PassingBy 5 Posted April 5, 2022 Share Posted April 5, 2022 I know this app is legit and ESET in principle should not flag it. But A) It installed silently coming from nowhere. B) Uninstalling it proved quite problematic. C) Upon restart Windows asked me to insert the bitlocker recovery key. D) While RAV was working without me knowing it had been installed the battery was drained so fast it couldn't even work out of home for 3 hours (6.5 hours on average on my Yoga). Would it be a good idea to at least allow ESET to detect this as a Potentially Malicious App? It's crazy what it does. Thanks Link to comment Share on other sites More sharing options...
Administrators Marcos 4,705 Posted April 5, 2022 Administrators Share Posted April 5, 2022 Are you referring to this sw? https://reasonlabs.com/ I see no option to download a trial version. Where did you get it from so that we can test it? Link to comment Share on other sites More sharing options...
Most Valued Members Nightowl 187 Posted April 5, 2022 Most Valued Members Share Posted April 5, 2022 (edited) 2 hours ago, PassingBy said: I know this app is legit and ESET in principle should not flag it. But A) It installed silently coming from nowhere. B) Uninstalling it proved quite problematic. C) Upon restart Windows asked me to insert the bitlocker recovery key. D) While RAV was working without me knowing it had been installed the battery was drained so fast it couldn't even work out of home for 3 hours (6.5 hours on average on my Yoga). Would it be a good idea to at least allow ESET to detect this as a Potentially Malicious App? It's crazy what it does. Thanks Comments from Reddit shows that this program is old from 90s but it's abandoned and not developed anymore , some comments say that it's normal program , and some says that it's a virus/malware But mostly going for normal antivirus program that stopped being developed since 10 years. But it's impossible to get installed by itself , there should be something in your computer that triggered the download and the install. Edited April 5, 2022 by Nightowl Link to comment Share on other sites More sharing options...
PassingBy 5 Posted April 5, 2022 Author Share Posted April 5, 2022 (edited) 5 hours ago, Marcos said: Are you referring to this sw? https://reasonlabs.com/ I see no option to download a trial version. Where did you get it from so that we can test it? Hi Marcos, No i am referring to the thing described here and in many other places It showed 4 processes called RAV in task manager (low usage but battery drained fast, very fast) and two major folders. One in C:\programs and the other in User/Appdata/Roaming, as well as a number of registry entries as usual (I removed them all) The two last software i installed were Qbit and uBit Torrent. Both from their original website Edited April 5, 2022 by PassingBy Link to comment Share on other sites More sharing options...
PassingBy 5 Posted April 5, 2022 Author Share Posted April 5, 2022 3 hours ago, Nightowl said: Comments from Reddit shows that this program is old from 90s but it's abandoned and not developed anymore , some comments say that it's normal program , and some says that it's a virus/malware But mostly going for normal antivirus program that stopped being developed since 10 years. But it's impossible to get installed by itself , there should be something in your computer that triggered the download and the install. Thanks. lots of reference online. Link to comment Share on other sites More sharing options...
itman 1,538 Posted April 5, 2022 Share Posted April 5, 2022 (edited) 15 minutes ago, PassingBy said: The two last software i installed were Qbit and uBit Torrent. Both from their original website My best guess as to how RAV got installed on your device is it was bundled in an installer for another app you downloaded and installed. There is also though remote possibility of supply chain corruption. That is it arrived bundled in an update download for one of your existing apps. Edited April 5, 2022 by itman Link to comment Share on other sites More sharing options...
PassingBy 5 Posted April 5, 2022 Author Share Posted April 5, 2022 14 minutes ago, itman said: My best guess as to how RAV got installed on your device is it was bundled in an installer for another app you downloaded and installed. There is also though remote possibility of supply chain corruption. That is it arrived bundled in an update download for one of your existing apps. I agree. However if i try to install software like "lightshot" (A free screenshot software) ESET blocks the installation detecting a threat (i don't know why as i had been using it for years before). In this case the installation occurs and ESET doesn't detect a problem. But to me this program is a borderline threat. So the question is whether ESET can technically detect it and if it finds it appropriate to do it. (I sent a similar answer a while ago and i don't know where it went) Link to comment Share on other sites More sharing options...
