Kontakt Portable 6.7.1 Virus Concerns

Discussion in 'Kontakt' started by Indivism, Apr 12, 2022.

  1. Indivism

    Indivism Newbie

    Joined:
    Jul 28, 2020
    Messages:
    23
    Likes Received:
    2
    Hi guys! I've been using Kontakt Portable for a while now downloaded from the sister site, and usually it does not show up on virustotal scans. However, with the 6.7.1 release, I have uploaded the Kontakt Portable Library Manager https://www.virustotal.com/gui/file/65e009d3f12ab48ed28d1d584ef2bb5fa8d8f1435a0f4d253fab54a67b017898. As you can see, the package appears clean. However, if you go to the Relations tab and scroll down to bundled files, you will find that within the Library Manager, there appears to be a .virus folder bundled in it that is called f41c0cbcd8ee430e00f9d91ea9545a7d.virus. Is this an actual virus that is well hidden within the exe file? Or is this some error on Virustotal's part? Thank you!
     
  2.  
  3. vstdeep

    vstdeep Kapellmeister

    Joined:
    Jan 17, 2018
    Messages:
    75
    Likes Received:
    47
    Good question...I hope we don't get the same old answer because why would it be in 6.7.1 and not 6.7.0. I noticed a lot of software lately has been triggering my virus scanner. I usually ignore these warnings from trusted sources but it still makes me feel a little on edge. Hopefully we get a logical response to your inquiry.
     
  4. Olymoon

    Olymoon MODERATOR Staff Member

    Joined:
    Jan 31, 2012
    Messages:
    5,813
    Likes Received:
    4,459
    If it's called something.virus, it's not "well hidden".

    You could do a backup copy of the all thing, and try to delete this folder, to see if it still works without it.
     
  5. Indivism

    Indivism Newbie

    Joined:
    Jul 28, 2020
    Messages:
    23
    Likes Received:
    2
    That is the thing, Since the Library manager is an exe file and not a folder, I unarchived the Library Manager.exe with 7Zip and could not find that .virus folder within the exe, which is why I am so confused. All that is there are a bunch of binary files and pngs for the GUI. I'm not sure if this .virus folder obfuscated or is created from the data inside those binary files.
     
    Last edited: Apr 12, 2022
  6. Indivism

    Indivism Newbie

    Joined:
    Jul 28, 2020
    Messages:
    23
    Likes Received:
    2
    Just to clarify. This is Kontakt Portable from vkDanilov. I'm also considering trying to send him a message on rutracker about this, so hopefully Google translate will be enough to get my message across.
     
  7. Genoveva Bernhard

    Genoveva Bernhard Producer

    Joined:
    Jan 31, 2022
    Messages:
    135
    Likes Received:
    124
    I don't know. Sometimes I take the results from VirusTotal with a grain of salt. In your example, only one vendor (SecureAge APEX) flagged it as malicious. That would be a false positive as it always seems SecureAge APEX, and a few lesser-known others, tag everything as malicious. I even tested this with legit files. Here are three examples from Chow - Matrix, BYOD and Tape Model, as well as Basic Synth by AudioDamage and DPiano-E by Dead Duck Software.
    https://www.virustotal.com/gui/file/79faf1d592c8ee6b755dd4663a78b5f71a9fc3802477f636b0c77125a89128e1
    https://www.virustotal.com/gui/file/323b6e81eca35fc49f7cadefd910a47d1b69c82918bae4f930f2b0555827dfe4
    https://www.virustotal.com/gui/file/3d7d9a40c75fb4f035d80326e8d46a58a07a246ccc5196a912ef4a9042da6687
    https://www.virustotal.com/gui/file/08841e8d34165f57596bb8aaf965e956c3be9b78af09dbd8efcb09bb01e94803
    https://www.virustotal.com/gui/file/08841e8d34165f57596bb8aaf965e956c3be9b78af09dbd8efcb09bb01e94803
     
  8. Indivism

    Indivism Newbie

    Joined:
    Jul 28, 2020
    Messages:
    23
    Likes Received:
    2
    That is true, and I do agree that the SecureAge APEX scan might just be a false positive, but I'm just not sure why in the relations section shown here https://www.virustotal.com/gui/file...b5fa8d8f1435a0f4d253fab54a67b017898/relations under the section Bundled Files, it lists a zip file called f41c0cbcd8ee430e00f9d91ea9545a7d.virus, which has 24/59 detections, including Kaspersky, which is one of the most reliable out there. The bundled files section is supposed to list all the bundled files that come with the exe, so that is why I am a bit concerned :(
     
  9. clone

    clone Audiosexual

    Joined:
    Feb 5, 2021
    Messages:
    5,946
    Likes Received:
    2,525
    Google SecureAge APEX. the first thing that shows up is about False Positives. Unlike vKdanilov, I have never heard much about them.

