Jump to content

ie4uinit.exe - A Variant Of Win64/GenKryptik.GBRX or FP?


safety

Recommended Posts

Dear colleagues,

Today there are multiple detections in different reports about the detection: ie4uinit.exe - A Variant Of Win64/GenKryptik.GBRX. (file added to the application - pass infected). Please clarify - is the detection correct or is it a false positive?

https://www.virustotal.com/gui/file/62c6492b6af245ab3dd63413b6587abaf4822beebe0f00e5dba77c1fa750cbdb?nocache=1

ie4uinit.zip

Edited by safety
Link to comment
Share on other sites

  • safety changed the title to ie4uinit.exe - A Variant Of Win64/GenKryptik.GBRX or FP?
  • 1 month later...

Has this been resolved? 

my builds in Visual Studio 2022 has been working fine then suddenly today my exes get flagged by ESET.

when I build, the exe file appears to be truncated to 0b and then I get the ESET flag and it deletes the EXE.

 

not sure why it should just suddenly start doing this when I am working same source (versioned)

anyone else getting this?

Thanks

Link to comment
Share on other sites

  • Administrators
5 hours ago, GloopyFlop said:

Has this been resolved?

The detection was removed on October 31, 2022. Please make sure that you have the modules updated.

Link to comment
Share on other sites

  • 2 weeks later...

Hi there, this is still a problem; I raised a subsequent issue but havent seen it approved yet. that gave more details.

Today I reverted back to some very old code and this compiled ok. then as I started building on the code, I hit the same problem.

Here's code snippet that causes the virus detection frm ESET (as it seems random, you dont need to understand the context, more note the next step of commenting out most of it):

       //------------------------------------------------------------------------------
        public static bool readScheduleFile(string profileName, int portnum, ref string profileData)
        {
            var fd = FileIO.fullProfileDescriptor(profileName, portnum, FileIO.dontCreate);
            var sr = new StreamReader(fd);
            Schedule tmpSched = new Schedule();

            reset(0);

            while (!sr.EndOfStream)
            {
                profileData = sr.ReadLine();

                if (profileData == null)
                    Console.WriteLine("Exception: Filename");
                else
                {
                    string[] result = profileData.Split('|');
                    Console.WriteLine(profileData);
                }

            }
            return false;
        }
    //--------------------------------------------------------------

and here I comment everything out of body and it builds ok

        //------------------------------------------------------------------------------
        public static bool readScheduleFile(string profileName, int portnum, ref string profileData)
        {
            //var fd = FileIO.fullProfileDescriptor(profileName, portnum, FileIO.dontCreate);
            //var sr = new StreamReader(fd);
            //Schedule tmpSched = new Schedule();

            //reset(0);

            //while (!sr.EndOfStream)
            //{
            //    profileData = sr.ReadLine();

            //    if (profileData == null)
            //        Console.WriteLine("Exception: Filename");
            //    else
            //    {
            //        string[] result = profileData.Split('|');
            //        Console.WriteLine(profileData);
            //    }

            //}
            //return false;
        }

 

What happens is imediately after the build, ESET kicks in and deletes the .EXE before visual studio can run  it.

It is not only that code, tehre doesnt seem to be any pattern; by selectively commenting out code I get to buikld and run with no issue, then uncomment and I get the issue,

 

any thoughts please?

 

 

 

 

 

Threat Screenshot.png

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...