source they won't offer any kind of bloatware or toolbars

in the same time uTorrent does

image.thumb.png.e14b8e768ab1a763855818a2812d863e.png

I don't know what kind of antivirus they offer , but it's better to stay away from it , since qBittorent is much safer option than what uTorrent will throw at you.

BiTorrent and uTorrent are owned by same company , and it's not like what it used to be before the program itself , Deluge or qBittorent is a better option since they are open-source.

Update:

Yes I am correct it is uTorrent , Bittorrent is removed by ESET as PUA upon download , Utorrent isn't , I didn't run it but

image.thumb.png.9b3d6a76d62c0b69e6be3196126f121c.png

I'm sure uttorrent used to get flagged as PUS as lots of people complained. 

2 hours ago, itman said:

I also came across this article on RAV antivirus: https://www.analyticsinsight.net/rav-antivirus-review-an-all-in-one-solution-to-protect-your-personal-devices/. The article, taken at face value, states RAV antivirus is a free AV with advanced Enterprise capability offered to individual users. If you go the ReasonLabs web site, you would believe its protection mechanisms are the greatest thing since "sliced bread."

-EDIT- The analytics.net article linked above states that RAV antivirus can be downloaded from the ReasonsLab web site. Yes, it is listed there as a product. However, good luck on finding any link there to download it.

Here's some company info. on ReasonsLabs: https://www.crunchbase.com/organization/reason-core-security . Bottom line, it's a small security software company; if legit that is. The fact that the software is bundled in a number of legit software installers leads me to believe "all is not as it should be" with this software. When was the last time legit AV software was bundled in other app installers?

-EDIT- This is also interesting. RAV antivirus dates to the early 2000's and was actually purchased by Microsoft and used as the basis for Microsoft Security Essentials AV.

Refs.: https://en.wikipedia.org/wiki/GeCAD_Software

          https://gecad.com/company/rav-antivirus/

It appears there are multiple companies that have had a RAV AV

Link to comment
Share on other sites

52 minutes ago, peteyt said:

I'm sure uttorrent used to get flagged as PUS as lots of people complained. 

As best as I can determine it is still flagged by Eset as such.

What it appears to me happened here is the OP overrode Eset's alert about a PUA detection for the download and let it install.

Link to comment
Share on other sites

  • Most Valued Members
Posted (edited)

No actual page for RAV , neither a download link I can find , it's bundled inside a software and hard to uninstall or breaks things as @PassingBydescribed , I think it fits the description of a PUA if it's not a malicious software.

image.png.6f0025460b8c0d8a771291583d43b229.png

I found this in their website , but still I cannot find a download link for it

Edited by Nightowl
Link to comment
Share on other sites

  • 4 weeks later...

I would like to add that F-Secure has classified one of RAV's online installer as PUA after submission.

Quote

Our analysis indicates that the file you submitted is a Potentially Unwanted Application (PUA). For immediate protection the file has been categorized as riskware via F-Secure's Security Cloud.

I have attached relevant online installers for ESET's analysis.

RAV.zip

Link to comment
Share on other sites

  • Administrators

This forum is not intended for submitting samples. Please follow the instructions at https://support.eset.com/en/kb141 if you have an undetected sample that you think it should be detected, or if it's clean and should not be detected.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...