Virus Total positive result. Any idea?

Hi Guys,

I downloaded latest Sketchup 2020 offline installer from Trimble and gave out two positives from Virus Total. It was detected as a Trojan downloader. Any idea? Thanks!

https://www.virustotal.com/gui/file/e16264f9ec3fe538de7ec86c893b69fea295421bc2f89a706b00b8561b3812d8/detection

Personally I won’t be clicking any links like that from a new user.

1 Like

lmao. Check it out, it’s a virustotal link. Clean as a whistle. Chill. I’m looking for validation of the virustotal result, so chill bro.And I was a member in the early days of Sketchup, but my account was deactivated due to inactivity. So if you don’t have an answer, just skip this and don’t bother. Would like to hear it out from those with legitimate answers.

https://albumizr.com/ia/868889fda9271529ea853ec4ef90d21f.jpg https://albumizr.com/ia/548235e8d758b93b7dec6cb715518008.jpg

Turn off Virus Total and scan installer file with Windows Defender…?

1 Like

Hi Paul. No, there is no virustotal in Windows 10. It’s a Google website for submitting files to check if it’s infected with malware or not. I was just surprised that VirusTotal website flagged Sketchup 2020 and posted three positive hits from three different antivirus vendors. This should not be the case. I’m actually looking if Trimble or anyone can verify if these are just false positives.

If you’re checking my desktop security, my virus checkers are Avast, MBAM, and Defender. Thanks for the reply by the way. :+1:

Did you download from the right place? The SketchUp.com download page doesn’t have separate “offline” and “online” installer packages.

3 Likes

You should be using ONE virus program not multiple. windows Defender does a fine job besides it is free.

2 Likes

Hi Anssi. The one I got is from Trimble. https://www.sketchup.com/offline-download. It’s their offline downloader. And yes, it got positives from Virustotal.

Hi RLGL. I have my reasons for using multiple. Nevertheless, it’s besides the point since Virustotal is a website that checks against malwares and viruses, and my desktop is not related to the positives.

Thanks for the advice though. :+1:

I don’t work for Trimble, but I’m 99.9999999999999999999999999999999999999999% confident that there is no virus, nor has been, in any official SketchUp installer. I’d go so far as to say this is true of any installer that’s ever existed for SketchUp, and for any installer that ever will exist in the future, forever.

1 Like

Hi monospaced. Just like you, I’m pretty certain that Sketchup installers should be pretty clean. From experience even when it was still under Google, all downloads versions were really clean. The positive result was a surprise but I guess Trimble may need to look at it as the Virustotal results may or may not be a false positive. Hopefully, they check this post out.

I’m MORE than 99.99999999999999999999999999999999999999999999999% positive it’s 100% false positive. I don’t work for Trimble, but I can’t imagine in any conceivable universe where SketchUp would ship as a virus.

false positive, probably heuristics.

You can typically report wrong positives at the makers website.

I hope your imagination holds up in the future! There have been clever and devious criminals who have distributed modified software development environments (tools called Integrated Development Environments or IDEs, which combine code editors, compilers, linkers, debuggers etc. into a unified package). Those IDEs were deliberately modified such that when they were used to build a software application, the IDE would silently inject malware into the resulting application. Many copies of the modified IDE were downloaded and used to build real production applications, which were then distributed to users from “trusted” sources.

We all need to be ever vigilant against computer criminals.

Regarding the Virus Total results with a SketchUp installer image, hopefully this will turn out to be a false-positive and that Virus Total can be enhanced to avoid such false-positive results. But it is worth checking! Ignore the positive results at our peril.

2 Likes

Remember that these sites rely on the person reporting them to verify if they are false or true. The programs I have run in the past always asked if this was an authorized event.

I found a website that is telling me my very tasty looking banana may or may not be kiwi fruit.

3 Likes

Finally, an answer with security as a focus. Thanks TDahl. :metal:

Could not agree more. Yes, hopefully Trimble looks into it as there were three positives. If it was only one I would have likely ignored it. But I remember what happened to CCleaner when the server it was hosted on had the downloaders replaced by hackers. Here’s to hoping that Sketchup only got a false positive. :+1:

zero positives for the DL link of the offline installer from the webpage linked above:

https://www.virustotal.com/gui/url/59f1febd93a5df0546e9eb596e540987439f341be533f49ac0dddc5636f5945b/detection

2 Likes

Hi SketchUp3D_de. The link result you provided scanned the URL or link and not the file or downloader. Try to download the offline installer from Trimble then upload it and you’ll get the positive hits. This is the difference in our result links, showing that you scanned the URL and not the file. Thanks for checking though. :+1:

https://www.virustotal.com/gui/file/e16264f9ec3fe538de7ec86c893b69fea295421bc2f89a706b00b8561b3812d8/detection - scanned File.

https://www.virustotal.com/gui/url/59f1febd93a5df0546e9eb596e540987439f341be533f49ac0dddc5636f5945b/detection - scanned URL

Take note that they have three different scanners. For Files, for URLs and for domain check (Search)


http://zillya.org/en/support.html