Welcome, Guest.
Username: Password: Remember me

TOPIC: [SOLVED] installer keeps reappearing in downloads

[SOLVED] installer keeps reappearing in downloads 2 months 2 weeks ago #1

context: I have two anti-virus programs om my computer: a Norton subscription and a trial version of Malwarebytes (no active protection anymore). Before I downloaded the Reshade installer, I made sure to make a restore point in case anything went wrong.

problem: I downloaded an installer of Reshade on the official website (reshade.me) to use LumaSharpen for my Final Fantasy XV playthrough. Norton detected it as a heuristic virus (and during a later scan as a Trojan) and deleted in automatically.

My Norton history showed that I tried to download the installer 5 seperate times. When Norton detected a heuristic virus (first, second and fourth download), it was automatically deleted.When Norton detected Trojan.Gen.6 (third download), it quarantined the file and presumably deleted it afterwards.

On the official Reshade forums, a user by the name of Marty McFly explained that this was a false negative which is triggered by heuristic analysis of Reshade:

“One should probably mention that there is no heuristic virus. When Norton talks about this, ReShade triggered its heuristic analysis which means that it didn't find any actual malware code or known virus signature, it just found that ReShade's behaviour fulfills some criteria for viruses, such as hooking into applications etc.” – Marty McFly

Norton scan results: imgur.com/a/MEGrKmb forum post: reshade.me/forum/general-discussion/1910...ng-to-download-virus

After reading the forum post, I tried to download the Reshade installer again, this time allowing the installer to be fully downloaded by pressing the allow button at the bottom of the Norton pop-up window. I had a bad feeling about the whole situation, so I decided to not install Reshade and deleted the installer in from my downloads folder. After that, I emptied me Recycle bin.

At first, I thought everything was fine, but over the last couple days the installer has kept reappearing in my downloads folder. Since then, I have scanned the file numerous times with both Norton and Malwarebytes Free and have looked through the Norton settings to delete it from the “Excluded List”, both with no success. It keeps reappearing.

Norton pop-up + translation: imgur.com/a/8Les0bP

Is there any way I can fix this problem without using a restore point?

Thanks in advance!
Last Edit: 1 month 4 weeks ago by EekieHD. Reason: problem solved, updated title
The administrator has disabled public write access.
The following user(s) said Thank You: brazzjazz

installer keeps reappearing in downloads folder 2 months 2 days ago #2

What is your concern? That ReShade might not be safe software or that you can't get rid of the installer? ReShade is a fine piece of software, I wouldn't worry about that, neither would I about an installer file in your Downloads folder. As long as you've downloaded ReShade from the official source (reshade.me), everything should be fine. Except maybe some unwanted measures that Norton Antivirus decides to take on said file. In the future, I would upload new tools you want to use to virustotal.com, which gives you a very good overview on what to think of a certain file, giving you the verdict of 50+ virus scanners as well as community opinions.
Xeon E3-1231 v3, MSI GTX 970 @1446/3903 MHz, 16 GB DDR3-1600
The administrator has disabled public write access.
The following user(s) said Thank You: EekieHD

installer keeps reappearing in downloads folder 1 month 4 weeks ago #3

Thank you for replying to my question, but luckily the issue seems to have fixed itself, although I still don’t know what caused it in the first place. After a week or so of deleting the installer when I saw it in downloads folder, it just stopped reappearing.

What was my concern? I was concerned because Norton detected the installer as a Trojan.Gen.6. Furthermore, after repeatedly deleting it, It kept reappearing in my downloads folder with no logical reason.

Also, I did upload the file to virustotal several times whilst waiting for responses from Reddit and the Reshade forums and knew Norton could react weirdly when it comes to downloading programs like Reshade. I just wanted to see if someone had had a similar experience.

virustotal link: www.virustotal.com/#/file/03bf7a4cc4245f...f714dae498/detection
The administrator has disabled public write access.