Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5

Robodk.exe is ransomware? anyone else see this or know why?

#1
Probably a false positive, I know heuristic scanners can yield false results (but attackers also say their software is a false positive). Thought I'd throw this up here in case anyone else sees it too.

   

My RoboDk.exe is:

version: v5.5.1.22568 (2022-09-18)


SHA256: f484bb0cd42dd069de3af4106c862acc3cee1501bc53bd93680f755cbb47c62e

RoboDK seems reputable, I saw nothing wrong with the *.ini files it was complaining about.  Curiously, they did contain a large ByteArray. I'm not sure how this works, but maybe it saw some bytes it didn't like. I am not super familiar with this Acronis backup utility, especially as AV. Nothing looked out of place, though my malware analysis XP is lower than it used to be these days, and threats are more sophisticated and well-funded than ever.  We did find a RAT lurking on a mass storage device that was supposed to be empty and new in box (albeit it wasn't).
#2
Interesting. I am not sure why Acronis would flag these file, as we did not have issues with other AVs.
We do store files in %PROGRAMDATA%\RoboDK and %APPDATA%\RoboDK, and some of the .ini files do contain byte arrays in text format (mostly for your RoboDK settings).
Please read the Forum Guidelines before posting!
Find useful information about RoboDK by visiting our Online Documentation.
  




Users browsing this thread:
1 Guest(s)