VU Community Forums

Vu.exe positives at virustotal

see https://www.virustotal.com/gui/file/b8e64238ce612f0bc6f2032a2be1f9ffef529b3795382eded9da67de956c6b9f/detection

Kaspersky, Avast, AVG, ZoneAlarm by Check Point, Fortinet and Rising are detecting some Adware/Wajam in vu.exe

Thx for the info. now i can start op the game

These are false positives. We have submitted samples and the detections should be fixed within the next few days. Keep in mind however that some of the more obscure anti-virus vendors don’t accept false positive samples at all so they will keep incorrectly classifying VU as a virus.

If you do not feel comfortable running VU until AV definitions are updated and the false positives are gone that’s also completely understandable.

Thank you very much for submitting those samples. That is exactly what I’ve been hoping you were going to do. I am expecting those detections to be false positives - but you never know, right? I’ll be waiting and re-checking until the results at virustotal are a little greener.

I just got word from Avast and Kaspersky that the false positives are being removed, but it will probably take a day or two until definitions are updated.

2 Likes

@jahoomax Kaspersky has cleared the installer and vu-core.dll. Avast should also be updated shortly (their e-mail said 24h) and I’m still waiting for a reply from McAffee.

1 Like

@NoFaTe With Kaspersky Free on board I’ve never had any problems installing the vu, but i could not launch it what so ever.

The problem in my case not with installer vu.exe, but in vu.exe application itself located at LocalData/VeniceUnleashed/client. Antivirus, or possible windows 10 (1909) itself just marks it as a virus instantly after install renaming it to vu.com and not letting me do anything to the file, including uploading it to virustotal lol. And ofc, i cannot run it. I get messagebox saying “operation did not complete successfully because the file contains a virus” blocking me from performing any actions.

If you’d gave a link to virustotal scan of vu.exe app itself(not installer) it would be appreciated!

It will tell me its not kaspersky free to blame here.(on which i’ve tried disabling all kinds of features including switching it off)

vu.exe: https://www.virustotal.com/gui/file/1ddefc4a0d8d37e2cc50a335b0e4b3158044f27507ad9874e3bdecdfb5b29cd4/detection

vu.com: https://www.virustotal.com/gui/file/ca091ddc7c0fb59d8043a768d7453d41db65ea064eaa1cc5d0b458f0687a1234/detection

vu-core.dll: https://www.virustotal.com/gui/file/db9d317d97e62e3ac2843e561e7eea60b4628f0ef1fc5fee2a40a81e16e5bdcb/detection

None of these are detected by Kaspersky as malicious. The only one that was previously was vu-core.dll, which has since been fixed in the latest Kaspersky virus definitions.

Thank you. I’ll be investigating further.

I think i’ve fixed the stuff.
Problem was about Windows Defender.
Yes, it is supposed to delegate antivirus funcionality to Kaspersky Free, but for some reason, even when it’s disabled by registry and group policies, it still gives out message on vu.exe:
Event log, Microsoft/Windows Defender

What was done to work around the issue:
Local Group Policy editor > Computer configuration -> Windows Components > Windows Defender Antivirus, there:

I’ve also made changes to Defender Antivirus exclusions path, which is
Local Group Policy editor > Computer configuration -> Windows Components > Windows Defender Antivirus > Exclusions
But it seems to work even after i’ve reverted it.

PS the whole problem was seemingly because Windows Defender failed to update its databases because of Kaspersky antivirus, but still still provided real-time protection functionality. Well that’s weird.

Avast has finally fixed the false positives too. I haven’t heard back from McAffee but having reached out to them before in the past I don’t expect much, since they only seem to care about business customers.

1 Like