itman 1,538 Posted April 5, 2022 Share Posted April 5, 2022 4 minutes ago, PassingBy said: However if i try to install software like "lightshot" (A free screenshot software) ESET blocks the installation detecting a threat (i don't know why as i had been using it for years before). In this case the installation occurs and ESET doesn't detect a problem. If Eset detected it as malicious, the installer file should have been blocked from execution, the file deleted, and sent to Eset Quarantine. If Eset detects it as a PUA, the Eset alert will allow you to Ignore the Eset detection allowing the execution to proceed. Is this what you did in this instance? Also, have you verified that Eset PUA settings are enabled in Eset GUI real-time protection section? Link to comment Share on other sites More sharing options...
PassingBy 5 Posted April 5, 2022 Author Share Posted April 5, 2022 9 hours ago, itman said: If Eset detected it as malicious, the installer file should have been blocked from execution, the file deleted, and sent to Eset Quarantine. If Eset detects it as a PUA, the Eset alert will allow you to Ignore the Eset detection allowing the execution to proceed. Is this what you did in this instance? Also, have you verified that Eset PUA settings are enabled in Eset GUI real-time protection section? Setting are all on max. Virus issues are real here. We live close to critical areas. Link to comment Share on other sites More sharing options...
itman 1,538 Posted April 6, 2022 Share Posted April 6, 2022 (edited) As far as how RAV Antivirus got installed on your PC, refer to this: https://www.reddit.com/r/techsupport/comments/pffvux/what_is_rav_anti_virus_and_how_is_it_on_my/ . The most relevant postings are these: Quote Did you download the game Nox, by chance? i did, is it a virus? As I suspected, RAV Antivirus was bundled in an app installer; in this case, a game. @Marcos, something for Eset to checkout. Edited April 6, 2022 by itman Link to comment Share on other sites More sharing options...
Most Valued Members Nightowl 187 Posted April 6, 2022 Most Valued Members Share Posted April 6, 2022 (edited) On 4/5/2022 at 5:04 PM, PassingBy said: I agree. However if i try to install software like "lightshot" (A free screenshot software) ESET blocks the installation detecting a threat (i don't know why as i had been using it for years before). In this case the installation occurs and ESET doesn't detect a problem. But to me this program is a borderline threat. So the question is whether ESET can technically detect it and if it finds it appropriate to do it. (I sent a similar answer a while ago and i don't know where it went) Lightshot will give you some kind of offer to a toolbar or something like this but not RAV , I know the installer and yes ESET detects it as PUA but not the application itself , just the installer. I believe it came from uTorrent if that's the two things you recently installed along with Qbittorrent , since Qbittorrent is open source they won't offer any kind of bloatware or toolbars in the same time uTorrent does I don't know what kind of antivirus they offer , but it's better to stay away from it , since qBittorent is much safer option than what uTorrent will throw at you. BiTorrent and uTorrent are owned by same company , and it's not like what it used to be before the program itself , Deluge or qBittorent is a better option since they are open-source. Update: Yes I am correct it is uTorrent , Bittorrent is removed by ESET as PUA upon download , Utorrent isn't , I didn't run it but Edited April 6, 2022 by Nightowl peteyt 1 Link to comment Share on other sites More sharing options...
itman 1,538 Posted April 6, 2022 Share Posted April 6, 2022 (edited) I also came across this article on RAV antivirus: https://www.analyticsinsight.net/rav-antivirus-review-an-all-in-one-solution-to-protect-your-personal-devices/. The article, taken at face value, states RAV antivirus is a free AV with advanced Enterprise capability offered to individual users. If you go the ReasonLabs web site, you would believe its protection mechanisms are the greatest thing since "sliced bread." -EDIT- The analytics.net article linked above states that RAV antivirus can be downloaded from the ReasonsLab web site. Yes, it is listed there as a product. However, good luck on finding any link there to download it. Here's some company info. on ReasonsLabs: https://www.crunchbase.com/organization/reason-core-security . Bottom line, it's a small security software company; if legit that is. The fact that the software is bundled in a number of legit software installers leads me to believe "all is not as it should be" with this software. When was the last time legit AV software was bundled in other app installers? -EDIT- This is also interesting. RAV antivirus dates to the early 2000's and was actually purchased by Microsoft and used as the basis for Microsoft Security Essentials AV. Refs.: https://en.wikipedia.org/wiki/GeCAD_Software https://gecad.com/company/rav-antivirus/ Edited April 6, 2022 by itman Link to comment Share on other sites More sharing options...
