Legacy version of Primal Script contains a trojan in the distribution

Use this forum to ask questions after your subscription maintenance expires or before you buy. Need information on licensing or pricing? Questions about a trial version? This is the right place for you. No scripting questions, please.
Forum rules
DO NOT POST SUBSCRIPTION NUMBERS, LICENSE KEYS OR ANY OTHER LICENSING INFORMATION IN THIS FORUM.
Only the original author and our tech personnel can reply to a topic that is created in this forum. If you find a topic that relates to an issue you are having, please create a new topic and reference the other in your post.
This topic is 2 years and 7 months old and has exceeded the time allowed for comments. Please begin a new topic or use the search feature to find a similar but newer topic.
User avatar
rtate@boartlongyear.com
Posts: 1
Last visit: Mon Jul 26, 2021 8:35 am

Legacy version of Primal Script contains a trojan in the distribution

Post by rtate@boartlongyear.com »

To help you better we need some information from you.

*** Please fill in the fields below. If you leave fields empty or specify 'latest' rather than the actual version your answer will be delayed as we will be forced to ask you for this information. ***

Product, version and build: PrimalScript 2012 Version 6.5.171
Operating system: Windows 10 build 2009 (2021H1)
PowerShell version(s): 5.1.19041.1023
32-bit version of software? No, 64-bit

*** Please add details and screenshots as needed below. ***

I'm a long time PrimalScript user and have a license for 2012. I needed to re-install this version for an unimportant reason. After downloading and installing, my antivirus (SentinelOne) killed and quarantined the file PoshExeHostCmd64.exe.

VirusTotal shows 13 security vendors have flagged the file as malicious - it contains the LoveGate worm.

I went back to the distro to see if there was a hash value I could use for comparison after download and there wasn't one.

I just thought you should know so you can take the distro offline and/or repair it.
SapienSS3.jpg
SapienSS3.jpg (233.39 KiB) Viewed 16445 times
SapienSS2.jpg
SapienSS2.jpg (219.15 KiB) Viewed 16445 times
SapienSS1.jpg
SapienSS1.jpg (208.27 KiB) Viewed 16445 times
DO NOT POST LICENSES, KEYS OR ANY OTHER LICENSING INFORMATION IN THIS FORUM
User avatar
Alexander Riedel
Posts: 8472
Last visit: Mon Mar 18, 2024 2:59 pm
Answers: 19
Been upvoted: 37 times

Re: Legacy version of Primal Script contains a trojan in the distribution

Post by Alexander Riedel »

Yes, we are aware of this false positive. It has been discussed quite often. We changed how we store Script engines a while ago to prevent false positives on these files.
Basically these av engines use patterns to find malware. In order to improve speed, they make the patterns as short as possible and that subtracts from the distinctiveness of it.

To make that clear, this file is not infected by anything. It has been checked and triple checked. It is a false positive.

That being said, we do not know what happens on your machine during or after install. That is beyond our control. So in any case, always, I cannot stress that enough, you need to submit any file
reported by whatever antivirus vendor you use to said vendor. We cannot not do that for you, since we do not have the file on your machine which is reported.
Alexander Riedel
SAPIEN Technologies, Inc.
This topic is 2 years and 7 months old and has exceeded the time allowed for comments. Please begin a new topic or use the search feature to find a similar but newer topic.