novedia_ag
Posts: 1
Joined: Thu Sep 09, 2021 2:06 pm

Advanced Installer update - Viewer.exe Virus

Thu Sep 09, 2021 4:20 pm

hi,

I have updated to the Version 18.6.1 via advanced installers (client) integrated update mechanism and now my virus scanner found a virus file. The file path is c:\Program Files (x86)\Caphyon\Advanced Installer 18.6.1\bin\advinst.iso. It is a relatively small ISO file with 6,78 MB size, so I wonder what purpose it has. In this archive is a viewer.exe which my Scanner doesn’t like.

Date: 9/8/2021 9:10:51 PM
Reported by: Scanner
Status: Virus found
File: C:\Program Files (x86)\Caphyon\Advanced Installer 18.6.1\bin\advinst.iso
Infection: Trojan.GenericKD.46896504 (Engine A)

Date: 9/8/2021 9:10:51 PM
Reported by: Scanner
Status: Virus found (archived in C:\Program Files (x86)\Caphyon\Advanced Installer 18.6.1\bin\advinst.iso)
File: viewer.exe
Infection: Trojan.GenericKD.46896504

The Scanner hasn't found a threat anywhere else and the program works with Version 18.6.1. I found two other viewer exe:
  • C:\Program Files (x86)\Caphyon\Advanced Installer 18.6.1\custact\x86\viewer.exe
  • C:\Program Files (x86)\Caphyon\Advanced Installer 18.6.1\custact\x64\viewer.exe
But the scanner did not report them.

GData/Bitdefender identified it as Trojan.GenericKD.46896504. I checked with virus total and some no name virus scanner have the same issue, but Kaspersky and other well-known do not.
https://www.virustotal.com/gui/file/e6b ... /detection.

Is this a false positive or a real virus, what is the purpose of the viewer.exe and the ISO File?

Thank you in advance

Daniel
Posts: 8237
Joined: Mon Apr 02, 2012 1:11 pm
Contact:  Website

Re: Advanced Installer update - Viewer.exe Virus

Fri Sep 10, 2021 7:59 am

Hi and welcome to our forums,

The advinst.iso file is an image file we mount on virtual machine clients (to install dependencies for our Repackager tool) when you need to repackaging operations in virtual machines.

I have tested and replicated the detection. I can assure you this is a false positive detection. I will submit a false positive report and hopefully the related AV vendors will remove it soon.

Thank you for bringing it to our attention.

All the best,
Daniel
Daniel Radu - Advanced Installer Team
Follow us: Twitter - Facebook - YouTube

Return to “Common Problems”