You may have another problem
130 views
Skip to first unread message
DonB
Jul 4, 2018, 11:00:49 AM7/4/18
to Klink
Kevin,
The other night I downloaded Faveset_Klink_Installer_1.12.exe using the link in the phone app. I'm not sure where this file actually came from but It has a trojan. Since I was chasing the connectivity issues and looking for imaginary firewall problems, I had all of my Norton turned off when I moved it from the phone to the computer and installed it. Dumb stunt. When Norton did a scan this morning it was found.
Category: Resolved Security Risks
Date & Time,Risk,Activity,Status,Recommended Action,Path - Filename
7/4/2018 6:32:33 AM,High,kclientgui.exe (Trojan.Gen.8!cloud) detected by Virus scanner and Auto-Protect,Quarantined,Resolved - No Action Required,c:\program files (x86)\faveset klink\kclientgui.exe
I checked it again by moving the installer file from my phone and Norton nuked it immediately.
Category: Resolved Security Risks
Date & Time,Risk,Activity,Status,Recommended Action
7/4/2018 8:04:07 AM,High,faveset_klink_installer_1.12.exe (Trojan.Gen.8!cloud) detected by Auto-Protect,Blocked,Resolved - No Action Required
Virus info
https://www.symantec.com/security-center/writeup/2016-121208-2853-99?ssdcat=118&vid=55865&product=Norton+Security&version=22.14.2.13&plang=sym%3aEN&layouttype=Retail&buildname=Retail&heartbeatID=54458BD1-9AB9-4D0E-A486-43C286F9D714&eapenabled=false&env=prod&vendorid=1000&plid=763&plgid=30&skup=21351435&skum=21376863&skuf=21352082&endpointid=54458BD1-9AB9-4D0E-A486-43C286F9D714&partnerid=1000&lic_type=2&lic_attr=16928786&psn=GVFDG72MBB8F&puid=5039&templatecat=SBU_W_1000_5039_NS_Retail_2&schemacat=SBU_W&schemaver=1.0.0.0&olpchannel=RETAIL&osvers=10.0&oslocale=iso%3aUSA&oslang=iso%3aENG&os=windows
After that I downloaded this file from your website. It's clean, installed perfectly and works just fine.
I still have the dirty file on my phone. I suppose I can email it to you if you want to have a look.
Don
The other night I downloaded Faveset_Klink_Installer_1.12.exe using the link in the phone app. I'm not sure where this file actually came from but It has a trojan. Since I was chasing the connectivity issues and looking for imaginary firewall problems, I had all of my Norton turned off when I moved it from the phone to the computer and installed it. Dumb stunt. When Norton did a scan this morning it was found.
Category: Resolved Security Risks
Date & Time,Risk,Activity,Status,Recommended Action,Path - Filename
7/4/2018 6:32:33 AM,High,kclientgui.exe (Trojan.Gen.8!cloud) detected by Virus scanner and Auto-Protect,Quarantined,Resolved - No Action Required,c:\program files (x86)\faveset klink\kclientgui.exe
I checked it again by moving the installer file from my phone and Norton nuked it immediately.
Category: Resolved Security Risks
Date & Time,Risk,Activity,Status,Recommended Action
7/4/2018 8:04:07 AM,High,faveset_klink_installer_1.12.exe (Trojan.Gen.8!cloud) detected by Auto-Protect,Blocked,Resolved - No Action Required
Virus info
https://www.symantec.com/security-center/writeup/2016-121208-2853-99?ssdcat=118&vid=55865&product=Norton+Security&version=22.14.2.13&plang=sym%3aEN&layouttype=Retail&buildname=Retail&heartbeatID=54458BD1-9AB9-4D0E-A486-43C286F9D714&eapenabled=false&env=prod&vendorid=1000&plid=763&plgid=30&skup=21351435&skum=21376863&skuf=21352082&endpointid=54458BD1-9AB9-4D0E-A486-43C286F9D714&partnerid=1000&lic_type=2&lic_attr=16928786&psn=GVFDG72MBB8F&puid=5039&templatecat=SBU_W_1000_5039_NS_Retail_2&schemacat=SBU_W&schemaver=1.0.0.0&olpchannel=RETAIL&osvers=10.0&oslocale=iso%3aUSA&oslang=iso%3aENG&os=windows
After that I downloaded this file from your website. It's clean, installed perfectly and works just fine.
- Download (4.9MB) - Klink v1.11d for Windows XP/Vista/7/8
Faveset_Klink_Installer_1.11d.exe
SHA-1:5881fbb4ef6b25855f4ee76c03470f38f33c89b1
I still have the dirty file on my phone. I suppose I can email it to you if you want to have a look.
Don
Kevin Ko
Jul 4, 2018, 11:45:56 AM7/4/18
to favese...@googlegroups.com
Thanks for the report, Don.
I checked the hashes on the hosted installer for 1.12 (http://klink.faveset.com/klink), and it matches what I built. Moreover, the installer should be code-signed and say something about the publisher of the file being Faveset.
Now that you bring this up, I recall submitting an earlier version of the installer to Symantec for further evaluation because of a false positive. It sounds like this is the same issue, and I completely forgot to submit the 1.12 build to Symantec when I released it way back when.
In any case, I've submitted the 1.12 installer to Symantec for further examination, which should clear up the false positive in the near future.
Kevin
--
You received this message because you are subscribed to the Google Groups "Klink" group.
To unsubscribe from this group and stop receiving emails from it, send an email to faveset-klink+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
DonB
Jul 4, 2018, 11:01:55 PM7/4/18
to Klink
Hi Kevin,
I'm glad you can verify it as good. I was thinking it came from google and I don't consider google trustworthy. I submitted kclientgui.exe and the installer this morning so hopefully Norton will have plenty to look at. I'll try it again in a few days to see what happens.
Don
Reply all
Reply to author
Forward
0 new messages