Recently installed Bitdefender antivirus and came across this:
https://www.virustotal.com/file/eab4db55eaa65350c177e7a1217fa9f40042ab466c01b0aa88cef7f47a1f599a/analysis/1343710991/
Located:
C:\Program Files\Rainmeter\Defaults\Addons\DisplayAdapter/DisplayAdapter.exe
Presume this is harmless and seen as malware because of the way it is packed.
Comments welcomed
It is currently September 29th, 2024, 11:18 pm
Malware False Positive ?
-
- Posts: 163
- Joined: July 12th, 2009, 4:05 pm
- Location: The Island
Re: Malware False Positive ?
wouldn't be so sure about that.
where did you get this file from?
i do not have this in my Rainmeter folder, so it looks kinda suspicious.
just because it might have come packed as a rmskin does not necessarily mean it's save. Rainmeter itself (as basically everything that allows scripting) can be abused very easily, does not even need an addon for causing mayhem on your system.
where did you get this file from?
i do not have this in my Rainmeter folder, so it looks kinda suspicious.
just because it might have come packed as a rmskin does not necessarily mean it's save. Rainmeter itself (as basically everything that allows scripting) can be abused very easily, does not even need an addon for causing mayhem on your system.
-
- Posts: 163
- Joined: July 12th, 2009, 4:05 pm
- Location: The Island
Re: Malware False Positive ?
Thanks reply Alex,
I cannot recall where this came from.
Until anyone can clarify this is essential I'll keep this in quarantine.
Prior to bitdefender i was using AVG and this never reported anything suspect in the addons folder.
I cannot recall where this came from.
Until anyone can clarify this is essential I'll keep this in quarantine.
Prior to bitdefender i was using AVG and this never reported anything suspect in the addons folder.
-
- Developer
- Posts: 1721
- Joined: July 25th, 2009, 4:47 am
Re: Malware False Positive ?
"DisplayAdapter" is not a standard component of Rainmeter, and is certainly not essential to any skins except whichever one it came with.
Rainmeter addons that are made using platforms such as Autohotkey or AutoIt very often show up with false positives on malware scans, especially if they are compiled using UPX compression. Even without UPX, I still can't get my own addons (ones I've written and compiled myself) not to register as a "Trojan" or "Artemis" on at least 3-4 of the scans on VirusTotal. It's just something about the heuristics that they use to identify potential malware. So it's likely that this addon is equally safe. When Rainmeter skins come with malware, it tends to be the .ZIP or .RMSKIN file itself that is infected, not the files inside.
That said, Rainmeter does not check a skin's files for malware before it creates the package, so if you can't trace "DisplayAdapter" back to a trustworthy source, and it doesn't seem to have a useful purpose for any of your skins, I would delete the file.
EDIT: Looks like this might be where it came from. :)
Rainmeter addons that are made using platforms such as Autohotkey or AutoIt very often show up with false positives on malware scans, especially if they are compiled using UPX compression. Even without UPX, I still can't get my own addons (ones I've written and compiled myself) not to register as a "Trojan" or "Artemis" on at least 3-4 of the scans on VirusTotal. It's just something about the heuristics that they use to identify potential malware. So it's likely that this addon is equally safe. When Rainmeter skins come with malware, it tends to be the .ZIP or .RMSKIN file itself that is infected, not the files inside.
That said, Rainmeter does not check a skin's files for malware before it creates the package, so if you can't trace "DisplayAdapter" back to a trustworthy source, and it doesn't seem to have a useful purpose for any of your skins, I would delete the file.
EDIT: Looks like this might be where it came from. :)
-
- Posts: 163
- Joined: July 12th, 2009, 4:05 pm
- Location: The Island
Re: Malware False Positive ?
Thanks
I don't recall that .exe at all.
I've deleted the folder as it's certainly not something i need installed.
I don't recall that .exe at all.
I've deleted the folder as it's certainly not something i need installed.