Virustotal detected something in Easy-installer

Hello Everybody

I run the easy-installer.exe trough Virus total, 1 of 68 detectors flagged the .exe as Malicious and pointet further to the included uninstall.exe

Easy installer for Windows (Samsung galaxy S9+)

Thank you for your reply

Regain your privacy! Adopt /e/ the unGoogled mobile OS and online servicesphone

1 of 68 sounds like a false positive.

It would be handy to exactly know the reason of this one engine to cause alert to make sure it’s a false positive.


Kind of strange, didn’t show here: VirusTotal

Probably a bug in the Anti-virus program :slight_smile: . The source code for easy installer is open and available:here. It doesn’t have a “virus”

Also, if the alerting VirusTotal check was from a file on your computer, the uninstall.exe may have been tempered on your computer :confused:

Hello Everybody

Thank you for your replies. I am not saying it contains a virus, its just to elaborate the (potential) false positive.

your report from 2022-12-18 on a921626e17c9db33af1962c8ff8685a7039bf48c3df48ddf9849795d23632764 has the one positive. By now on the same hash this isn’t reported anymore - so the heuristic / rules for the one product (which one btw?) changed to ignore what it deemed suspicious before.

Those IPs are Microsoft/Akamai, if pakets were sent from within uninstall.exe it is the Nullsoft Installer (for Window peeps) that does/did telemetry probably - would need the old link. It has a history of running into this - NSIS False Positives - NSIS

Scrolling through NSIS I guess it contacts some Microsoft on uninstall. Would be interesting what it does, but it’s not the easy-installer itself it trips/tripped on, but the Windows Installer.

Could be as simple as the analyzer following a-href anchors (a web browser) on the UI elements / help texts.

1 Like


Thank you for your reply. I will look into that.