Mr_Frog 15 Posted May 23 Share Posted May 23 This case is remain again today when I installed new version of Winflector. ESET detect it as a suspicious object and sent it to quarantine. Time;Scanner;Object type;Object;Detection;Action;User;Information;Hash;First seen here 23/05/2024 20.57.06;Real-time file system protection;file;C:\Winflector\server\wfrdsk.exe;Suspicious Object;cleaned by deleting;NT AUTHORITY\SYSTEM;Event occurred during an attempt to access the file by the application: C:\Windows\System32\CompatTelRunner.exe (A13077579A31F131DECA8D2D949F7DB29D7527BC).;030E1984469424754A2526C1E1616CBCAB5F29B1;23/05/2024 20.56.05 This is frustrating Link to comment Share on other sites More sharing options...
itman 1,746 Posted May 23 Share Posted May 23 Other AV's detect wfrdsk.exe as malicious: https://www.virustotal.com/gui/file/6b50b54a5f002dd785f3c790ff44fa8ed7f9d55eeb1149f4d88a6c26f2d5faf1/details . However what I believe Eset is triggering on is thatC:\Windows\System32\CompatTelRunner.exe is accessing the file. Are you running Winflector in Win compatibility mode? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,267 Posted May 23 Administrators Share Posted May 23 I wanted to find more information about the Winflector maker but could not find any contact information which looks suspicious. Link to comment Share on other sites More sharing options...
itman 1,746 Posted May 23 Share Posted May 23 11 minutes ago, Marcos said: I wanted to find more information about the Winflector maker but could not find any contact information which looks suspicious. Looks like OTC S.A. in Poland is the vendor: http://www.otc.pl/index.asp?s=109&l=2 Contact info here: http://www.otc.pl/index.asp?s=28&l=2 Link to comment Share on other sites More sharing options...
Mr_Frog 15 Posted May 24 Author Share Posted May 24 14 hours ago, itman said: Are you running Winflector in Win compatibility mode? No. I didn't. Here is the official website for this product https://www.winflector.com and its true the vendor is from Poland. I have been using this app for quite a while and faced this problem two times. This is the first: Link to comment Share on other sites More sharing options...
itman 1,746 Posted May 24 Share Posted May 24 The reputation issue here is the developer, OTC S.A, has set up value added retailer relationships; i.e. partners, just like Eset does. When you access www.winflector.com in the browser, you are being redirected to one of these partners; most likely based on locality. Link to comment Share on other sites More sharing options...
Recommended Posts