PowerShell Studio removed by f-secure

This forum can be browsed by the general public. Posting is limited to current SAPIEN license holders with active maintenance and does not offer a response time guarantee.
Forum rules
DO NOT POST LICENSE NUMBERS, ACTIVATION KEYS OR ANY OTHER LICENSING INFORMATION IN THIS FORUM.
Only the original author and our tech personnel can reply to a topic that is created in this forum. If you find a topic that relates to an issue you are having, please create a new topic and reference the other in your post.

Any code longer than three lines should be added as code using the 'Select Code' dropdown menu or attached as a file.
This topic is 6 years and 8 months old and has exceeded the time allowed for comments. Please begin a new topic or use the search feature to find a similar but newer topic.
User avatar
cokbar_emo
Posts: 4
Last visit: Wed Mar 08, 2023 11:56 am

PowerShell Studio removed by f-secure

Post by cokbar_emo »

Product, version and build: PowerShell Studio 2017 build 5.4.140
32 or 64 bit version of product: 64-bit
Operating system: Windows 10 Pro Version 1703 Build 15063.483
32 or 64 bit OS: 64-bit

During the update popup for a new version of PowerShell Studio 2017, PowerShell Studio was removed because of a trojan Bladabindi.
Also collegues of me have the same issue.
We checked one of the installation files SAPIEN PowerShell V3 Host (Windows Service) Win32.exe on virustotal.
Besides f-secure the following virusscanners also detect this trojan.
Ad-Aware, Arcabit, Bitdefender, Emsisoft, ENd-Game, GData, Max end escan.
First I was thinking of a false positive, but because of detecting by multiple scanners i am worried using the software now.
Can someone confirm if this is false positive, or if it is something to investigate further?

See also the following reports on virustotal website:
https://www.virustotal.com/nl/file/6574 ... /analysis/
https://www.virustotal.com/nl/file/f06f ... /analysis/
Attachments
PowerShellStudio-Bladabindi-trojan.png
PowerShellStudio-Bladabindi-trojan.png (35.57 KiB) Viewed 808 times
User avatar
Alexander Riedel
Posts: 8479
Last visit: Thu Mar 28, 2024 9:29 am
Answers: 20
Been upvoted: 37 times

Re: PowerShell Studio removed by f-secure

Post by Alexander Riedel »

We continuously scan our software and as far as we know, nothing deployed has ever been infected with anything. Pattern based virus scanners are notorious for false positives, as they just pick a more or less random byte sequence of the virus or malware and look for it.
But we have no control over what happens on your computer. So you should ALWAYS, without fail, submit a reported file to the anti-virus software vendor for verification. We cannot do that for you since we do not know, nor can we control what happened on your computer.
Alexander Riedel
SAPIEN Technologies, Inc.
This topic is 6 years and 8 months old and has exceeded the time allowed for comments. Please begin a new topic or use the search feature to find a similar but newer topic.