#I found malware..

So i recently got a trojan alert from WeMod and i started to wonder.. i opened a program to scan for any files and founda file called: WeMod-9.21.0.nupkg located: C:\Users\YourPcName\AppData\Local\WeMod\packages where it came back positive with: Malware-Cryptor.MSIL.AgentTesla.Heur and i wondered if this is legit a threat or just a fake one. could anyone else maybe try scan the file to see what you get, i dont want answers from the WeMod Team saying its safe cuse they are with the program and i dont trust them at the moment.

Ive scanned thru windows defender. virus total. and malwarebytes and got nothing.

so its a fake one.

hm cuse im using VirusTotal

did u scan the specific file?

Here's the Scan Code thingy u put in the search bar for it

d50fa8fd2e6b4b1815ec06b48f183943b4cd27ebf3029e3abcbd873704f3eba3

ive scanned the whole folder. nothing.

ok..

This would be the SHA-256 value 😉
also with VT just showing VBA32 engine detecting the "malware" and none of the big dogs detecting it (Crowdstrike, Microsoft, AVG, Symantex, Sophos) I would assume its a false positive. I used VT for work and unless I see 3 or more its typically a false positive in how that threat engine is doing its detections. Just my opinion though

Omega is correct, this is a false positive and nothing to worry about. First thing to notice is that one 1 out of all those companies flagged it. Wemod is a legitimate business based out of the USA and it would be a horrible business practice to put any sort of malicious stuff on a customers computer 🙂

they also dont need to put malicious software on peoples pc because they get alot of support via pro members ;)

If you run into anymore issues with the app please make sure to exclude it, you can follow these steps to help with any potential problems

If you’re experiencing issues with WeMod, your antivirus software might be interfering. To resolve this, try whitelisting or adding exceptions for the following folders:
- C:\Users\%USERNAME%\AppData\Local\WeMod

• C:\Users\%USERNAME%\AppData\Roaming\WeMod

but also just in general any software that injects some form of code into video games or appilcations will always have 1 or more flags via virustotal either to the way they encrypt their code or other stuff.

@surreal flower I scanned it with Hitman pro, Microsoft defender, Malwarebytes pro and Norton and nothing was found... I will not say that I am a professionell but I know the scene very well and I don´t think that it is malware either and it is possible that VBA32 detected it wrong after an update and also if nothing found by kaspersky, Malwarebytes, Total AV, Bitdefender and Norton I wouldn´t worry to much

@surreal flower And also everything that put´s code in a application is basically malware but not in a bad way