Same I’m using Emsisoft which is using Bitdefender’s and it’s own engine. Here a virus total link if you want to see the results: https://www.virustotal.com/#/file/5774dde799c3642895357ad2821de90387813ab59263fe0736888b6e898de017/detection
I’m gonna do a little breakdown: Before you will read this, I have nothing against WeMod I personally love them, I just got scared suspicious when the new update came out, so I’m here trying to help the staff with a breakdown and some screenshots. Please excuse my english and spelling mistakes, I’m Hungarian. And by no means I’m a ‘professional malware detective’ or smthng.
I’ve tested the file on a virtual machine and found nothing malicious after the installation. I’ve been using this software for like 7 months now and never had any “virus” problems with it except for this one, the new update.
I’m kinda paranoid of viruses, 2 years ago I got a bad adware on my old pc and eversince I’ve been trying to be really careful with any file I get from the internet. Again, I trust you guys but I will wait till this is fixed I think.
I will try to help and provide you some screenshots of the detections because it detects multiple files as malicious (all of these screenshots are captured on a new VA I created to test the file, so excuse if it has Microsoft Edge on it hahaha):
So first one, the file can not be downloaded, Microsoft flags it as a virus.
When I execute the file i get this: (The red says ‘Suspicious activity has been detected and moved to quarantine’)
Then I would add it to exclusions:
When it’s on my desktop again, I run it then this happens: (It says suspicious activity detected and stopped, [on the bottom-right it says ‘Wait, this might be safe’ and then I click on that])
Then when the setup succeeds, the real-time protection notifies me about a potential threat that has been doing stuff in the background.
This is a notification about a file being changed (basically this system is for ransomwares and notifies you about any file changes, this doesn’t mean it’s harmul that the changes are harmful, it’s just a notification, if it’s harmful the whole tab would be red instead of yellow…)
Then I would click on ‘Update Rule’ and that’s all, the program runs great after that but let’s not forget about the aftermath, so here’s the scans of the aftermath:
First scan with Emsisoft (keep in mind I took the file out from the exclusions in order for the scan detect everything related to this file)
It detected only the installer.
Second Scan, with HitmanPro. This is where things are started to get weird and my heart started beating a little. (I tested the file before at 3pm, it’s 9pm now [the time that this post is getting created] and the tracking cookie wasn’t there 6 hours ago so that’s weird.])
The setup that Edge flagged as a virus (this is just the cache of Edge) :
Detection (Hitman Pro uses a selection of other AV’s signature, BitDefender as it’s main if it’s possible):
Moving on to the installer that is directly on the computer:
Detection names and Scoring are the same.
For some reason I can’t open more info on the tracking cookie.
Again, only detected the installer.
Last but not least, when uninstalling (just a notification):
This window pops up once and when I press Update Rule it pops up again, then if I click it again, it will disappear.
That’s all, I don’t have the time for a manual malware ‘scan’
I hope you understand this situation, and I created this post to maybe help some staff members.
I love WeMod and I will keep using it, but first I want to see these detections fixed (These days I don’t trust anything, so that’s why I’m this ‘careful’ or stupid as people would see.)
Full list of the screenshots: https://imgur.com/a/w1oG0nM
End note: I love you and don’t ban me please