Mr_Frog 15 Posted May 23 Posted May 23 This case is remain again today when I installed new version of Winflector. ESET detect it as a suspicious object and sent it to quarantine. Time;Scanner;Object type;Object;Detection;Action;User;Information;Hash;First seen here 23/05/2024 20.57.06;Real-time file system protection;file;C:\Winflector\server\wfrdsk.exe;Suspicious Object;cleaned by deleting;NT AUTHORITY\SYSTEM;Event occurred during an attempt to access the file by the application: C:\Windows\System32\CompatTelRunner.exe (A13077579A31F131DECA8D2D949F7DB29D7527BC).;030E1984469424754A2526C1E1616CBCAB5F29B1;23/05/2024 20.56.05 This is frustrating
itman 1,801 Posted May 23 Posted May 23 Other AV's detect wfrdsk.exe as malicious: https://www.virustotal.com/gui/file/6b50b54a5f002dd785f3c790ff44fa8ed7f9d55eeb1149f4d88a6c26f2d5faf1/details . However what I believe Eset is triggering on is thatC:\Windows\System32\CompatTelRunner.exe is accessing the file. Are you running Winflector in Win compatibility mode?
Administrators Marcos 5,451 Posted May 23 Administrators Posted May 23 I wanted to find more information about the Winflector maker but could not find any contact information which looks suspicious.
itman 1,801 Posted May 23 Posted May 23 11 minutes ago, Marcos said: I wanted to find more information about the Winflector maker but could not find any contact information which looks suspicious. Looks like OTC S.A. in Poland is the vendor: http://www.otc.pl/index.asp?s=109&l=2 Contact info here: http://www.otc.pl/index.asp?s=28&l=2
Mr_Frog 15 Posted May 24 Author Posted May 24 14 hours ago, itman said: Are you running Winflector in Win compatibility mode? No. I didn't. Here is the official website for this product https://www.winflector.com and its true the vendor is from Poland. I have been using this app for quite a while and faced this problem two times. This is the first:
itman 1,801 Posted May 24 Posted May 24 The reputation issue here is the developer, OTC S.A, has set up value added retailer relationships; i.e. partners, just like Eset does. When you access www.winflector.com in the browser, you are being redirected to one of these partners; most likely based on locality.
Recommended Posts