Recently I downloaded Open Shell application and checked it via VirusTotal. Most famous antiviruses like Bitdefender, Nrothon, Kaspersky found nothing. But some of antiviruses thing there are some bad stuff in it.
Asked
Active
Viewed 1,615 times
0
-
3Check the name of the detected malware, you will see they are very generic ("malicious", "generic", "AI detect") and it's not detected by most major vendors, so it isn't a known piece of malware and it's probably safe, even though you can never be 100% sure, of course. – reed Nov 26 '20 at 23:41
-
4Does this answer your question? [How to interpret virustotal, virusscan scan?](https://security.stackexchange.com/questions/231161/how-to-interpret-virustotal-virusscan-scan) – Steffen Ullrich Nov 27 '20 at 06:33
1 Answers
1
A lot of security and administration tools get picked up as something like "Potentially unwanted program" it may be that Open Shell has been detected as being used in conjunction with attacks (which is perfectly plausible)
The 'W32.AIDetectVM.malware2' flag could plausibly mean 'Virtual Machine' i.e. 'we have detected that this application allows for arbitrary code to be executed, which could be used to circumvent malware protection' and flagged as something you need to pay attention to. If you hadn't installed it intentionally finding a shell on your system you didn't put there is not a good sign!
Whilst it may be a false positive, it is possible that you may have a version which has been back-doored and it genuinely is dangerous in a way that only these vendors have detected; whether you trust them is a matter of risk assessment.
JeffUK
- 146
- 4
-
-
sorry, colloquialism I've fixed. I'm just saying that there is an outside chance the file is dangerous, just because only one vendor flagged the file doesn't mean that they are necessarily wrong. – JeffUK Nov 27 '20 at 19:50