Product, version and build: PowerShell Studio 2017 build 5.4.140
32 or 64 bit version of product: 64-bit
Operating system: Windows 10 Pro Version 1703 Build 15063.483
32 or 64 bit OS: 64-bit
During the update popup for a new version of PowerShell Studio 2017, PowerShell Studio was removed because of a trojan Bladabindi.
Also collegues of me have the same issue.
We checked one of the installation files SAPIEN PowerShell V3 Host (Windows Service) Win32.exe on virustotal.
Besides f-secure the following virusscanners also detect this trojan.
Ad-Aware, Arcabit, Bitdefender, Emsisoft, ENd-Game, GData, Max end escan.
First I was thinking of a false positive, but because of detecting by multiple scanners i am worried using the software now.
Can someone confirm if this is false positive, or if it is something to investigate further?
See also the following reports on virustotal website:
https://www.virustotal.com/nl/file/6574 ... /analysis/
https://www.virustotal.com/nl/file/f06f ... /analysis/
PowerShell Studio removed by f-secure
Forum rules
DO NOT POST LICENSE NUMBERS, ACTIVATION KEYS OR ANY OTHER LICENSING INFORMATION IN THIS FORUM.
Only the original author and our tech personnel can reply to a topic that is created in this forum. If you find a topic that relates to an issue you are having, please create a new topic and reference the other in your post.
Any code longer than three lines should be added as code using the 'Select Code' dropdown menu or attached as a file.
DO NOT POST LICENSE NUMBERS, ACTIVATION KEYS OR ANY OTHER LICENSING INFORMATION IN THIS FORUM.
Only the original author and our tech personnel can reply to a topic that is created in this forum. If you find a topic that relates to an issue you are having, please create a new topic and reference the other in your post.
Any code longer than three lines should be added as code using the 'Select Code' dropdown menu or attached as a file.
- cokbar_emo
- Posts: 4
- Last visit: Wed Mar 08, 2023 11:56 am
PowerShell Studio removed by f-secure
- Attachments
-
- PowerShellStudio-Bladabindi-trojan.png (35.57 KiB) Viewed 808 times
- Alexander Riedel
- Posts: 8479
- Last visit: Thu Mar 28, 2024 9:29 am
- Been upvoted: 37 times
Re: PowerShell Studio removed by f-secure
We continuously scan our software and as far as we know, nothing deployed has ever been infected with anything. Pattern based virus scanners are notorious for false positives, as they just pick a more or less random byte sequence of the virus or malware and look for it.
But we have no control over what happens on your computer. So you should ALWAYS, without fail, submit a reported file to the anti-virus software vendor for verification. We cannot do that for you since we do not know, nor can we control what happened on your computer.
But we have no control over what happens on your computer. So you should ALWAYS, without fail, submit a reported file to the anti-virus software vendor for verification. We cannot do that for you since we do not know, nor can we control what happened on your computer.
Alexander Riedel
SAPIEN Technologies, Inc.
SAPIEN Technologies, Inc.