Most Valued Members peteyt 360 Posted April 6, 2022 Most Valued Members Share Posted April 6, 2022 4 hours ago, Nightowl said: Lightshot will give you some kind of offer to a toolbar or something like this but not RAV , I know the installer and yes ESET detects it as PUA but not the application itself , just the installer. I believe it came from uTorrent if that's the two things you recently installed along with Qbittorrent , since Qbittorrent is open source they won't offer any kind of bloatware or toolbars in the same time uTorrent does I don't know what kind of antivirus they offer , but it's better to stay away from it , since qBittorent is much safer option than what uTorrent will throw at you. BiTorrent and uTorrent are owned by same company , and it's not like what it used to be before the program itself , Deluge or qBittorent is a better option since they are open-source. Update: Yes I am correct it is uTorrent , Bittorrent is removed by ESET as PUA upon download , Utorrent isn't , I didn't run it but I'm sure uttorrent used to get flagged as PUS as lots of people complained. 2 hours ago, itman said: I also came across this article on RAV antivirus: https://www.analyticsinsight.net/rav-antivirus-review-an-all-in-one-solution-to-protect-your-personal-devices/. The article, taken at face value, states RAV antivirus is a free AV with advanced Enterprise capability offered to individual users. If you go the ReasonLabs web site, you would believe its protection mechanisms are the greatest thing since "sliced bread." -EDIT- The analytics.net article linked above states that RAV antivirus can be downloaded from the ReasonsLab web site. Yes, it is listed there as a product. However, good luck on finding any link there to download it. Here's some company info. on ReasonsLabs: https://www.crunchbase.com/organization/reason-core-security . Bottom line, it's a small security software company; if legit that is. The fact that the software is bundled in a number of legit software installers leads me to believe "all is not as it should be" with this software. When was the last time legit AV software was bundled in other app installers? -EDIT- This is also interesting. RAV antivirus dates to the early 2000's and was actually purchased by Microsoft and used as the basis for Microsoft Security Essentials AV. Refs.: https://en.wikipedia.org/wiki/GeCAD_Software https://gecad.com/company/rav-antivirus/ It appears there are multiple companies that have had a RAV AV Link to comment Share on other sites More sharing options...
itman 1,538 Posted April 6, 2022 Share Posted April 6, 2022 52 minutes ago, peteyt said: I'm sure uttorrent used to get flagged as PUS as lots of people complained. As best as I can determine it is still flagged by Eset as such. What it appears to me happened here is the OP overrode Eset's alert about a PUA detection for the download and let it install. Link to comment Share on other sites More sharing options...
Most Valued Members Nightowl 187 Posted April 7, 2022 Most Valued Members Share Posted April 7, 2022 (edited) No actual page for RAV , neither a download link I can find , it's bundled inside a software and hard to uninstall or breaks things as @PassingBydescribed , I think it fits the description of a PUA if it's not a malicious software. I found this in their website , but still I cannot find a download link for it Edited April 7, 2022 by Nightowl Link to comment Share on other sites More sharing options...
AnthonyQ 42 Posted May 5, 2022 Share Posted May 5, 2022 I would like to add that F-Secure has classified one of RAV's online installer as PUA after submission. Quote Our analysis indicates that the file you submitted is a Potentially Unwanted Application (PUA). For immediate protection the file has been categorized as riskware via F-Secure's Security Cloud. I have attached relevant online installers for ESET's analysis. RAV.zip Link to comment Share on other sites More sharing options...
Administrators Marcos 4,705 Posted May 5, 2022 Administrators Share Posted May 5, 2022 This forum is not intended for submitting samples. Please follow the instructions at https://support.eset.com/en/kb141 if you have an undetected sample that you think it should be detected, or if it's clean and should not be detected. Link to comment Share on other sites More sharing options...
Recommended Posts