    When Google has this to say:

    Is SecureAge apex false positive?

    Unfortunately, some virus scanners are very prone to false positives, while other have poor customer support and repeatedly ignore requests to fix their false positive detections; for example ALYac, Antiy-AVL, CMC, Cylance, Jiangmin, NANO-Antivirus, SecureAge APEX, Rising and Zillya.

    That is not very good.
     
  10. Indivism

    Indivism Newbie

    Joined:
    Jul 28, 2020
    Messages:
    23
    Likes Received:
    2
    I do realize that the secureAge APEX is a false positive, but that does not explain how in the bundled files section of VirusTotal, which lists the files that are within the .exe, there is a .zip file that has over 24/59 detections including ones from Kaspersky and Malwarebytes that has the file extension .virus
     

    Attached Files:

  11. clone

    clone Audiosexual

    Joined:
    Feb 5, 2021
    Messages:
    5,946
    Likes Received:
    2,525
    I am not sure about "Relations" tab. But it is showing that file scanned "24/59" 28 days ago. When did you first see Kontakt 6.7.1 released? Looks like scene release 4/6. upawg is down for me at the moment.
     
  12. Indivism

    Indivism Newbie

    Joined:
    Jul 28, 2020
    Messages:
    23
    Likes Received:
    2
    I got it around April 6 on the same day from the sister site when the portable version first appeared there, which is why this is all so confusing haha. The other files in the bundled files list also have scan dates that go as far back as a year, so I'm assuming these files remain constant across all Kontakt Portable updates.
     
  13. clone

    clone Audiosexual

    Joined:
    Feb 5, 2021
    Messages:
    5,946
    Likes Received:
    2,525
    You see what I mean anyway. The file it is showing you as problematic is not even from the release, if all the dates are correct. is there some matching checksum or ....
     
  14. Indivism

    Indivism Newbie

    Joined:
    Jul 28, 2020
    Messages:
    23
    Likes Received:
    2
    For this release I am not sure, so I can't check if nothing has been tampered with. However, I did run a rescan on VirusTotal and that .virus zip file still shows up. I ran a full scan with Windows defender and others on my own computer however but zero viruses popped up, which is even more confusing.
     
  15. jarredou

    jarredou Producer

    Joined:
    Jan 25, 2017
    Messages:
    154
    Likes Received:
    93
    I've scanned another random file bundled in the library manager.exe and got this "relations" results https://www.virustotal.com/gui/file...0857a7c6d445f5e74847e98715f1a48bc9e/relations. Still a problematic ".virus" one, but from last september. The VT analysis from it show it was bundled in a library manager from this time. So, I think that there was a bad version of library manager that was in the wild then, but it's not the one from this last kontakt release. This could explain the false positive flag by SecureAge APEX, because of the filename, or something like that.
     
    Last edited: Apr 13, 2022
  16. Indivism

    Indivism Newbie

    Joined:
    Jul 28, 2020
    Messages:
    23
    Likes Received:
    2
    It could be, but that relation result refers to the parent library manager.exe that was already infested with viruses, whereas the one I linked is found in a supposedly "clean" exe straight from the sister site :( Additionally, the .virus folder I was referring to was first detected a couple of weeks ago on 2022-03-15.
     
  17. jarredou

    jarredou Producer

    Joined:
    Jan 25, 2017
    Messages:
    154
    Likes Received:
    93
    If you don't want to use that file, maybe you can try to replace it with a previous but 100% clean library manager. It had worked in the past, to replace it like this. It worth a try.
     
    • Like Like x 1
    • Agree Agree x 1
    • List
  18. DigitHandz

    DigitHandz Ultrasonic

    Joined:
    Jan 23, 2020
    Messages:
    51
    Likes Received:
    22
    Could try procmon on a VM and run the exe to see what all gets changed on the system.
     
  19. ironmother

    ironmother Ultrasonic

    Joined:
    Apr 27, 2021
    Messages:
    118
    Likes Received:
    26
    Location:
    Canada
    I am running into this problem now. I have grabbed kontakt - R2R's one - from the sister site but it keeps getting deleted by Windows Defender. When uploading the files to virus total, 16 security vendors and no sandboxes flagged this file as malicious. I have always respected Kaspersky's detection rate and they deem it clean. So far, I do tend to trust Kaspersky and I do tend to trust R2R. For what it is worth. You can use sandboxie if not 100% comfortable executing directly.
     
  20. pizzafresser

    pizzafresser Producer

    Joined:
    Jan 7, 2017
    Messages:
    297
    Likes Received:
    127
    All the Kontakt Portable releases come from the same person who has always been reliable. It's 99.9% a false positive.
     
Loading...
Loading...