Trojan:Win32/Werpoapt.certms (False Alarm?)

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
elecman
Posts: 3
Joined: Mon Dec 04, 2017 3:08 pm

Trojan:Win32/Werpoapt.certms (False Alarm?)

Post by elecman » Mon Dec 04, 2017 3:11 pm

https://www.microsoft.com/en-us/wdsi/th ... certms!dha

In recently Windows Defender update, it reported softether client 4.xx has malware, is that really? or some false alarm?

fenice
Posts: 144
Joined: Sun Jul 19, 2015 4:23 pm

Re: Trojan:Win32/Werpoapt.certms (False Alarm?)

Post by fenice » Mon Dec 04, 2017 3:19 pm

elecman wrote:
>
> https://www.microsoft.com/en-us/wdsi/th ... certms!dha
>
> In recently Windows Defender update, it reported softether client 4.xx has
> malware, is that really? or some false alarm?

No, it doesn't contain any malware but that might depend on where you downloaded it from. If it was the official SeftEther web site then it's OK as far as my scanner is concerned.
Regards


Bill

elecman
Posts: 3
Joined: Mon Dec 04, 2017 3:08 pm

Re: Trojan:Win32/Werpoapt.certms (False Alarm?)

Post by elecman » Mon Dec 04, 2017 3:27 pm

@Bill please try it on Windows 10 / 8 latest windows defender, 12/4/2017 definition, my Softether dll get removed by windows defender today on multiple machines.

Yesterday is fine.

My download is from softether original site. I save that multiple copy for a few years,

Either Microsoft is wrong or there is something recently discovered.

elecman
Posts: 3
Joined: Mon Dec 04, 2017 3:08 pm

Re: Trojan:Win32/Werpoapt.certms (False Alarm?)

Post by elecman » Mon Dec 04, 2017 3:29 pm

[attachment=0]a.png[/attachment]elecman wrote:
> @Bill please try it on Windows 10 / 8 latest windows defender, 12/4/2017
> definition, my Softether dll get removed by windows defender today on
> multiple machines.
>
> Yesterday is fine.
>
> My download is from softether original site. I save that multiple copy for
> a few years,
>
> Either Microsoft is wrong or there is something recently discovered.
You do not have the required permissions to view the files attached to this post.

fenice
Posts: 144
Joined: Sun Jul 19, 2015 4:23 pm

Re: Trojan:Win32/Werpoapt.certms (False Alarm?)

Post by fenice » Mon Dec 04, 2017 4:58 pm

Unfortunately I don't use windows (I have a copy of Win10 Pro & Enterprise) except for a couple of specific apps, I've also disabled Windows Defender. I've scanned my system with the Comodo A/V & eset A/V software, no threats were found, I also couldn't find any filename similar to the one you show in attachment.
Regards


Bill

gnpnfld
Posts: 1
Joined: Sun Mar 03, 2019 1:19 pm

Re: Trojan:Win32/Werpoapt.certms (False Alarm?)

Post by gnpnfld » Mon Mar 04, 2019 8:23 am

I also have same situation.
Windows 10 Pro, Use "softether-vpnclient-v4.22-9634-beta-2016.11.27-windows-x86_x64-intel.exe"
Alart dialog shown about PenCore.dll missing, then that shown continuously.
So difficult to operate PC.
IMG_3270_s_640_e.jpg
That resolved delete and Re-install SoftEther VPN Cliant.
softether-vpnclient-v4.29-9680-rtm-2019.02.28-windows-x86_x64-intel.exe
You do not have the required permissions to view the files attached to this post.

fenice
Posts: 144
Joined: Sun Jul 19, 2015 4:23 pm

Re: Trojan:Win32/Werpoapt.certms (False Alarm?)

Post by fenice » Mon Mar 04, 2019 10:26 am

gnpnfld wrote:
Mon Mar 04, 2019 8:23 am
I also have same situation.
You don't have the same problem as mentioned in this thread. It seems you're saying you've resolved your issue, is that correct? In future, don't add your posts to a thread that's not related to your problem.
Regards


Bill

Lloyd Dunamis
Posts: 1
Joined: Fri Mar 08, 2019 5:00 am

Re: Trojan:Win32/Werpoapt.certms (False Alarm?)

Post by Lloyd Dunamis » Fri Mar 08, 2019 5:53 am

gnpnfld's problem *is* related/the same though; maybe just didn't have enough info provided...unless it's because it was resolved using a newer installation of SoftEther + VPNGate plugin.

I get the same prompt of "|PenCore.dll not found", with the path of the detected file being "%temp%\VPN_<4_random_chara>\" the same as elecman's screenshot.
This is whenever I start an already installed SoftEther (v4.19 Build 9605).
File's hash and VT result: https://www.virustotal.com/gui/file/af9 ... /detection

To think that this detection has re-emerged recently, or has always been here... Last post before gnpnfld was posted Dec 2017.

Anyway, so this is a false alarm then? So it might've been just an old file, if it is resolved by the newer/latest versions of SoftEther or with VPNGate plugin.
You do not have the required permissions to view the files attached to this post.

Post Reply